diff options
author | Peter Millerchip <pete@millerchipsoftware.com> | 2015-08-13 11:09:10 +0100 |
---|---|---|
committer | Peter Millerchip <pete@millerchipsoftware.com> | 2015-08-13 11:09:10 +0100 |
commit | d3c1cf120a8303e5408637da5a21543796d09f90 (patch) | |
tree | 123c9be29d71d0df6be3db16bda4ccc9a0f3a1ac /src | |
parent | disable-history.inc integration - included in all profile files (diff) | |
download | firejail-d3c1cf120a8303e5408637da5a21543796d09f90.tar.gz firejail-d3c1cf120a8303e5408637da5a21543796d09f90.tar.zst firejail-d3c1cf120a8303e5408637da5a21543796d09f90.zip |
Implement the --private-home option as an alternative name for --private.keep
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/arg-checking.txt | 2 | ||||
-rw-r--r-- | src/firejail/firejail.h | 6 | ||||
-rw-r--r-- | src/firejail/fs_home.c | 6 | ||||
-rw-r--r-- | src/firejail/main.c | 5 | ||||
-rw-r--r-- | src/firejail/profile.c | 3 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 | ||||
-rw-r--r-- | src/firejail/usage.c | 2 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
9 files changed, 17 insertions, 15 deletions
diff --git a/src/firejail/arg-checking.txt b/src/firejail/arg-checking.txt index c1ab2cb21..07e61df93 100644 --- a/src/firejail/arg-checking.txt +++ b/src/firejail/arg-checking.txt | |||
@@ -59,7 +59,7 @@ arg checking: | |||
59 | - check same owner | 59 | - check same owner |
60 | - unit test | 60 | - unit test |
61 | 61 | ||
62 | 9. --private.keep=filelist | 62 | 9. --private-home=filelist |
63 | - supported in profiles | 63 | - supported in profiles |
64 | - checking no ".." | 64 | - checking no ".." |
65 | - checking file found | 65 | - checking file found |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 5adabbcb3..a1833b4bc 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -282,9 +282,9 @@ void fs_private_dev(void); | |||
282 | void fs_private(void); | 282 | void fs_private(void); |
283 | // private mode (--private=homedir) | 283 | // private mode (--private=homedir) |
284 | void fs_private_homedir(void); | 284 | void fs_private_homedir(void); |
285 | // private mode (--private.keep=list) | 285 | // private mode (--private-home=list) |
286 | void fs_private_home_list(void); | 286 | void fs_private_home_list(void); |
287 | // check directory linst specified by user (--private.keep option) - exit if it fails | 287 | // check directory list specified by user (--private-home option) - exit if it fails |
288 | void fs_check_home_list(void); | 288 | void fs_check_home_list(void); |
289 | // check new private home directory (--private= option) - exit if it fails | 289 | // check new private home directory (--private= option) - exit if it fails |
290 | void fs_check_private_dir(void); | 290 | void fs_check_private_dir(void); |
@@ -357,4 +357,4 @@ void network_shm_set_file(pid_t pid); | |||
357 | void fs_check_etc_list(void); | 357 | void fs_check_etc_list(void); |
358 | void fs_private_etc_list(void); | 358 | void fs_private_etc_list(void); |
359 | 359 | ||
360 | #endif \ No newline at end of file | 360 | #endif |
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index ca4691751..e726d6f10 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -302,10 +302,10 @@ static void check_dir_or_file(const char *name) { | |||
302 | exit(1); | 302 | exit(1); |
303 | } | 303 | } |
304 | 304 | ||
305 | // check directory linst specified by user (--private.keep option) - exit if it fails | 305 | // check directory list specified by user (--private-home option) - exit if it fails |
306 | void fs_check_home_list(void) { | 306 | void fs_check_home_list(void) { |
307 | if (strstr(cfg.home_private_keep, "..")) { | 307 | if (strstr(cfg.home_private_keep, "..")) { |
308 | fprintf(stderr, "Error: invalid private.keep list\n"); | 308 | fprintf(stderr, "Error: invalid private-home list\n"); |
309 | exit(1); | 309 | exit(1); |
310 | } | 310 | } |
311 | 311 | ||
@@ -385,7 +385,7 @@ static void duplicate(char *fname) { | |||
385 | } | 385 | } |
386 | 386 | ||
387 | 387 | ||
388 | // private mode (--private.keep=list): | 388 | // private mode (--private-home=list): |
389 | // mount homedir on top of /home/user, | 389 | // mount homedir on top of /home/user, |
390 | // tmpfs on top of /root in nonroot mode, | 390 | // tmpfs on top of /root in nonroot mode, |
391 | // tmpfs on top of /tmp in root mode, | 391 | // tmpfs on top of /tmp in root mode, |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 1f4574c5c..6c5d9a44e 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -677,7 +677,7 @@ int main(int argc, char **argv) { | |||
677 | arg_private = 1; | 677 | arg_private = 1; |
678 | else if (strncmp(argv[i], "--private=", 10) == 0) { | 678 | else if (strncmp(argv[i], "--private=", 10) == 0) { |
679 | if (cfg.home_private_keep) { | 679 | if (cfg.home_private_keep) { |
680 | fprintf(stderr, "Error: a private list of files was already defined with --private.keep option.\n"); | 680 | fprintf(stderr, "Error: a private list of files was already defined with --private-home option.\n"); |
681 | exit(1); | 681 | exit(1); |
682 | } | 682 | } |
683 | 683 | ||
@@ -686,7 +686,8 @@ int main(int argc, char **argv) { | |||
686 | fs_check_private_dir(); | 686 | fs_check_private_dir(); |
