diff options
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 | ||||
-rw-r--r-- | src/lib/common.c | 28 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 7 | ||||
-rwxr-xr-x | test/features/2.2.exp | 12 | ||||
-rwxr-xr-x | test/seccomp-bad-empty.exp | 6 |
7 files changed, 41 insertions, 17 deletions
@@ -137,3 +137,5 @@ $ firejail --profile-path=~/myprofiles | |||
137 | ````` | 137 | ````` |
138 | 138 | ||
139 | ### Debian reproductible build | 139 | ### Debian reproductible build |
140 | |||
141 | ### Added "name" and "hostname" command support in profile files | ||
@@ -20,6 +20,7 @@ firejail (0.9.36-rc1) baseline; urgency=low | |||
20 | * filesystem log | 20 | * filesystem log |
21 | * libtrace enhancements, tracing opendir call | 21 | * libtrace enhancements, tracing opendir call |
22 | * added --tracelog option | 22 | * added --tracelog option |
23 | * added "name" command to profile files | ||
23 | * added "hostname" command to profile files | 24 | * added "hostname" command to profile files |
24 | * added automated feature testing framework | 25 | * added automated feature testing framework |
25 | * Debian reproductible build | 26 | * Debian reproductible build |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 4a1990382..356807acf 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -276,9 +276,9 @@ int sandbox(void* sandbox_arg) { | |||
276 | //**************************** | 276 | //**************************** |
277 | // log sandbox data | 277 | // log sandbox data |
278 | //**************************** | 278 | //**************************** |
279 | fs_logger2int("sandbox pid:", (int) sandbox_pid); | ||
280 | if (cfg.name) | 279 | if (cfg.name) |
281 | fs_logger2("sandbox name:", cfg.name); | 280 | fs_logger2("sandbox name:", cfg.name); |
281 | fs_logger2int("sandbox pid:", (int) sandbox_pid); | ||
282 | if (cfg.chrootdir) | 282 | if (cfg.chrootdir) |
283 | fs_logger("sandbox filesystem: chroot"); | 283 | fs_logger("sandbox filesystem: chroot"); |
284 | else if (arg_overlay) | 284 | else if (arg_overlay) |
diff --git a/src/lib/common.c b/src/lib/common.c index 7d2ee5362..90cee3e10 100644 --- a/src/lib/common.c +++ b/src/lib/common.c | |||
@@ -31,6 +31,7 @@ | |||
31 | #include <dirent.h> | 31 | #include <dirent.h> |
32 | #include <string.h> | 32 | #include <string.h> |
33 | #include "../include/common.h" | 33 | #include "../include/common.h" |
34 | #define BUFLEN 4096 | ||
34 | 35 | ||
35 | int join_namespace(pid_t pid, char *type) { | 36 | int join_namespace(pid_t pid, char *type) { |
36 | char *path; | 37 | char *path; |
@@ -100,6 +101,32 @@ int name2pid(const char *name, pid_t *pid) { | |||
100 | char *start = ptr; | 101 | char *start = ptr; |
101 | if (!ptr) { | 102 | if (!ptr) { |
102 | free(cmd); | 103 | free(cmd); |
104 | |||
105 | // extract name for /run/mnt/firejail/fslogger file | ||
106 | char *fname; | ||
107 | if (asprintf(&fname, "/proc/%d/root/run/firejail/mnt/fslogger", newpid) == -1) | ||
108 | errExit("asprintf"); | ||
109 | |||
110 | struct stat s; | ||
111 | if (stat(fname, &s) == 0) { | ||
112 | FILE *fp = fopen(fname, "r"); | ||
113 | if (fp) { | ||
114 | char buf[BUFLEN]; | ||
115 | if (fgets(buf, BUFLEN, fp)) { | ||
116 | if (strncmp(buf, "sandbox name: ", 14) == 0) { | ||
117 | char *ptr2 = buf + 14; | ||
118 | if (strncmp(name, ptr2, strlen(name)) == 0) { | ||
119 | fclose(fp); | ||
120 | *pid = newpid; | ||
121 | closedir(dir); | ||
122 | return 0; | ||
123 | } | ||
124 | } | ||
125 | } | ||
126 | fclose(fp); | ||
127 | } | ||
128 | } | ||
129 | |||
103 | continue; | 130 | continue; |
