diff options
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/firejail/profile.c | 34 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 11 | ||||
-rw-r--r-- | todo | 2 |
5 files changed, 8 insertions, 43 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index e3334bd2e..23ed11626 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -266,7 +266,7 @@ int fs_check_chroot_dir(const char *rootdir); | |||
266 | // find and read the profile specified by name from dir directory | 266 | // find and read the profile specified by name from dir directory |
267 | int profile_find(const char *name, const char *dir); | 267 | int profile_find(const char *name, const char *dir); |
268 | // read a profile file | 268 | // read a profile file |
269 | void profile_read(const char *fname, const char *skip1, const char *skip2); | 269 | void profile_read(const char *fname); |
270 | // check profile line; if line == 0, this was generated from a command line option | 270 | // check profile line; if line == 0, this was generated from a command line option |
271 | // return 1 if the command is to be added to the linked list of profile commands | 271 | // return 1 if the command is to be added to the linked list of profile commands |
272 | // return 0 if the command was already executed inside the function | 272 | // return 0 if the command was already executed inside the function |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 37bf22cae..601999db5 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -720,7 +720,7 @@ int main(int argc, char **argv) { | |||
720 | return 1; | 720 | return 1; |
721 | } | 721 | } |
722 | 722 | ||
723 | profile_read(argv[i] + 10, NULL, NULL); | 723 | profile_read(argv[i] + 10); |
724 | custom_profile = 1; | 724 | custom_profile = 1; |
725 | } | 725 | } |
726 | else if (strcmp(argv[i], "--noprofile") == 0) { | 726 | else if (strcmp(argv[i], "--noprofile") == 0) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index caa43288b..5ab6bc776 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -44,7 +44,7 @@ int profile_find(const char *name, const char *dir) { | |||
44 | char *etcpname; | 44 | char *etcpname; |
45 | if (asprintf(&etcpname, "%s/%s", dir, pname) == -1) | 45 | if (asprintf(&etcpname, "%s/%s", dir, pname) == -1) |
46 | errExit("asprintf"); | 46 | errExit("asprintf"); |
47 | profile_read(etcpname, NULL, NULL); | 47 | profile_read(etcpname); |
48 | free(etcpname); | 48 | free(etcpname); |
49 | rv = 1; | 49 | rv = 1; |
50 | break; | 50 | break; |
@@ -414,8 +414,7 @@ void profile_add(char *str) { | |||
414 | 414 | ||
415 | // read a profile file | 415 | // read a profile file |
416 | static int include_level = 0; | 416 | static int include_level = 0; |
417 | // skip1, skip2 - if the string is found in the line, the line is not interpreted | 417 | void profile_read(const char *fname) { |
418 | void profile_read(const char *fname, const char *skip1, const char *skip2) { | ||
419 | // exit program if maximum include level was reached | 418 | // exit program if maximum include level was reached |
420 | if (include_level > MAX_INCLUDE_LEVEL) { | 419 | if (include_level > MAX_INCLUDE_LEVEL) { |
421 | fprintf(stderr, "Error: maximum profile include level was reached\n"); | 420 | fprintf(stderr, "Error: maximum profile include level was reached\n"); |
@@ -459,25 +458,12 @@ void profile_read(const char *fname, const char *skip1, const char *skip2) { | |||
459 | 458 | ||
460 | // extract profile filename and new skip params | 459 | // extract profile filename and new skip params |
461 | char *newprofile = ptr + 8; // profile name | 460 | char *newprofile = ptr + 8; // profile name |
462 | char *newskip1 = NULL; // new skip1 | ||
463 | char *newskip2 = NULL; // new skip2 | ||
464 | char *p = newprofile; | ||
