diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-24 08:02:49 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-09-24 08:02:49 -0400 |
commit | a1e3d76d3fb549c56e6d49713a46e358bf935a8b (patch) | |
tree | 85a625ed2edfc872ce8e5b49422ce6d724df01f8 /src | |
parent | fixed make deb (diff) | |
parent | update man (diff) | |
download | firejail-a1e3d76d3fb549c56e6d49713a46e358bf935a8b.tar.gz firejail-a1e3d76d3fb549c56e6d49713a46e358bf935a8b.tar.zst firejail-a1e3d76d3fb549c56e6d49713a46e358bf935a8b.zip |
Merge pull request #805 from manevich/join-or-start
join-or-start option
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 35 | ||||
-rw-r--r-- | src/firejail/profile.c | 24 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 6 | ||||
-rw-r--r-- | src/man/firejail.txt | 7 |
4 files changed, 72 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 3afecbe62..03ffab788 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -634,6 +634,30 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
634 | exit(0); | 634 | exit(0); |
635 | 635 | ||
636 | } | 636 | } |
637 | else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { | ||
638 | // NOTE: this is first part of option handler, | ||
639 | // sandbox name is set in other part | ||
640 | logargs(argc, argv); | ||
641 | |||
642 | if (arg_shell_none) { | ||
643 | if (argc <= (i+1)) { | ||
644 | fprintf(stderr, "Error: --shell=none set, but no command specified\n"); | ||
645 | exit(1); | ||
646 | } | ||
647 | cfg.original_program_index = i + 1; | ||
648 | } | ||
649 | |||
650 | // try to join by name only | ||
651 | pid_t pid; | ||
652 | if (!name2pid(argv[i] + 16, &pid)) { | ||
653 | if (!cfg.shell && !arg_shell_none) | ||
654 | cfg.shell = guess_shell(); | ||
655 | |||
656 | join(pid, argc, argv, i + 1); | ||
657 | exit(0); | ||
658 | } | ||
659 | // if there no such sandbox continue argument processing | ||
660 | } | ||
637 | #ifdef HAVE_NETWORK | 661 | #ifdef HAVE_NETWORK |
638 | else if (strncmp(argv[i], "--join-network=", 15) == 0) { | 662 | else if (strncmp(argv[i], "--join-network=", 15) == 0) { |
639 | if (checkcfg(CFG_NETWORK)) { | 663 | if (checkcfg(CFG_NETWORK)) { |
@@ -2157,6 +2181,17 @@ int main(int argc, char **argv) { | |||
2157 | else if (strcmp(argv[i], "--x11=block") == 0) { | 2181 | else if (strcmp(argv[i], "--x11=block") == 0) { |
2158 | arg_x11_block = 1; | 2182 | arg_x11_block = 1; |
2159 | } | 2183 | } |
2184 | else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { | ||
2185 | // NOTE: this is second part of option handler, | ||
2186 | // atempt to find and join sandbox is done in other one | ||
2187 | |||
2188 | // set sandbox name and start normally | ||
2189 | cfg.name = argv[i] + 16; | ||
2190 | if (strlen(cfg.name) == 0) { | ||
2191 | fprintf(stderr, "Error: please provide a name for sandbox\n"); | ||
2192 | return 1; | ||
2193 | } | ||
2194 | } | ||
2160 | else if (strcmp(argv[i], "--") == 0) { | 2195 | else if (strcmp(argv[i], "--") == 0) { |
2161 | // double dash - positional params to follow | 2196 | // double dash - positional params to follow |
2162 | arg_doubledash = 1; | 2197 | arg_doubledash = 1; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 00301037f..73b655379 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -803,6 +803,30 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
803 | return 0; | 803 | return 0; |
804 | } | 804 | } |
805 | 805 | ||
806 | if (strncmp(ptr, "join-or-start ", 14) == 0) { | ||
807 | // try to join by name only | ||
808 | pid_t pid; | ||
809 | if (!name2pid(ptr + 14, &pid)) { | ||
810 | if (!cfg.shell && !arg_shell_none) | ||
811 | cfg.shell = guess_shell(); | ||
812 | |||
813 | // find first non-option arg | ||
814 | int i; | ||
815 | for (i = 1; i < cfg.original_argc && strncmp(cfg.original_argv[i], "--", 2) != 0; i++); | ||
816 | |||
817 | join(pid, cfg.original_argc,cfg.original_argv, i + 1); | ||
818 | exit(0); | ||
819 | } | ||
820 | |||
821 | // set sandbox name and start normally | ||
822 | cfg.name = ptr + 14; | ||
823 | if (strlen(cfg.name) == 0) { | ||
824 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
825 | exit(1); | ||
826 | } | ||
827 | return 0; | ||
828 | } | ||
829 | |||
806 | // rest of filesystem | 830 | // rest of filesystem |
807 | if (strncmp(ptr, "blacklist ", 10) == 0) | 831 | if (strncmp(ptr, "blacklist ", 10) == 0) |
808 | ptr += 10; | 832 | ptr += 10; |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index cc37670aa..68420ae9d 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -467,6 +467,12 @@ available in the new namespace is a new loopback interface (lo). | |||
467 | Use this option to deny network access to programs that don't | 467 | Use this option to deny network access to programs that don't |
468 | really need network access. | 468 | really need network access. |
469 | 469 | ||
470 | .SH Other | ||
471 | .TP | ||
472 | \fBjoin-or-start sandboxname | ||
473 | Join the sandbox identified by name or start a new one. | ||
474 | Same as "firejail --join=sandboxname" command if sandbox with specified name exists, otherwise same as "name sandboxname". | ||
475 | |||
470 | .SH RELOCATING PROFILES | 476 | .SH RELOCATING PROFILES |
471 | For various reasons some users might want to keep the profile files in a different directory. | 477 | For various reasons some users might want to keep the profile files in a different directory. |
472 | Using \fB--profile-path\fR command line option, Firejail can be instructed to look for profiles | 478 | Using \fB--profile-path\fR command line option, Firejail can be instructed to look for profiles |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 29b0f05a2..88c884801 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -619,6 +619,13 @@ Switching to pid 1932, the first child process inside the sandbox | |||
619 | valid_lft forever preferred_lft forever | 619 | valid_lft forever preferred_lft forever |
620 | 620 | ||
621 | .TP | 621 | .TP |
622 | \fB\-\-join-or-start=name | ||
623 | Join the sandbox identified by name or start a new one. | ||
624 | Same as "firejail --join=name" if sandbox with specified name exists, otherwise same as "firejail --name=name ..." | ||
625 | .br | ||
626 | Note that in contrary to other join options there is respective profile option. | ||
627 | |||
628 | .TP | ||
622 | \fB\-\-ls=name|pid dir_or_filename | 629 | \fB\-\-ls=name|pid dir_or_filename |
623 | List files in sandbox container, see \fBFILE TRANSFER\fR section for more details. | 630 | List files in sandbox container, see \fBFILE TRANSFER\fR section for more details. |
624 | 631 | ||