diff options
-rw-r--r-- | src/firejail/checkcfg.c | 12 | ||||
-rw-r--r-- | src/firejail/firejail.h | 3 | ||||
-rw-r--r-- | src/firejail/main.c | 10 |
3 files changed, 21 insertions, 4 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 9ac08b1a6..f868a699a 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -58,7 +58,8 @@ int checkcfg(int val) { | |||
58 | char *ptr = line_remove_spaces(buf); | 58 | char *ptr = line_remove_spaces(buf); |
59 | if (!ptr) | 59 | if (!ptr) |
60 | continue; | 60 | continue; |
61 | 61 | ||
62 | // file transfer | ||
62 | if (strncmp(ptr, "file-transfer ", 14) == 0) { | 63 | if (strncmp(ptr, "file-transfer ", 14) == 0) { |
63 | if (strcmp(ptr + 14, "yes") == 0) | 64 | if (strcmp(ptr + 14, "yes") == 0) |
64 | cfg_val[CFG_FILE_TRANSFER] = 1; | 65 | cfg_val[CFG_FILE_TRANSFER] = 1; |
@@ -67,6 +68,15 @@ int checkcfg(int val) { | |||
67 | else | 68 | else |
68 | goto errout; | 69 | goto errout; |
69 | } | 70 | } |
71 | // x11 | ||
72 | else if (strncmp(ptr, "x11 ", 4) == 0) { | ||
73 | if (strcmp(ptr + 4, "yes") == 0) | ||
74 | cfg_val[CFG_X11] = 1; | ||
75 | else if (strcmp(ptr + 4, "no") == 0) | ||
76 | cfg_val[CFG_X11] = 0; | ||
77 | else | ||
78 | goto errout; | ||
79 | } | ||
70 | else | 80 | else |
71 | goto errout; | 81 | goto errout; |
72 | free(ptr); | 82 | free(ptr); |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index bf0937f35..d15d5a686 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -539,7 +539,8 @@ void sandboxfs(int op, pid_t pid, const char *patqh); | |||
539 | 539 | ||
540 | // checkcfg.c | 540 | // checkcfg.c |
541 | #define CFG_FILE_TRANSFER 0 | 541 | #define CFG_FILE_TRANSFER 0 |
542 | #define CFG_MAX 1 // this should always be the last entry | 542 | #define CFG_X11 1 |
543 | #define CFG_MAX 2 // this should always be the last entry | ||
543 | int checkcfg(int val); | 544 | int checkcfg(int val); |
544 | 545 | ||
545 | #endif | 546 | #endif |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 0a02d0918..64e6e2d98 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -278,8 +278,14 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
278 | } | 278 | } |
279 | #ifdef HAVE_X11 | 279 | #ifdef HAVE_X11 |
280 | else if (strcmp(argv[i], "--x11") == 0) { | 280 | else if (strcmp(argv[i], "--x11") == 0) { |
281 | x11_start(argc, argv); | 281 | if (checkcfg(CFG_X11)) { |
282 | exit(0); | 282 | x11_start(argc, argv); |
283 | exit(0); | ||
284 | } | ||
285 | else { | ||
286 | fprintf(stderr, "Error: this feature is disabled in Firejail configuration file\n"); | ||
287 | exit(1); | ||
288 | } | ||
283 | } | 289 | } |
284 | #endif | 290 | #endif |
285 | #ifdef HAVE_NETWORK | 291 | #ifdef HAVE_NETWORK |