diff options
-rw-r--r-- | src/firejail/dbus.c | 5 | ||||
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 8 |
4 files changed, 11 insertions, 6 deletions
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c index baa41e85e..b046b3279 100644 --- a/src/firejail/dbus.c +++ b/src/firejail/dbus.c | |||
@@ -19,7 +19,7 @@ | |||
19 | */ | 19 | */ |
20 | #include "firejail.h" | 20 | #include "firejail.h" |
21 | 21 | ||
22 | void dbus_session_disable(void) { | 22 | void dbus_disable(void) { |
23 | if (!checkcfg(CFG_DBUS)) { | 23 | if (!checkcfg(CFG_DBUS)) { |
24 | fwarning("D-Bus handling is disabled in Firejail configuration file\n"); | 24 | fwarning("D-Bus handling is disabled in Firejail configuration file\n"); |
25 | return; | 25 | return; |
@@ -43,6 +43,9 @@ void dbus_session_disable(void) { | |||
43 | free(path); | 43 | free(path); |
44 | free(env_var); | 44 | free(env_var); |
45 | 45 | ||
46 | // blacklist also system D-Bus socket | ||
47 | disable_file_or_dir("/run/dbus/system_bus_socket"); | ||
48 | |||
46 | // look for a possible abstract unix socket | 49 | // look for a possible abstract unix socket |
47 | 50 | ||
48 | // --net=none | 51 | // --net=none |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2e04084e3..e0f3a6a16 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -782,6 +782,6 @@ void set_x11_run_file(pid_t pid, int display); | |||
782 | void set_profile_run_file(pid_t pid, const char *fname); | 782 | void set_profile_run_file(pid_t pid, const char *fname); |
783 | 783 | ||
784 | // dbus.c | 784 | // dbus.c |
785 | void dbus_session_disable(void); | 785 | void dbus_disable(void); |
786 | 786 | ||
787 | #endif | 787 | #endif |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 101a16d00..9f0a5f25c 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -923,7 +923,7 @@ int sandbox(void* sandbox_arg) { | |||
923 | // Session D-BUS | 923 | // Session D-BUS |
924 | //**************************** | 924 | //**************************** |
925 | if (arg_nodbus) | 925 | if (arg_nodbus) |
926 | dbus_session_disable(); | 926 | dbus_disable(); |
927 | 927 | ||
928 | 928 | ||
929 | //**************************** | 929 | //**************************** |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 1b56dedcd..8f6948ef4 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1107,9 +1107,11 @@ $ nc dict.org 2628 | |||
1107 | .br | 1107 | .br |
1108 | .TP | 1108 | .TP |
1109 | \fB\-\-nodbus | 1109 | \fB\-\-nodbus |
1110 | Disable D-Bus access. Only the regular UNIX socket is handled by this command. To | 1110 | Disable D-Bus access (both system and session buses). Only the regular |
1111 | disable the abstract socket you would need to request a new network namespace using | 1111 | UNIX sockets are handled by this command. To disable the abstract |
1112 | \-\-net command. Another option is to remove unix from \-\-protocol set. | 1112 | sockets you would need to request a new network namespace using |
1113 | \-\-net command. Another option is to remove unix from \-\-protocol | ||
1114 | set. | ||
1113 | .br | 1115 | .br |
1114 | 1116 | ||
1115 | .br | 1117 | .br |