diff options
-rw-r--r-- | src/firejail/firejail.h | 4 | ||||
-rw-r--r-- | src/firejail/fs_dev.c | 30 | ||||
-rw-r--r-- | src/firejail/main.c | 6 | ||||
-rw-r--r-- | src/firejail/profile.c | 4 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 4 | ||||
-rw-r--r-- | src/firejail/usage.c | 1 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 4 | ||||
-rw-r--r-- | src/man/firejail.txt | 6 |
8 files changed, 30 insertions, 29 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 565983341..d18cd112f 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -383,7 +383,7 @@ extern int arg_noprofile; // use default.profile if none other found/specified | |||
383 | extern int arg_memory_deny_write_execute; // block writable and executable memory | 383 | extern int arg_memory_deny_write_execute; // block writable and executable memory |
384 | extern int arg_notv; // --notv | 384 | extern int arg_notv; // --notv |
385 | extern int arg_nodvd; // --nodvd | 385 | extern int arg_nodvd; // --nodvd |
386 | extern int arg_nousb; // --nousb | 386 | extern int arg_nou2f; // --nou2f |
387 | extern int arg_nodbus; // -nodbus | 387 | extern int arg_nodbus; // -nodbus |
388 | 388 | ||
389 | extern int login_shell; | 389 | extern int login_shell; |
@@ -558,7 +558,7 @@ void fs_dev_disable_3d(void); | |||
558 | void fs_dev_disable_video(void); | 558 | void fs_dev_disable_video(void); |
559 | void fs_dev_disable_tv(void); | 559 | void fs_dev_disable_tv(void); |
560 | void fs_dev_disable_dvd(void); | 560 | void fs_dev_disable_dvd(void); |
561 | void fs_dev_disable_usb(void); | 561 | void fs_dev_disable_u2f(void); |
562 | 562 | ||
563 | // fs_home.c | 563 | // fs_home.c |
564 | // private mode (--private) | 564 | // private mode (--private) |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index f58ebe399..9e287bf27 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -39,7 +39,7 @@ typedef enum { | |||
39 | DEV_VIDEO, | 39 | DEV_VIDEO, |
40 | DEV_TV, | 40 | DEV_TV, |
41 | DEV_DVD, | 41 | DEV_DVD, |
42 | DEV_USB, | 42 | DEV_U2F, |
43 | } DEV_TYPE; | 43 | } DEV_TYPE; |
44 | 44 | ||
45 | 45 | ||
@@ -77,17 +77,17 @@ static DevEntry dev[] = { | |||
77 | {"/dev/video9", RUN_DEV_DIR "/video9", DEV_VIDEO}, | 77 | {"/dev/video9", RUN_DEV_DIR "/video9", DEV_VIDEO}, |
78 | {"/dev/dvb", RUN_DEV_DIR "/dvb", DEV_TV}, // DVB (Digital Video Broadcasting) - TV device | 78 | {"/dev/dvb", RUN_DEV_DIR "/dvb", DEV_TV}, // DVB (Digital Video Broadcasting) - TV device |
79 | {"/dev/sr0", RUN_DEV_DIR "/sr0", DEV_DVD}, // for DVD and audio CD players | 79 | {"/dev/sr0", RUN_DEV_DIR "/sr0", DEV_DVD}, // for DVD and audio CD players |
80 | {"/dev/hidraw0", RUN_DEV_DIR "/hidraw0", DEV_USB}, | 80 | {"/dev/hidraw0", RUN_DEV_DIR "/hidraw0", DEV_U2F}, |
81 | {"/dev/hidraw1", RUN_DEV_DIR "/hidraw1", DEV_USB}, | 81 | {"/dev/hidraw1", RUN_DEV_DIR "/hidraw1", DEV_U2F}, |
82 | {"/dev/hidraw2", RUN_DEV_DIR "/hidraw2", DEV_USB}, | 82 | {"/dev/hidraw2", RUN_DEV_DIR "/hidraw2", DEV_U2F}, |
83 | {"/dev/hidraw3", RUN_DEV_DIR "/hidraw3", DEV_USB}, | 83 | {"/dev/hidraw3", RUN_DEV_DIR "/hidraw3", DEV_U2F}, |
84 | {"/dev/hidraw4", RUN_DEV_DIR "/hidraw4", DEV_USB}, | 84 | {"/dev/hidraw4", RUN_DEV_DIR "/hidraw4", DEV_U2F}, |
