diff options
-rw-r--r-- | etc/firejail.config | 3 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 9 | ||||
-rw-r--r-- | src/firejail/dbus.c | 5 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 |
4 files changed, 18 insertions, 0 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index ade3e3c84..0cd4dca3a 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -23,6 +23,9 @@ | |||
23 | # and it will harden the rest of the chroot tree. | 23 | # and it will harden the rest of the chroot tree. |
24 | # chroot-desktop yes | 24 | # chroot-desktop yes |
25 | 25 | ||
26 | # Enable or disable dbus handling by --nodbus flag, default enabled. | ||
27 | # dbus yes | ||
28 | |||
26 | # Disable /mnt, /media, /run/mount and /run/media access. By default access | 29 | # Disable /mnt, /media, /run/mount and /run/media access. By default access |
27 | # to these directories is enabled. | 30 | # to these directories is enabled. |
28 | # disable-mnt no | 31 | # disable-mnt no |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 0d77c199b..20845270e 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -85,6 +85,15 @@ int checkcfg(int val) { | |||
85 | else | 85 | else |
86 | goto errout; | 86 | goto errout; |
87 | } | 87 | } |
88 | // dbus | ||
89 | else if (strncmp(ptr, "dbus ", 5) == 0) { | ||
90 | if (strcmp(ptr + 5, "yes") == 0) | ||
91 | cfg_val[CFG_DBUS] = 1; | ||
92 | else if (strcmp(ptr + 5, "no") == 0) | ||
93 | cfg_val[CFG_DBUS] = 0; | ||
94 | else | ||
95 | goto errout; | ||
96 | } | ||
88 | // join | 97 | // join |
89 | else if (strncmp(ptr, "join ", 5) == 0) { | 98 | else if (strncmp(ptr, "join ", 5) == 0) { |
90 | if (strcmp(ptr + 5, "yes") == 0) | 99 | if (strcmp(ptr + 5, "yes") == 0) |
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c index eee3e2a35..6c122c6d0 100644 --- a/src/firejail/dbus.c +++ b/src/firejail/dbus.c | |||
@@ -20,6 +20,11 @@ | |||
20 | #include "firejail.h" | 20 | #include "firejail.h" |
21 | 21 | ||
22 | void dbus_session_disable(void) { | 22 | void dbus_session_disable(void) { |
23 | if (!checkcfg(CFG_DBUS)) { | ||
24 | fwarning("D-Bus handling is disabled in Firejail configuration file\n"); | ||
25 | return; | ||
26 | } | ||
27 | |||
23 | char *path; | 28 | char *path; |
24 | if (asprintf(&path, "/run/user/%d/bus", getuid()) == -1) | 29 | if (asprintf(&path, "/run/user/%d/bus", getuid()) == -1) |
25 | errExit("asprintf"); | 30 | errExit("asprintf"); |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 6141d6223..fdb5745cb 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -744,6 +744,7 @@ enum { | |||
744 | CFG_XPRA_ATTACH, | 744 | CFG_XPRA_ATTACH, |
745 | CFG_PRIVATE_LIB, | 745 | CFG_PRIVATE_LIB, |
746 | CFG_APPARMOR, | 746 | CFG_APPARMOR, |
747 | CFG_DBUS, | ||
747 | CFG_MAX // this should always be the last entry | 748 | CFG_MAX // this should always be the last entry |
748 | }; | 749 | }; |
749 | extern char *xephyr_screen; | 750 | extern char *xephyr_screen; |