465 | while (*p != '\0') { | ||
466 | if (*p == ' ') { | ||
467 | *p = '\0'; | ||
468 | if (newskip1 == NULL) | ||
469 | newskip1 = p + 1; | ||
470 | else if (newskip2 == NULL) | ||
471 | newskip2 = p + 1; | ||
472 | } | ||
473 | p++; | ||
474 | } | ||
475 | 461 | ||
476 | // expand ${HOME}/ in front of the new profile file | 462 | // expand ${HOME}/ in front of the new profile file |
477 | char *newprofile2 = expand_home(newprofile, cfg.homedir); | 463 | char *newprofile2 = expand_home(newprofile, cfg.homedir); |
478 | 464 | ||
479 | // recursivity | 465 | // recursivity |
480 | profile_read((newprofile2)? newprofile2:newprofile, newskip1, newskip2); | 466 | profile_read((newprofile2)? newprofile2:newprofile); |
481 | include_level--; | 467 | include_level--; |
482 | if (newprofile2) | 468 | if (newprofile2) |
483 | free(newprofile2); | 469 | free(newprofile2); |
@@ -485,20 +471,6 @@ void profile_read(const char *fname, const char *skip1, const char *skip2) { | |||
485 | continue; | 471 | continue; |
486 | } | 472 | } |
487 | 473 | ||
488 | // skip | ||
489 | if (skip1) { | ||
490 | if (strstr(ptr, skip1)) { | ||
491 | free(ptr); | ||
492 | continue; | ||
493 | } | ||
494 | } | ||
495 | if (skip2) { | ||
496 | if (strstr(ptr, skip2)) { | ||
497 | free(ptr); | ||
498 | continue; | ||
499 | } | ||
500 | } | ||
501 | |||
502 | // verify syntax, exit in case of error | 474 | // verify syntax, exit in case of error |
503 | if (profile_check_line(ptr, lineno)) | 475 | if (profile_check_line(ptr, lineno)) |
504 | profile_add(ptr); | 476 | profile_add(ptr); |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 02a54e685..3377b2eb7 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -70,21 +70,16 @@ Scripting commands: | |||
70 | # this is a comment | 70 | # this is a comment |
71 | 71 | ||
72 | .TP | 72 | .TP |
73 | \f\include other.profile exclude-token | 73 | \f\include other.profile |
74 | Include other.profile file. exclude-token disables blacklist commands in other.profile | 74 | Include other.profile file. |
75 | if exclude-token word is found in the name section of blacklist command. | ||
76 | exclude-token is optional. | ||
77 | 75 | ||
78 | Example: "include /etc/firejail/disable-common.inc .filezilla" | 76 | Example: "include /etc/firejail/disable-common.inc" |
79 | loads disable-common.inc file disables "blacklist ${HOME}/.filezilla" command in this file. | ||
80 | 77 | ||
81 | other.profile file name can be prefixed with ${HOME}. This will force Firejail to look for the | 78 | other.profile file name can be prefixed with ${HOME}. This will force Firejail to look for the |
82 | file in user home directory. | 79 | file in user home directory. |
83 | 80 | ||
84 | Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. | 81 | Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. |
85 | 82 | ||
86 | Note: exclude-token is deprecated, use noblacklist command instead. | ||
87 | |||
88 | .TP | 83 | .TP |
89 | \f\noblacklist file_name | 84 | \f\noblacklist file_name |
90 | If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow. | 85 | If the file name matches file_name, the file will not be blacklisted in any blacklist commands that follow. |
@@ -27,8 +27,6 @@ Warning: failed to unmount /sys | |||
27 | Child process initialized | 27 | Child process initialized |
28 | $ | 28 | $ |
29 | 29 | ||
30 | 4. Remove exclude-token from profile include in 0.9.34 (deprecated in 0.9.30) | ||
31 | |||
32 | 5. Add IRC clients: KVIrc (KDE), BitchX (CLI), Smuxi, Konversation (KDE), HexChat, Irssi (CLI), WeeChat (CLI) | 30 | 5. Add IRC clients: KVIrc (KDE), BitchX (CLI), Smuxi, Konversation (KDE), HexChat, Irssi (CLI), WeeChat (CLI) |
33 | RSS: Liferea, akregator (KDE), newsbeuter (CLI), rawdog, | 31 | RSS: Liferea, akregator (KDE), newsbeuter (CLI), rawdog, |
34 | 32 | ||