85 | {"/dev/hidraw5", RUN_DEV_DIR "/hidraw5", DEV_USB}, | 85 | {"/dev/hidraw5", RUN_DEV_DIR "/hidraw5", DEV_U2F}, |
86 | {"/dev/hidraw6", RUN_DEV_DIR "/hidraw6", DEV_USB}, | 86 | {"/dev/hidraw6", RUN_DEV_DIR "/hidraw6", DEV_U2F}, |
87 | {"/dev/hidraw7", RUN_DEV_DIR "/hidraw7", DEV_USB}, | 87 | {"/dev/hidraw7", RUN_DEV_DIR "/hidraw7", DEV_U2F}, |
88 | {"/dev/hidraw8", RUN_DEV_DIR "/hidraw8", DEV_USB}, | 88 | {"/dev/hidraw8", RUN_DEV_DIR "/hidraw8", DEV_U2F}, |
89 | {"/dev/hidraw9", RUN_DEV_DIR "/hidraw9", DEV_USB}, | 89 | {"/dev/hidraw9", RUN_DEV_DIR "/hidraw9", DEV_U2F}, |
90 | {"/dev/usb", RUN_DEV_DIR "/usb", DEV_USB}, // USB devices such as Yubikey, U2F | 90 | {"/dev/usb", RUN_DEV_DIR "/usb", DEV_U2F}, // USB devices such as Yubikey, U2F |
91 | {NULL, NULL, DEV_NONE} | 91 | {NULL, NULL, DEV_NONE} |
92 | }; | 92 | }; |
93 | 93 | ||
@@ -102,7 +102,7 @@ static void deventry_mount(void) { | |||
102 | (dev[i].type == DEV_VIDEO && arg_novideo == 0) || | 102 | (dev[i].type == DEV_VIDEO && arg_novideo == 0) || |
103 | (dev[i].type == DEV_TV && arg_notv == 0) || | 103 | (dev[i].type == DEV_TV && arg_notv == 0) || |
104 | (dev[i].type == DEV_DVD && arg_nodvd == 0) || | 104 | (dev[i].type == DEV_DVD && arg_nodvd == 0) || |
105 | (dev[i].type == DEV_USB && arg_nousb == 0)) { | 105 | (dev[i].type == DEV_U2F && arg_nou2f == 0)) { |
106 | 106 | ||
107 | int dir = is_dir(dev[i].run_fname); | 107 | int dir = is_dir(dev[i].run_fname); |
108 | if (arg_debug) | 108 | if (arg_debug) |
@@ -371,10 +371,10 @@ void fs_dev_disable_dvd(void) { | |||
371 | } | 371 | } |
372 | } | 372 | } |
373 | 373 | ||
374 | void fs_dev_disable_usb(void) { | 374 | void fs_dev_disable_u2f(void) { |
375 | int i = 0; | 375 | int i = 0; |
376 | while (dev[i].dev_fname != NULL) { | 376 | while (dev[i].dev_fname != NULL) { |
377 | if (dev[i].type == DEV_USB) | 377 | if (dev[i].type == DEV_U2F) |
378 | disable_file_or_dir(dev[i].dev_fname); | 378 | disable_file_or_dir(dev[i].dev_fname); |
379 | i++; | 379 | i++; |
380 | } | 380 | } |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 51f875e91..ce28c62da 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -123,7 +123,7 @@ int arg_memory_deny_write_execute = 0; // block writable and executable memory | |||
123 | int arg_notv = 0; // --notv | 123 | int arg_notv = 0; // --notv |
124 | int arg_nodvd = 0; // --nodvd | 124 | int arg_nodvd = 0; // --nodvd |
125 | int arg_nodbus = 0; // -nodbus | 125 | int arg_nodbus = 0; // -nodbus |
126 | int arg_nousb = 0; // --nousb | 126 | int arg_nou2f = 0; // --nou2f |
127 | int login_shell = 0; | 127 | int login_shell = 0; |
128 | 128 | ||
129 | 129 | ||
@@ -1723,8 +1723,8 @@ int main(int argc, char **argv) { | |||
1723 | arg_notv = 1; | 1723 | arg_notv = 1; |
1724 | else if (strcmp(argv[i], "--nodvd") == 0) | 1724 | else if (strcmp(argv[i], "--nodvd") == 0) |
1725 | arg_nodvd = 1; | 1725 | arg_nodvd = 1; |
1726 | else if (strcmp(argv[i], "--nousb") == 0) | 1726 | else if (strcmp(argv[i], "--nou2f") == 0) |
1727 | arg_nousb = 1; | 1727 | arg_nou2f = 1; |
1728 | else if (strcmp(argv[i], "--nodbus") == 0) | 1728 | else if (strcmp(argv[i], "--nodbus") == 0) |
1729 | arg_nodbus = 1; | 1729 | arg_nodbus = 1; |
1730 | 1730 | ||
