diff options
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/firecfg/main.c | 55 | ||||
-rw-r--r-- | src/man/firecfg.txt | 42 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
4 files changed, 88 insertions, 12 deletions
@@ -31,6 +31,7 @@ firejail (0.9.46-rc1) baseline; urgency=low | |||
31 | * feature: disabled Go, Rust, and OpenSSL in disable-devel.conf | 31 | * feature: disabled Go, Rust, and OpenSSL in disable-devel.conf |
32 | * feature: support overlay, overlay-named and overlay-tmpfs in profile files | 32 | * feature: support overlay, overlay-named and overlay-tmpfs in profile files |
33 | * feature: allow PulseAudio sockets in --private-tmp | 33 | * feature: allow PulseAudio sockets in --private-tmp |
34 | * feature: --fix-sound support in firecfg | ||
34 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire, | 35 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire, |
35 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, | 36 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, |
36 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, | 37 | * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, |
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index c8af9d03a..af5ebef98 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -34,6 +34,7 @@ | |||
34 | 34 | ||
35 | #include "../include/common.h" | 35 | #include "../include/common.h" |
36 | static int arg_debug = 0; | 36 | static int arg_debug = 0; |
37 | #define MAX_BUF 1024 | ||
37 | 38 | ||
38 | static void usage(void) { | 39 | static void usage(void) { |
39 | printf("firecfg - version %s\n\n", VERSION); | 40 | printf("firecfg - version %s\n\n", VERSION); |
@@ -46,6 +47,7 @@ static void usage(void) { | |||
46 | printf("Usage: firecfg [OPTIONS]\n\n"); | 47 | printf("Usage: firecfg [OPTIONS]\n\n"); |
47 | printf(" --clean - remove all firejail symbolic links.\n\n"); | 48 | printf(" --clean - remove all firejail symbolic links.\n\n"); |
48 | printf(" --debug - print debug messages.\n\n"); | 49 | printf(" --debug - print debug messages.\n\n"); |
50 | printf(" --fix-sound - create ~/.config/pulse/client.conf file.\n\n"); | ||
49 | printf(" --help, -? - this help screen.\n\n"); | 51 | printf(" --help, -? - this help screen.\n\n"); |
50 | printf(" --list - list all firejail symbolic links.\n\n"); | 52 | printf(" --list - list all firejail symbolic links.\n\n"); |
51 | printf(" --version - print program version and exit.\n\n"); | 53 | printf(" --version - print program version and exit.\n\n"); |
@@ -67,6 +69,49 @@ static void usage(void) { | |||
67 | printf("Homepage: http://firejail.wordpress.com\n\n"); | 69 | printf("Homepage: http://firejail.wordpress.com\n\n"); |
68 | } | 70 | } |
69 | 71 | ||
72 | static void sound(void) { | ||
73 | struct passwd *pw = getpwuid(getuid()); | ||
74 | if (!pw) { | ||
75 | goto errexit; | ||
76 | } | ||
77 | char *home = pw->pw_dir; | ||
78 | if (!home) { | ||
79 | goto errexit; | ||
80 | } | ||
81 | |||
82 | // the input file is /etc/pulse/client.conf | ||
83 | FILE *fpin = fopen("/etc/pulse/client.conf", "r"); | ||
84 | if (!fpin) { | ||
85 | fprintf(stderr, "PulseAudio is not available on this platform, there is nothing to fix...\n"); | ||
86 | return; | ||
87 | } | ||
88 | |||
89 | // the dest is PulseAudio user config file | ||
90 | char *fname; | ||
91 | if (asprintf(&fname, "%s/.config/pulse/client.conf", home) == -1) | ||
92 | errExit("asprintf"); | ||
93 | FILE *fpout = fopen(fname, "w"); | ||
94 | free(fname); | ||
95 | if (!fpout) | ||
96 | goto errexit; | ||
97 | |||
98 | // copy default config | ||
99 | char buf[MAX_BUF]; | ||
100 | while (fgets(buf, MAX_BUF, fpin)) | ||
101 | fputs(buf, fpout); | ||
102 | |||
103 | // disable shm | ||
104 | fprintf(fpout, "\nenable-shm = no\n"); | ||
105 | fclose(fpin); | ||
106 | fclose(fpout); | ||
107 | printf("PulseAudio configured, please logout and login back again\n"); | ||
108 | return; | ||
109 | |||
110 | errexit: | ||
111 | fprintf(stderr, "Error: cannot configure sound file\n"); | ||
112 | exit(1); | ||
113 | } | ||
114 | |||
70 | // return 1 if the program is found | 115 | // return 1 if the program is found |
71 | static int find(const char *program, const char *directory) { | 116 | static int find(const char *program, const char *directory) { |
72 | int retval = 0; | 117 | int retval = 0; |
@@ -231,7 +276,6 @@ static void set_file(const char *name, const char *firejail_exec) { | |||
231 | free(fname); | 276 | free(fname); |
232 | } | 277 | } |
233 | 278 | ||
234 | #define MAX_BUF 1024 | ||
235 | static void set_links(void) { | 279 | static void set_links(void) { |
236 | char *cfgfile; | 280 | char *cfgfile; |
237 | if (asprintf(&cfgfile, "%s/firejail/firecfg.config", LIBDIR) == -1) | 281 | if (asprintf(&cfgfile, "%s/firejail/firecfg.config", LIBDIR) == -1) |
@@ -504,6 +548,10 @@ int main(int argc, char **argv) { | |||
