aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar smitsohu <smitsohu@gmail.com>2020-07-29 15:51:58 +0200
committerLibravatar GitHub <noreply@github.com>2020-07-29 15:51:58 +0200
commitd3cc417f1d38ee35b0380254265b9c4ad0244783 (patch)
tree12b3b51aaea038b97052437fac6dd51388d06cf1 /src
parentfix Lua in mpv.profile (diff)
parentintegrate join(-or-start) with dbus options (diff)
downloadfirejail-d3cc417f1d38ee35b0380254265b9c4ad0244783.tar.gz
firejail-d3cc417f1d38ee35b0380254265b9c4ad0244783.tar.zst
firejail-d3cc417f1d38ee35b0380254265b9c4ad0244783.zip
Merge pull request #3521 from smitsohu/join2
integrate join(-or-start) with dbus options (partial fix)
Diffstat (limited to 'src')
-rw-r--r--src/firejail/dbus.c38
-rw-r--r--src/firejail/firejail.h2
-rw-r--r--src/firejail/join.c7
3 files changed, 33 insertions, 14 deletions
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
index 18576612d..6609e48bd 100644
--- a/src/firejail/dbus.c
+++ b/src/firejail/dbus.c
@@ -444,6 +444,24 @@ static char *get_socket_env(const char *name) {
444 return NULL; 444 return NULL;
445} 445}
446 446
447void dbus_set_session_bus_env(void) {
448 if (setenv(DBUS_SESSION_BUS_ADDRESS_ENV,
449 DBUS_SOCKET_PATH_PREFIX RUN_DBUS_USER_SOCKET, 1) == -1) {
450 fprintf(stderr, "Error: cannot modify " DBUS_SESSION_BUS_ADDRESS_ENV
451 " required by --dbus-user\n");
452 exit(1);
453 }
454}
455
456void dbus_set_system_bus_env(void) {
457 if (setenv(DBUS_SYSTEM_BUS_ADDRESS_ENV,
458 DBUS_SOCKET_PATH_PREFIX RUN_DBUS_SYSTEM_SOCKET, 1) == -1) {
459 fprintf(stderr, "Error: cannot modify " DBUS_SYSTEM_BUS_ADDRESS_ENV
460 " required by --dbus-system\n");
461 exit(1);
462 }
463}
464
447static void disable_socket_dir(void) { 465static void disable_socket_dir(void) {
448 struct stat s; 466 struct stat s;
449 if (stat(RUN_FIREJAIL_DBUS_DIR, &s) == 0) 467 if (stat(RUN_FIREJAIL_DBUS_DIR, &s) == 0)
@@ -465,10 +483,10 @@ void dbus_apply_policy(void) {
465 } 483 }
466 484
467 create_empty_dir_as_root(RUN_DBUS_DIR, 0755); 485 create_empty_dir_as_root(RUN_DBUS_DIR, 0755);
468 create_empty_file_as_root(RUN_DBUS_USER_SOCKET, 0700);
469 create_empty_file_as_root(RUN_DBUS_SYSTEM_SOCKET, 0700);
470 486
471 if (arg_dbus_user != DBUS_POLICY_ALLOW) { 487 if (arg_dbus_user != DBUS_POLICY_ALLOW) {
488 create_empty_file_as_root(RUN_DBUS_USER_SOCKET, 0700);
489
472 if (arg_dbus_user == DBUS_POLICY_FILTER) { 490 if (arg_dbus_user == DBUS_POLICY_FILTER) {
473 assert(dbus_user_proxy_socket != NULL); 491 assert(dbus_user_proxy_socket != NULL);
474 socket_overlay(RUN_DBUS_USER_SOCKET, dbus_user_proxy_socket); 492 socket_overlay(RUN_DBUS_USER_SOCKET, dbus_user_proxy_socket);
@@ -495,12 +513,7 @@ void dbus_apply_policy(void) {
495 free(dbus_user_socket); 513 free(dbus_user_socket);
496 free(dbus_user_socket2); 514 free(dbus_user_socket2);
497 515
498 if (setenv(DBUS_SESSION_BUS_ADDRESS_ENV, 516 dbus_set_session_bus_env();
