diff options
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 12 | ||||
-rw-r--r-- | src/firejail/profile.c | 3 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 37 | ||||
-rw-r--r-- | src/firejail/usage.c | 1 | ||||
-rw-r--r-- | src/man/firejail.txt | 3 |
6 files changed, 34 insertions, 23 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 4b2ecf0d9..8260886a4 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -176,6 +176,7 @@ extern int arg_private_bin; // private bin directory | |||
176 | extern int arg_scan; // arp-scan all interfaces | 176 | extern int arg_scan; // arp-scan all interfaces |
177 | extern int arg_whitelist; // whitelist commad | 177 | extern int arg_whitelist; // whitelist commad |
178 | extern int arg_nosound; // disable sound | 178 | extern int arg_nosound; // disable sound |
179 | extern int arg_quiet; // no output for scripting | ||
179 | 180 | ||
180 | extern int parent_to_child_fds[2]; | 181 | extern int parent_to_child_fds[2]; |
181 | extern int child_to_parent_fds[2]; | 182 | extern int child_to_parent_fds[2]; |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 14ba21db5..3d3d43878 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -86,6 +86,7 @@ int arg_private_bin = 0; // private bin directory | |||
86 | int arg_scan = 0; // arp-scan all interfaces | 86 | int arg_scan = 0; // arp-scan all interfaces |
87 | int arg_whitelist = 0; // whitelist commad | 87 | int arg_whitelist = 0; // whitelist commad |
88 | int arg_nosound = 0; // disable sound | 88 | int arg_nosound = 0; // disable sound |
89 | int arg_quiet = 0; // no output for scripting | ||
89 | 90 | ||
90 | int parent_to_child_fds[2]; | 91 | int parent_to_child_fds[2]; |
91 | int child_to_parent_fds[2]; | 92 | int child_to_parent_fds[2]; |
@@ -97,7 +98,7 @@ pid_t sandbox_pid; | |||
97 | 98 | ||
98 | static void myexit(int rv) { | 99 | static void myexit(int rv) { |
99 | logmsg("exiting..."); | 100 | logmsg("exiting..."); |
100 | if (!arg_command) | 101 | if (!arg_command && !arg_quiet) |
101 | printf("\nparent is shutting down, bye...\n"); | 102 | printf("\nparent is shutting down, bye...\n"); |
102 | 103 | ||
103 | // delete sandbox files in shared memory | 104 | // delete sandbox files in shared memory |
@@ -108,7 +109,8 @@ static void myexit(int rv) { | |||
108 | } | 109 | } |
109 | 110 | ||
110 | static void my_handler(int s){ | 111 | static void my_handler(int s){ |
111 | printf("\nSignal %d caught, shutting down the child process\n", s); | 112 | if (!arg_quiet) |
113 | printf("\nSignal %d caught, shutting down the child process\n", s); | ||
112 | logsignal(s); | 114 | logsignal(s); |
113 | kill(child, SIGKILL); | 115 | kill(child, SIGKILL); |
114 | myexit(1); | 116 | myexit(1); |
@@ -444,6 +446,8 @@ int main(int argc, char **argv) { | |||
444 | 446 | ||
445 | if (strcmp(argv[i], "--debug") == 0) | 447 | if (strcmp(argv[i], "--debug") == 0) |
446 | arg_debug = 1; | 448 | arg_debug = 1; |
449 | else if (strcmp(argv[i], "--quiet") == 0) | ||
450 | arg_quiet = 1; | ||
447 | 451 | ||
448 | //************************************* | 452 | //************************************* |
449 | // filtering | 453 | // filtering |
@@ -1198,7 +1202,7 @@ int main(int argc, char **argv) { | |||
1198 | custom_profile = profile_find(profile_name, "/etc/firejail"); | 1202 | custom_profile = profile_find(profile_name, "/etc/firejail"); |
1199 | } | 1203 | } |
1200 | 1204 | ||
1201 | if (custom_profile) | 1205 | if (custom_profile && !arg_quiet) |
1202 | printf("\n** Note: you can use --noprofile to disable %s.profile **\n\n", profile_name); | 1206 | printf("\n** Note: you can use --noprofile to disable %s.profile **\n\n", profile_name); |
1203 | } | 1207 | } |
1204 | } | 1208 | } |
@@ -1248,7 +1252,7 @@ int main(int argc, char **argv) { | |||
1248 | if (child == -1) | 1252 | if (child == -1) |
1249 | errExit("clone"); | 1253 | errExit("clone"); |
1250 | 1254 | ||
1251 | if (!arg_command) { | 1255 | if (!arg_command && !arg_quiet) { |
1252 | printf("Parent pid %u, child pid %u\n", sandbox_pid, child); | 1256 | printf("Parent pid %u, child pid %u\n", sandbox_pid, child); |
1253 | // print the path of the new log directory | 1257 | // print the path of the new log directory |
1254 | if (getuid() == 0) // only for root | 1258 | if (getuid() == 0) // only for root |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 5b18cc179..2e3790b3c 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -413,7 +413,8 @@ void profile_read(const char *fname, const char *skip1, const char *skip2) { | |||
413 | exit(1); | 413 | exit(1); |
414 | } | 414 | } |
415 | 415 | ||
416 | fprintf(stderr, "Reading profile %s\n", fname); | 416 | if (!arg_quiet) |
417 | fprintf(stderr, "Reading profile %s\n", fname); | ||
417 | 418 | ||
418 | // read the file line by line | 419 | // read the file line by line |
