diff options
| author |  rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-09-04 19:08:32 +0200 |
|---|---|---|
| committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-09-04 19:08:32 +0200 |
| commit | c86cae2d08da10eaec01964654c505387ee51eac (patch) | |
| tree | 38ba1783a2150c954ab7c009d773d26b4cd42c39 /src | |
| parent | Profile fixes (diff) | |
| download | firejail-c86cae2d08da10eaec01964654c505387ee51eac.tar.gz firejail-c86cae2d08da10eaec01964654c505387ee51eac.tar.zst firejail-c86cae2d08da10eaec01964654c505387ee51eac.zip | |
Add new condition ALLOW_TRAY
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/checkcfg.c | 2 | ||||
| -rw-r--r-- | src/firejail/firejail.h | 1 | ||||
| -rw-r--r-- | src/firejail/profile.c | 5 | ||||
| -rw-r--r-- | src/man/firejail-profile.txt | 2 |
4 files changed, 9 insertions, 1 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 06e6f0ccb..e5d837bbb 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
| @@ -58,6 +58,7 @@ int checkcfg(int val) { | |||
| 58 | cfg_val[CFG_XPRA_ATTACH] = 0; | 58 | cfg_val[CFG_XPRA_ATTACH] = 0; |
| 59 | cfg_val[CFG_SECCOMP_ERROR_ACTION] = -1; | 59 | cfg_val[CFG_SECCOMP_ERROR_ACTION] = -1; |
| 60 | cfg_val[CFG_BROWSER_ALLOW_DRM] = 0; | 60 | cfg_val[CFG_BROWSER_ALLOW_DRM] = 0; |
| 61 | cfg_val[CFG_ALLOW_TRAY] = 0; | ||
| 61 | 62 | ||
| 62 | // open configuration file | 63 | // open configuration file |
| 63 | const char *fname = SYSCONFDIR "/firejail.config"; | 64 | const char *fname = SYSCONFDIR "/firejail.config"; |
| @@ -122,6 +123,7 @@ int checkcfg(int val) { | |||
| 122 | PARSE_YESNO(CFG_XPRA_ATTACH, "xpra-attach") | 123 | PARSE_YESNO(CFG_XPRA_ATTACH, "xpra-attach") |
| 123 | PARSE_YESNO(CFG_BROWSER_DISABLE_U2F, "browser-disable-u2f") | 124 | PARSE_YESNO(CFG_BROWSER_DISABLE_U2F, "browser-disable-u2f") |
| 124 | PARSE_YESNO(CFG_BROWSER_ALLOW_DRM, "browser-allow-drm") | 125 | PARSE_YESNO(CFG_BROWSER_ALLOW_DRM, "browser-allow-drm") |
| 126 | PARSE_YESNO(CFG_ALLOW_TRAY, "allow-tray") | ||
| 125 | #undef PARSE_YESNO | 127 | #undef PARSE_YESNO |
| 126 | 128 | ||
| 127 | // netfilter | 129 | // netfilter |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2a7d88575..46985d89e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -801,6 +801,7 @@ enum { | |||
| 801 | CFG_NAME_CHANGE, | 801 | CFG_NAME_CHANGE, |
| 802 | CFG_SECCOMP_ERROR_ACTION, | 802 | CFG_SECCOMP_ERROR_ACTION, |
| 803 | // CFG_FILE_COPY_LIMIT - file copy limit handled using setenv/getenv | 803 | // CFG_FILE_COPY_LIMIT - file copy limit handled using setenv/getenv |
| 804 | CFG_ALLOW_TRAY, | ||
| 804 | CFG_MAX // this should always be the last entry | 805 | CFG_MAX // this should always be the last entry |
| 805 | }; | 806 | }; |
| 806 | extern char *xephyr_screen; | 807 | extern char *xephyr_screen; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index b7c7185a6..7c7c7a025 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -175,6 +175,10 @@ static int check_allow_drm(void) { | |||
| 175 | return checkcfg(CFG_BROWSER_ALLOW_DRM) != 0; | 175 | return checkcfg(CFG_BROWSER_ALLOW_DRM) != 0; |
| 176 | } | 176 | } |
| 177 | 177 | ||
| 178 | static int check_allow_tray(void) { | ||
| 179 | return checkcfg(CFG_ALLOW_TRAY) != 0; | ||
| 180 | } | ||
| 181 | |||
| 178 | Cond conditionals[] = { | 182 | Cond conditionals[] = { |
| 179 | {"HAS_APPIMAGE", check_appimage}, | 183 | {"HAS_APPIMAGE", check_appimage}, |
| 180 | {"HAS_NET", check_netoptions}, | 184 | {"HAS_NET", check_netoptions}, |
| @@ -184,6 +188,7 @@ Cond conditionals[] = { | |||
| 184 | {"HAS_X11", check_x11}, | 188 | {"HAS_X11", check_x11}, |
| 185 | {"BROWSER_DISABLE_U2F", check_disable_u2f}, | 189 | {"BROWSER_DISABLE_U2F", check_disable_u2f}, |
| 186 | {"BROWSER_ALLOW_DRM", check_allow_drm}, | 190 | {"BROWSER_ALLOW_DRM", check_allow_drm}, |
| 191 | {"ALLOW_TRAY", check_allow_tray}, | ||
| 187 | { NULL, NULL } | 192 | { NULL, NULL } |
| 188 | }; | 193 | }; |
| 189 | 194 | ||
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 6280026e6..adb79234b 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -174,7 +174,7 @@ Example: "?HAS_APPIMAGE: allow ${HOME}/special/appimage/dir" | |||
| 174 | 174 | ||
| 175 | This example will load the profile line only if the \-\-appimage option has been specified on the command line. | 175 | This example will load the profile line only if the \-\-appimage option has been specified on the command line. |
| 176 | 176 | ||
| 177 | Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM | 177 | Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals ALLOW_TRAY, BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM |
| 178 | can be enabled or disabled globally in Firejail's configuration file. | 178 | can be enabled or disabled globally in Firejail's configuration file. |
| 179 | 179 | ||
| 180 | The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. | 180 | The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. |