104 | } | 131 | } |
105 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') | 132 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') |
@@ -119,7 +146,6 @@ int name2pid(const char *name, pid_t *pid) { | |||
119 | return 1; | 146 | return 1; |
120 | } | 147 | } |
121 | 148 | ||
122 | #define BUFLEN 4096 | ||
123 | char *pid_proc_comm(const pid_t pid) { | 149 | char *pid_proc_comm(const pid_t pid) { |
124 | // open /proc/pid/cmdline file | 150 | // open /proc/pid/cmdline file |
125 | char *fname; | 151 | char *fname; |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index e9cb1aa49..59d4a81ae 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -233,6 +233,13 @@ cgroup /sys/fs/cgroup/g1/tasks | |||
233 | The sandbox is placed in g1 control group. | 233 | The sandbox is placed in g1 control group. |
234 | 234 | ||
235 | .SH User Environment | 235 | .SH User Environment |
236 | .TP | ||
237 | \fBname sandboxname | ||
238 | Set sandbox name. Example: | ||
239 | .br | ||
240 | |||
241 | .br | ||
242 | name browser | ||
236 | 243 | ||
237 | .TP | 244 | .TP |
238 | \fBenv name=value | 245 | \fBenv name=value |
diff --git a/test/features/2.2.exp b/test/features/2.2.exp index 7dc1e6a7d..c562328fd 100755 --- a/test/features/2.2.exp +++ b/test/features/2.2.exp | |||
@@ -27,10 +27,6 @@ expect { | |||
27 | "google.com" | 27 | "google.com" |
28 | } | 28 | } |
29 | expect { | 29 | expect { |
30 | timeout {puts "TESTING ERROR 1.2\n";exit} | ||
31 | "google.com" | ||
32 | } | ||
33 | expect { | ||
34 | timeout {puts "TESTING ERROR 1.3\n";exit} | 30 | timeout {puts "TESTING ERROR 1.3\n";exit} |
35 | "SERVER: 4.2.2.1" | 31 | "SERVER: 4.2.2.1" |
36 | } | 32 | } |
@@ -59,10 +55,6 @@ expect { | |||
59 | "google.com" | 55 | "google.com" |
60 | } | 56 | } |
61 | expect { | 57 | expect { |
62 | timeout {puts "TESTING ERROR 3.2\n";exit} | ||
63 | "google.com" | ||
64 | } | ||
65 | expect { | ||
66 | timeout {puts "TESTING ERROR 3.3\n";exit} | 58 | timeout {puts "TESTING ERROR 3.3\n";exit} |
67 | "SERVER: 4.2.2.1" | 59 | "SERVER: 4.2.2.1" |
68 | } | 60 | } |
@@ -90,10 +82,6 @@ expect { | |||
90 | "google.com" | 82 | "google.com" |
91 | } | 83 | } |
92 | expect { | 84 | expect { |
93 | timeout {puts "TESTING ERROR 5.2\n";exit} | ||
94 | "google.com" | ||
95 | } | ||
96 | expect { | ||
97 | timeout {puts "TESTING ERROR 5.3\n";exit} | 85 | timeout {puts "TESTING ERROR 5.3\n";exit} |
98 | "SERVER: 4.2.2.1" | 86 | "SERVER: 4.2.2.1" |
99 | } | 87 | } |
diff --git a/test/seccomp-bad-empty.exp b/test/seccomp-bad-empty.exp index 53b5c2e21..631d67743 100755 --- a/test/seccomp-bad-empty.exp +++ b/test/seccomp-bad-empty.exp | |||
@@ -25,14 +25,14 @@ expect { | |||
25 | send -- "firejail --profile=seccomp-bad-empty.profile\r" | 25 | send -- "firejail --profile=seccomp-bad-empty.profile\r" |
26 | expect { | 26 | expect { |
27 | timeout {puts "TESTING ERROR 6\n";exit} | 27 | timeout {puts "TESTING ERROR 6\n";exit} |
28 | "Error: line 1 in the custom profile is invalid" | 28 | "Error: line 1 in seccomp-bad-empty.profile is invalid" |
29 | } | 29 | } |
30 | 30 | ||
31 | send -- "firejail --profile=seccomp-bad-empty2.profile\r" | 31 | send -- "firejail --profile=seccomp-bad-empty2.profile\r" |
32 | expect { | 32 | expect { |
33 | timeout {puts "TESTING ERROR 7\n";exit} | 33 | timeout {puts "TESTING ERROR 7\n";exit} |
34 | "Error: line 1 in the custom profile is invalid" | 34 | "Error: line 1 in seccomp-bad-empty2.profile is invalid" |
35 | } | 35 | } |
36 | sleep 1 | 36 | sleep 1 |
37 | puts "\n" | 37 | puts "\nall done\n" |
38 | 38 | ||