diff options
-rw-r--r-- | .gitignore | 3 | ||||
-rw-r--r-- | README.md | 46 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 67 | ||||
-rw-r--r-- | src/firecfg/main.c | 26 | ||||
-rw-r--r-- | src/firejail/main.c | 1 | ||||
-rw-r--r-- | src/man/firecfg.txt | 2 |
6 files changed, 136 insertions, 9 deletions
diff --git a/.gitignore b/.gitignore index 408290b85..85e317827 100644 --- a/.gitignore +++ b/.gitignore | |||
@@ -8,9 +8,12 @@ config.log | |||
8 | config.status | 8 | config.status |
9 | firejail-login.5 | 9 | firejail-login.5 |
10 | firejail-profile.5 | 10 | firejail-profile.5 |
11 | firejail-config.5 | ||
11 | firejail.1 | 12 | firejail.1 |
12 | firemon.1 | 13 | firemon.1 |
14 | firecfg.1 | ||
13 | src/firejail/firejail | 15 | src/firejail/firejail |
14 | src/firemon/firemon | 16 | src/firemon/firemon |
17 | src/firecfg/firecfg | ||
15 | src/ftee/ftee | 18 | src/ftee/ftee |
16 | src/tags | 19 | src/tags |
@@ -89,6 +89,52 @@ FILE TRANSFER | |||
89 | $ firejail --get=mybrowser ~/Downloads/xpra-clipboard.png | 89 | $ firejail --get=mybrowser ~/Downloads/xpra-clipboard.png |
90 | ````` | 90 | ````` |
91 | 91 | ||
92 | ## FIrecfg | ||
93 | ````` | ||
94 | NAME | ||
95 | Firecfg - Desktop configuration program for Firejail software. | ||
96 | |||
97 | SYNOPSIS | ||
98 | firecfg [OPTIONS] | ||
99 | |||
100 | DESCRIPTION | ||
101 | Firecfg is the desktop configuration utility for Firejail software. The | ||
102 | utility creates several symbolic links to firejail executable. This | ||
103 | allows the user to sandbox applications automatically, just by clicking | ||
104 | on a regular desktop menus and icons. | ||
105 | |||
106 | The symbolic links are placed in /usr/local/bin. For more information, | ||
107 | see DESKTOP INTEGRATION section in man 1 firejail. | ||
108 | |||
109 | OPTIONS | ||
110 | --clear | ||
111 | Clear all firejail symbolic links | ||
112 | |||
113 | -?, --help | ||
114 | Print options end exit. | ||
115 | |||
116 | --list List all firejail symbolic links | ||
117 | |||
118 | --version | ||
119 | Print program version and exit. | ||
120 | |||
121 | Example: | ||
122 | |||
123 | $ sudo firecfg | ||
124 | /usr/local/bin/firefox created | ||
125 | /usr/local/bin/vlc created | ||
126 | [...] | ||
127 | $ firecfg --list | ||
128 | /usr/local/bin/firefox | ||
129 | /usr/local/bin/vlc | ||
130 | [...] | ||
131 | $ sudo firecfg --clear | ||
132 | /usr/local/bin/firefox removed | ||
133 | /usr/local/bin/vlc removed | ||
134 | [...] | ||
135 | ````` | ||
136 | |||
137 | |||
92 | ## Compile time and run time configuration support | 138 | ## Compile time and run time configuration support |
93 | 139 | ||
94 | Most Linux kernel security features require root privileges during configuration. | 140 | Most Linux kernel security features require root privileges during configuration. |
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index fb996966f..13bcc5110 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -1,7 +1,74 @@ | |||
1 | # /etc/firejail/firecfg.config - firecfg utility configuration file | 1 | # /etc/firejail/firecfg.config - firecfg utility configuration file |
2 | # This is the list of programs handled by firecfg utility | 2 | # This is the list of programs handled by firecfg utility |
3 | # | 3 | # |
4 | |||
5 | # browsers/email | ||
4 | firefox | 6 | firefox |
5 | iceweasel | 7 | iceweasel |
8 | chromium-browser | ||
9 | chromium | ||
10 | conkeror | ||
6 | thunderbird | 11 | thunderbird |
12 | epiphany | ||
13 | flashpeak-slimjet | ||
14 | google-chrome-beta | ||
15 | google-chrome-stable | ||
16 | google-chrome-unstable | ||
17 | google-chrome | ||
18 | icecat | ||
19 | icedove | ||
20 | kmail | ||
21 | midori | ||
22 | opera-beta | ||
23 | opera | ||
24 | qutebrowser | ||
25 | seamonkey | ||
26 | seamonkey-bin | ||
27 | vivaldi-beta | ||
28 | vivaldi | ||
29 | |||
30 | # bittorrent/ftp | ||
31 | deluge | ||
32 | filezilla | ||
33 | qbittorrent | ||
34 | rtorrent | ||
35 | tranmission-gtk | ||
36 | transmission-qt | ||
37 | |||
38 | # office | ||
39 | cherrytree | ||
40 | evince | ||
41 | fbreader | ||
42 | localc | ||
43 | lodraw | ||
44 | loffice | ||
45 | lofromtemplate | ||
46 | loimpress | ||
47 | lomath | ||
48 | loweb | ||
49 | lowriter | ||
50 | Mathematica | ||
51 | mathematica | ||
52 | |||
53 | # Media | ||
7 | vlc | 54 | vlc |
55 | audacious | ||
56 | clementine | ||
57 | deadbeef | ||
58 | parole | ||
59 | rhythmbox | ||
60 | totem | ||