499 DBUS_SOCKET_PATH_PREFIX RUN_DBUS_USER_SOCKET, 1) == -1) {
500 fprintf(stderr, "Error: cannot modify " DBUS_SESSION_BUS_ADDRESS_ENV
501 " required by --dbus-user\n");
502 exit(1);
503 }
504 517
505 // blacklist the dbus-launch user directory 518 // blacklist the dbus-launch user directory
506 char *path; 519 char *path;
@@ -511,6 +524,8 @@ void dbus_apply_policy(void) {
511 } 524 }
512 525
513 if (arg_dbus_system != DBUS_POLICY_ALLOW) { 526 if (arg_dbus_system != DBUS_POLICY_ALLOW) {
527 create_empty_file_as_root(RUN_DBUS_SYSTEM_SOCKET, 0700);
528
514 if (arg_dbus_system == DBUS_POLICY_FILTER) { 529 if (arg_dbus_system == DBUS_POLICY_FILTER) {
515 assert(dbus_system_proxy_socket != NULL); 530 assert(dbus_system_proxy_socket != NULL);
516 socket_overlay(RUN_DBUS_SYSTEM_SOCKET, dbus_system_proxy_socket); 531 socket_overlay(RUN_DBUS_SYSTEM_SOCKET, dbus_system_proxy_socket);
@@ -523,12 +538,7 @@ void dbus_apply_policy(void) {
523 if (system_env != NULL && strcmp(system_env, DBUS_SYSTEM_SOCKET) != 0) 538 if (system_env != NULL && strcmp(system_env, DBUS_SYSTEM_SOCKET) != 0)
524 disable_file_or_dir(system_env); 539 disable_file_or_dir(system_env);
525 540
526 if (setenv(DBUS_SYSTEM_BUS_ADDRESS_ENV, 541 dbus_set_system_bus_env();
527 DBUS_SOCKET_PATH_PREFIX RUN_DBUS_SYSTEM_SOCKET, 1) == -1) {
528 fprintf(stderr, "Error: cannot modify " DBUS_SYSTEM_BUS_ADDRESS_ENV
529 " required by --dbus-system\n");
530 exit(1);
531 }
532 } 542 }
533 543
534 // Only disable access to /run/firejail/dbus here, when the sockets have been bind-mounted. 544 // Only disable access to /run/firejail/dbus here, when the sockets have been bind-mounted.
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 1ef4887ea..54a1023ab 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -854,6 +854,8 @@ int dbus_check_call_rule(const char *name);
854void dbus_check_profile(void); 854void dbus_check_profile(void);
855void dbus_proxy_start(void); 855void dbus_proxy_start(void);
856void dbus_proxy_stop(void); 856void dbus_proxy_stop(void);
857void dbus_set_session_bus_env(void);
858void dbus_set_system_bus_env(void);
857void dbus_apply_policy(void); 859void dbus_apply_policy(void);
858 860
859// dhcp.c 861// dhcp.c
diff --git a/src/firejail/join.c b/src/firejail/join.c
index fa1f64333..4c8555f29 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -579,6 +579,13 @@ void join(pid_t pid, int argc, char **argv, int index) {
579 free(display_str); 579 free(display_str);
580 } 580 }
581 581
582 // set D-Bus environment variables
583 struct stat s;
584 if (stat(RUN_DBUS_USER_SOCKET, &s) == 0)
585 dbus_set_session_bus_env();
586 if (stat(RUN_DBUS_SYSTEM_SOCKET, &s) == 0)
587 dbus_set_system_bus_env();
588
582 start_application(0, NULL); 589 start_application(0, NULL);
583 590
584 // it will never get here!!! 591 // it will never get here!!!
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 03:32:32 +0000