419 | char buf[MAX_READ + 1]; | 420 | char buf[MAX_READ + 1]; |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 50fe50380..6eab5fc4e 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -205,7 +205,8 @@ int sandbox(void* sandbox_arg) { | |||
205 | // drop all supplementary groups; /etc/group file inside chroot | 205 | // drop all supplementary groups; /etc/group file inside chroot |
206 | // is controlled by a regular usr | 206 | // is controlled by a regular usr |
207 | arg_nogroups = 1; | 207 | arg_nogroups = 1; |
208 | printf("Dropping all Linux capabilities and enforcing default seccomp filter\n"); | 208 | if (!arg_quiet) |
209 | printf("Dropping all Linux capabilities and enforcing default seccomp filter\n"); | ||
209 | } | 210 | } |
210 | 211 | ||
211 | //**************************** | 212 | //**************************** |
@@ -348,22 +349,22 @@ int sandbox(void* sandbox_arg) { | |||
348 | fs_resolvconf(); | 349 | fs_resolvconf(); |
349 | 350 | ||
350 | // print network configuration | 351 | // print network configuration |
351 | if (any_bridge_configured() || any_interface_configured() || cfg.defaultgw || cfg.dns1) { | 352 | if (!arg_quiet) { |
352 | printf("\n"); | 353 | if (any_bridge_configured() || any_interface_configured() || cfg.defaultgw || cfg.dns1) { |
353 | if (any_bridge_configured() || any_interface_configured()) | 354 | printf("\n"); |
354 | net_ifprint(); | 355 | if (any_bridge_configured() || any_interface_configured()) |
355 | if (cfg.defaultgw != 0) | 356 | net_ifprint(); |
356 | printf("Default gateway %d.%d.%d.%d\n", PRINT_IP(cfg.defaultgw)); | 357 | if (cfg.defaultgw != 0) |
357 | if (cfg.dns1 != 0) | 358 | printf("Default gateway %d.%d.%d.%d\n", PRINT_IP(cfg.defaultgw)); |
358 | printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns1)); | 359 | if (cfg.dns1 != 0) |
359 | if (cfg.dns2 != 0) | 360 | printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns1)); |
360 | printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns2)); | 361 | if (cfg.dns2 != 0) |
361 | if (cfg.dns3 != 0) | 362 | printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns2)); |
362 | printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns3)); | 363 | if (cfg.dns3 != 0) |
363 | printf("\n"); | 364 | printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns3)); |
365 | printf("\n"); | ||
366 | } | ||
364 | } | 367 | } |
365 | |||
366 | |||
367 | 368 | ||
368 | //**************************** | 369 | //**************************** |
369 | // start executable | 370 | // start executable |
@@ -483,7 +484,7 @@ int sandbox(void* sandbox_arg) { | |||
483 | } | 484 | } |
484 | } | 485 | } |
485 | 486 | ||
486 | if (!arg_command) | 487 | if (!arg_command && !arg_quiet) |
487 | printf("Child process initialized\n"); | 488 | printf("Child process initialized\n"); |
488 | execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]); | 489 | execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]); |
489 | } | 490 | } |
@@ -532,7 +533,7 @@ int sandbox(void* sandbox_arg) { | |||
532 | } | 533 | } |
533 | } | 534 | } |
534 | 535 | ||
535 | if (!arg_command) | 536 | if (!arg_command && !arg_quiet) |
536 | printf("Child process initialized\n"); | 537 | printf("Child process initialized\n"); |
537 | execvp(sh, arg); | 538 | execvp(sh, arg); |
538 | } | 539 | } |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 24969823f..096d44765 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -191,6 +191,7 @@ void usage(void) { | |||
191 | printf("\t\tAll modifications are discarded when the sandbox is closed.\n\n"); | 191 | printf("\t\tAll modifications are discarded when the sandbox is closed.\n\n"); |
192 | 192 | ||
193 | printf("\t--profile=filename - use a custom profile.\n\n"); | 193 | printf("\t--profile=filename - use a custom profile.\n\n"); |
194 | printf("\t--quiet - turn off Firejail's output.\n\n"); | ||
194 | printf("\t--read-only=dirname_or_filename - set directory or file read-only.\n\n"); | 195 | printf("\t--read-only=dirname_or_filename - set directory or file read-only.\n\n"); |
195 | printf("\t--rlimit-fsize=number - set the maximum file size that can be created\n"); | 196 | printf("\t--rlimit-fsize=number - set the maximum file size that can be created\n"); |
196 | printf("\t\tby a process.\n\n"); | 197 | printf("\t\tby a process.\n\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index cacd6abca..9d3595d16 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -823,6 +823,9 @@ Example: | |||
823 | .br | 823 | .br |
824 | $ firejail \-\-profile=myprofile | 824 | $ firejail \-\-profile=myprofile |
825 | .TP | 825 | .TP |
826 | \fB\-\-quiet | ||
827 | Turn off Firejail's output. | ||
828 | .TP | ||
826 | \fB\-\-read-only=dirname_or_filename | 829 | \fB\-\-read-only=dirname_or_filename |
827 | Set directory or file read-only. | 830 | Set directory or file read-only. |
828 | .br | 831 | .br |