61 | |||
62 | # chat/messaging | ||
63 | bitlbee | ||
64 | empathy | ||
65 | gnome-mplayer | ||
66 | hexchat | ||
67 | pidgin | ||
68 | qtox | ||
69 | quassel | ||
70 | xchat | ||
71 | |||
72 | # games | ||
73 | hedgewars | ||
74 | wesnot | ||
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 7465f2d3e..0c6b278b5 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -30,7 +30,7 @@ static void usage(void) { | |||
30 | printf("Firecfg is the desktop configuration utility for Firejail software. The utility\n"); | 30 | printf("Firecfg is the desktop configuration utility for Firejail software. The utility\n"); |
31 | printf("creates several symbolic links to firejail executable. This allows the user to\n"); | 31 | printf("creates several symbolic links to firejail executable. This allows the user to\n"); |
32 | printf("sandbox applications automatically, just by clicking on a regular desktop\n"); | 32 | printf("sandbox applications automatically, just by clicking on a regular desktop\n"); |
33 | printf("menues and icons.\n\n"); | 33 | printf("menus and icons.\n\n"); |
34 | printf("The symbolic links are placed in /usr/local/bin. For more information, see\n"); | 34 | printf("The symbolic links are placed in /usr/local/bin. For more information, see\n"); |
35 | printf("DESKTOP INTEGRATION section in man 1 firejail.\n\n"); | 35 | printf("DESKTOP INTEGRATION section in man 1 firejail.\n\n"); |
36 | printf("Usage: firecfg [OPTIONS]\n\n"); | 36 | printf("Usage: firecfg [OPTIONS]\n\n"); |
@@ -245,21 +245,33 @@ static void set(void) { | |||
245 | lineno++; | 245 | lineno++; |
246 | if (*buf == '#') // comments | 246 | if (*buf == '#') // comments |
247 | continue; | 247 | continue; |
248 | |||
249 | // do not accept .. and/or / in file name | ||
250 | if (strstr(buf, "..") || strchr(buf, '/')) { | ||
251 | fprintf(stderr, "Error: invalid line %d in %s\n", lineno, cfgfile); | ||
252 | exit(1); | ||
253 | } | ||
248 | 254 | ||
249 | // remove \n | 255 | // remove \n |
250 | char *ptr = strchr(buf, '\n'); | 256 | char *ptr = strchr(buf, '\n'); |
251 | if (ptr) | 257 | if (ptr) |
252 | *ptr = '\0'; | 258 | *ptr = '\0'; |
259 | |||
260 | // trim spaces | ||
261 | ptr = buf; | ||
262 | while (*ptr == ' ' || *ptr == '\t') | ||
263 | ptr++; | ||
264 | char *start = ptr; | ||
253 | 265 | ||
254 | // do not accept .. and/or / in file name | 266 | // empty line |
255 | if (strstr(buf, "..") || strchr(buf, '/')) { | 267 | if (*start == '\0') |
256 | fprintf(stderr, "Error: invalid line %d in %s\n", lineno, cfgfile); | 268 | continue; |
257 | exit(1); | ||
258 | } | ||
259 | 269 | ||
260 | set_file(buf, firejail_exec); | 270 | // set link |
271 | set_file(start, firejail_exec); | ||
261 | } | 272 | } |
262 | 273 | ||
274 | fclose(fp); | ||
263 | free(cfgfile); | 275 | free(cfgfile); |
264 | free(firejail_exec); | 276 | free(firejail_exec); |
265 | } | 277 | } |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 612d9c667..1f8907e4c 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2041,7 +2041,6 @@ int main(int argc, char **argv) { | |||
2041 | gid_t audiogid = get_audio_gid(); | 2041 | gid_t audiogid = get_audio_gid(); |
2042 | if (ttygid) { | 2042 | if (ttygid) { |
2043 | sprintf(ptr, "%d %d 1\n", audiogid, audiogid); | 2043 | sprintf(ptr, "%d %d 1\n", audiogid, audiogid); |
2044 | ptr += strlen(ptr); | ||
2045 | } | 2044 | } |
2046 | 2045 | ||
2047 | EUID_ROOT(); | 2046 | EUID_ROOT(); |
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index 7d95892a4..a97e5b76f 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt | |||
@@ -7,7 +7,7 @@ firecfg [OPTIONS] | |||
7 | Firecfg is the desktop configuration utility for Firejail software. The utility | 7 | Firecfg is the desktop configuration utility for Firejail software. The utility |
8 | creates several symbolic links to firejail executable. This allows the user to | 8 | creates several symbolic links to firejail executable. This allows the user to |
9 | sandbox applications automatically, just by clicking on a regular desktop | 9 | sandbox applications automatically, just by clicking on a regular desktop |
10 | menues and icons. | 10 | menus and icons. |
11 | 11 | ||
12 | The symbolic links are placed in /usr/local/bin. For more information, see | 12 | The symbolic links are placed in /usr/local/bin. For more information, see |
13 | DESKTOP INTEGRATION section in man 1 firejail. | 13 | DESKTOP INTEGRATION section in man 1 firejail. |