687 | arg_private = 1; | 687 | arg_private = 1; |
688 | } | 688 | } |
689 | else if (strncmp(argv[i], "--private.keep=", 15) == 0) { | 689 | else if ((strncmp(argv[i], "--private.keep=", 15) == 0) |
690 | || (strncmp(argv[i], "--private-home=", 15) == 0)) { | ||
690 | if (cfg.home_private) { | 691 | if (cfg.home_private) { |
691 | fprintf(stderr, "Error: a private home directory was already defined with --private option.\n"); | 692 | fprintf(stderr, "Error: a private home directory was already defined with --private option.\n"); |
692 | exit(1); | 693 | exit(1); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index a6843cc6d..a73582499 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -228,7 +228,8 @@ int profile_check_line(char *ptr, int lineno) { | |||
228 | } | 228 | } |
229 | 229 | ||
230 | // private home list of files and directories | 230 | // private home list of files and directories |
231 | if (strncmp(ptr, "private.keep ", 13) == 0) { | 231 | if ((strncmp(ptr, "private.keep ", 13) == 0) |
232 | || (strncmp(ptr, "private-home ", 13) == 0)) { | ||
232 | cfg.home_private_keep = ptr + 13; | 233 | cfg.home_private_keep = ptr + 13; |
233 | fs_check_home_list(); | 234 | fs_check_home_list(); |
234 | arg_private = 1; | 235 | arg_private = 1; |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 2beb31099..2cdc67d1c 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -237,7 +237,7 @@ int sandbox(void* sandbox_arg) { | |||
237 | if (arg_private) { | 237 | if (arg_private) { |
238 | if (cfg.home_private) // --private= | 238 | if (cfg.home_private) // --private= |
239 | fs_private_homedir(); | 239 | fs_private_homedir(); |
240 | else if (cfg.home_private_keep) // --private.keep= | 240 | else if (cfg.home_private_keep) // --private-home= |
241 | fs_private_home_list(); | 241 | fs_private_home_list(); |
242 | else // --private | 242 | else // --private |
243 | fs_private(); | 243 | fs_private(); |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 2beeddb70..3ddd85aac 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -148,7 +148,7 @@ void usage(void) { | |||
148 | printf("\t\tfilesystems. All modifications are discarded when the sandbox is\n"); | 148 | printf("\t\tfilesystems. All modifications are discarded when the sandbox is\n"); |
149 | printf("\t\tclosed.\n\n"); | 149 | printf("\t\tclosed.\n\n"); |
150 | printf("\t--private=directory - use directory as user home.\n\n"); | 150 | printf("\t--private=directory - use directory as user home.\n\n"); |
151 | printf("\t--private.keep=file,directory - build a new user home in a temporary\n"); | 151 | printf("\t--private-home=file,directory - build a new user home in a temporary\n"); |
152 | printf("\t\tfilesystem, and copy the files and directories in the list in\n"); | 152 | printf("\t\tfilesystem, and copy the files and directories in the list in\n"); |
153 | printf("\t\tthe new home. All modifications are discarded when the sandbox\n"); | 153 | printf("\t\tthe new home. All modifications are discarded when the sandbox\n"); |
154 | printf("\t\tis closed.\n\n"); | 154 | printf("\t\tis closed.\n\n"); |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 60d9c47c5..394433107 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -73,7 +73,7 @@ closed. | |||
73 | \f\private directory | 73 | \f\private directory |
74 | Use directory as user home. | 74 | Use directory as user home. |
75 | .TP | 75 | .TP |
76 | \f\private.keep file,directory | 76 | \f\private-home file,directory |
77 | Build a new user home in a temporary | 77 | Build a new user home in a temporary |
78 | filesystem, and copy the files and directories in the list in the | 78 | filesystem, and copy the files and directories in the list in the |
79 | new home. All modifications are discarded when the sandbox is | 79 | new home. All modifications are discarded when the sandbox is |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index dbffe68ed..21310aebc 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -639,7 +639,7 @@ Example: | |||
639 | $ firejail \-\-private=/home/netblue/firefox-home firefox | 639 | $ firejail \-\-private=/home/netblue/firefox-home firefox |
640 | 640 | ||
641 | .TP | 641 | .TP |
642 | \fB\-\-private.keep=file,directory | 642 | \fB\-\-private-home=file,directory |
643 | Build a new user home in a temporary | 643 | Build a new user home in a temporary |
644 | filesystem, and copy the files and directories in the list in the | 644 | filesystem, and copy the files and directories in the list in the |
645 | new home. All modifications are discarded when the sandbox is | 645 | new home. All modifications are discarded when the sandbox is |
@@ -649,7 +649,7 @@ closed. | |||
649 | .br | 649 | .br |
650 | Example: | 650 | Example: |
651 | .br | 651 | .br |
652 | $ firejail \-\-private.keep=.mozilla firefox | 652 | $ firejail \-\-private-home=.mozilla firefox |
653 | .TP | 653 | .TP |
654 | \fB\-\-private-dev | 654 | \fB\-\-private-dev |
655 | Create a new /dev directory. Only null, full, zero, tty, pts, ptmx, random, urandom and shm devices are available. | 655 | Create a new /dev directory. Only null, full, zero, tty, pts, ptmx, random, urandom and shm devices are available. |