504 | list(); | 548 | list(); |
505 | return 0; | 549 | return 0; |
506 | } | 550 | } |
551 | else if (strcmp(argv[i], "--fix-sound") == 0) { | ||
552 | sound(); | ||
553 | return 0; | ||
554 | } | ||
507 | else { | 555 | else { |
508 | fprintf(stderr, "Error: invalid command line option\n"); | 556 | fprintf(stderr, "Error: invalid command line option\n"); |
509 | usage(); | 557 | usage(); |
@@ -513,8 +561,9 @@ int main(int argc, char **argv) { | |||
513 | 561 | ||
514 | // set symlinks in /usr/local/bin | 562 | // set symlinks in /usr/local/bin |
515 | if (getuid() != 0) { | 563 | if (getuid() != 0) { |
516 | fprintf(stderr, "Error: you need to be root to run this command\n"); | 564 | fprintf(stderr, "Error: cannot set the symbolic links in /usr/local/bin\n"); |
517 | exit(1); | 565 | fprintf(stderr, "The proper way to run this command is \"sudo firecfg\".\n"); |
566 | return 1; | ||
518 | } | 567 | } |
519 | set_links(); | 568 | set_links(); |
520 | 569 | ||
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index 369c3a7e0..979d4fc06 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt | |||
@@ -1,24 +1,50 @@ | |||
1 | .TH FIRECFG 1 "MONTH YEAR" "VERSION" "firecfg man page" | 1 | .TH FIRECFG 1 "MONTH YEAR" "VERSION" "firecfg man page" |
2 | .SH NAME | 2 | .SH NAME |
3 | Firecfg \- Desktop configuration program for Firejail software. | 3 | Firecfg \- Desktop integration utility for Firejail software. |
4 | .SH SYNOPSIS | 4 | .SH SYNOPSIS |
5 | firecfg [OPTIONS] | 5 | firecfg [OPTIONS] |
6 | .SH DESCRIPTION | 6 | .SH DESCRIPTION |
7 | Firecfg is the desktop configuration utility for Firejail software. The utility | 7 | Firecfg is the desktop integration utility for Firejail sandbox. |
8 | creates several symbolic links to firejail executable in /usr/local/bin. | 8 | It allows the user to sandbox applications automatically by |
9 | clicking on desktop manager icons and menus. | ||
9 | 10 | ||
10 | Firecfg also checks .desktop files in /usr/share/applications/, | 11 | The integration covers: |
11 | replaces the full path by program name, and writes the result to $HOME/.local/share/applications/. | 12 | .br |
12 | This allows the user to sandbox applications automatically, just by clicking on regular desktop | 13 | .PP |
13 | menus and icons. | 14 | .RS |
15 | - programs started in a terminal - typing "firefox" would be enough to start a sandboxed Firefox browser | ||
16 | .br | ||
14 | 17 | ||
15 | For more information, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR. | 18 | .br |
19 | - programs started by clicking on desktop manager menus - all major desktop managers are supported | ||
20 | .br | ||
21 | |||
22 | .br | ||
23 | - programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE, MATE and XFCE | ||
24 | desktop managers are supported in this moment | ||
25 | .RE | ||
26 | |||
27 | This brings us as very close to full desktop integration. | ||
28 | |||
29 | To set it up, run "sudo firecfg" after installing | ||
30 | Firejail software, and logout/login for the integration to take effect. "sudo firecfg" should also be run after | ||
31 | you install new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin | ||
32 | will be created. For a list of programs supported by default run "ls /etc/firejail". | ||
33 | |||
34 | For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR. | ||
16 | 35 | ||
17 | .SH OPTIONS | 36 | .SH OPTIONS |
18 | .TP | 37 | .TP |
19 | \fB\-\-clean | 38 | \fB\-\-clean |
20 | Remove all firejail symbolic links. | 39 | Remove all firejail symbolic links. |
21 | .TP | 40 | .TP |
41 | \fB\-\-fix-sound | ||
42 | Create a proper ~/.config/pulse/client.conf file without shm support. On some PulseAudio versions, | ||
43 | shared memory support (shm) breaks the process ID namespace. PulseAudio software was designed | ||
44 | a long time ago, and the introduction of PID namespace in Linux kernel breaks their design. This was | ||
45 | reportedly fixed in PulseAudio version 9. If you have sound problems on your system, run | ||
46 | "firecfg --fix-sound" command in a terminal, followed by logout/login in order to apply the changes. | ||
47 | .TP | ||
22 | \fB\-\-debug | 48 | \fB\-\-debug |
23 | Print debug messages. | 49 | Print debug messages. |
24 | .TP | 50 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index bc4c3f19a..915a0d50d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1997,7 +1997,7 @@ $ firejail --tree | |||
1997 | 1221:netblue:/usr/lib/firefox/firefox | 1997 | 1221:netblue:/usr/lib/firefox/firefox |
1998 | .RE | 1998 | .RE |
1999 | 1999 | ||
2000 | For more information, see \fBman 1 firecfg\fR. | 2000 | We provide a tool that automates all this integration, please see \fBman 1 firecfg\fR for more details. |
2001 | 2001 | ||
2002 | .SH APPARMOR | 2002 | .SH APPARMOR |
2003 | .TP | 2003 | .TP |