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 8c393cab5..7d03a7c34 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -257,8 +257,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
257 | arg_nodbus = 1; | 257 | arg_nodbus = 1; |
258 | return 0; | 258 | return 0; |
259 | } | 259 | } |
260 | else if (strcmp(ptr, "nousb") == 0) { | 260 | else if (strcmp(ptr, "nou2f") == 0) { |
261 | arg_nousb = 1; | 261 | arg_nou2f = 1; |
262 | return 0; | 262 | return 0; |
263 | } | 263 | } |
264 | else if (strcmp(ptr, "netfilter") == 0) { | 264 | else if (strcmp(ptr, "netfilter") == 0) { |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index c22d65122..a1400db34 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -908,8 +908,8 @@ int sandbox(void* sandbox_arg) { | |||
908 | if (arg_nodvd) | 908 | if (arg_nodvd) |
909 | fs_dev_disable_dvd(); | 909 | fs_dev_disable_dvd(); |
910 | 910 | ||
911 | if (arg_nousb) | 911 | if (arg_nou2f) |
912 | fs_dev_disable_usb(); | 912 | fs_dev_disable_u2f(); |
913 | 913 | ||
914 | if (arg_novideo) | 914 | if (arg_novideo) |
915 | fs_dev_disable_video(); | 915 | fs_dev_disable_video(); |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 88614298e..0289278d2 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -138,6 +138,7 @@ static char *usage_str = | |||
138 | " --nosound - disable sound system.\n" | 138 | " --nosound - disable sound system.\n" |
139 | " --noautopulse - disable automatic ~/.config/pulse init.\n" | 139 | " --noautopulse - disable automatic ~/.config/pulse init.\n" |
140 | " --novideo - disable video devices.\n" | 140 | " --novideo - disable video devices.\n" |
141 | " --nou2f - disable U2F devices.\n" | ||
141 | " --nowhitelist=filename - disable whitelist for file or directory .\n" | 142 | " --nowhitelist=filename - disable whitelist for file or directory .\n" |
142 | " --output=logfile - stdout logging and log rotation.\n" | 143 | " --output=logfile - stdout logging and log rotation.\n" |
143 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" | 144 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 76a13c7cc..c32fdf8f4 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -468,8 +468,8 @@ pulse servers or non-standard socket paths. | |||
468 | \fBnotv | 468 | \fBnotv |
469 | Disable DVB (Digital Video Broadcasting) TV devices. | 469 | Disable DVB (Digital Video Broadcasting) TV devices. |
470 | .TP | 470 | .TP |
471 | \fBnousb | 471 | \fBnou2f |
472 | Disable USB devices. | 472 | Disable U2F devices. |
473 | .TP | 473 | .TP |
474 | \fBnovideo | 474 | \fBnovideo |
475 | Disable video devices. | 475 | Disable video devices. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 2ea39aed4..760249e70 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1174,14 +1174,14 @@ Example: | |||
1174 | $ firejail \-\-notv vlc | 1174 | $ firejail \-\-notv vlc |
1175 | 1175 | ||
1176 | .TP | 1176 | .TP |
1177 | \fB\-\-nousb | 1177 | \fB\-\-nou2f |
1178 | Disable USB devices. | 1178 | Disable U2F devices. |
1179 | .br | 1179 | .br |
1180 | 1180 | ||
1181 | .br | 1181 | .br |
1182 | Example: | 1182 | Example: |
1183 | .br | 1183 | .br |
1184 | $ firejail \-\-nousb | 1184 | $ firejail \-\-nou2f |
1185 | 1185 | ||
1186 | .TP | 1186 | .TP |
1187 | \fB\-\-novideo | 1187 | \fB\-\-novideo |