diff options
-rw-r--r-- | etc/firejail.config | 7 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 21 | ||||
-rw-r--r-- | src/firejail/firejail.h | 6 | ||||
-rw-r--r-- | src/firejail/x11.c | 12 |
4 files changed, 40 insertions, 6 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 8795b0aae..eaff4de8f 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -45,3 +45,10 @@ | |||
45 | # xephyr-screen 800x600 | 45 | # xephyr-screen 800x600 |
46 | # xephyr-screen 1024x768 | 46 | # xephyr-screen 1024x768 |
47 | # xephyr-screen 1280x1024 | 47 | # xephyr-screen 1280x1024 |
48 | |||
49 | # Firejail window title in Xephry, default enabled. | ||
50 | # xephyr-window-title yes | ||
51 | |||
52 | # Xephyr command extra parameters. None by default, and the declaration is commented out. | ||
53 | # xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev | ||
54 | # xephyr-extra-params -grayscale | ||
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index bf85436c3..a69c2831e 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -25,6 +25,7 @@ | |||
25 | static int initialized = 0; | 25 | static int initialized = 0; |
26 | static int cfg_val[CFG_MAX]; | 26 | static int cfg_val[CFG_MAX]; |
27 | char *xephyr_screen = "800x600"; | 27 | char *xephyr_screen = "800x600"; |
28 | char *xephyr_extra_params = ""; | ||
28 | 29 | ||
29 | int checkcfg(int val) { | 30 | int checkcfg(int val) { |
30 | EUID_ASSERT(); | 31 | EUID_ASSERT(); |
@@ -165,9 +166,27 @@ int checkcfg(int val) { | |||
165 | if (asprintf(&xephyr_screen, "%dx%d", n1, n2) == -1) | 166 | if (asprintf(&xephyr_screen, "%dx%d", n1, n2) == -1) |
166 | errExit("asprintf"); | 167 | errExit("asprintf"); |
167 | } | 168 | } |
169 | |||
170 | // xephyr window title | ||
171 | else if (strncmp(ptr, "xephyr-window-title ", 20) == 0) { | ||
172 | if (strcmp(ptr + 20, "yes") == 0) | ||
173 | cfg_val[CFG_XEPHYR_WINDOW_TITLE] = 1; | ||
174 | else if (strcmp(ptr + 20, "no") == 0) | ||
175 | cfg_val[CFG_XEPHYR_WINDOW_TITLE] = 0; | ||
176 | else | ||
177 | goto errout; | ||
178 | } | ||
179 | |||
180 | // Xephyr command extra parameters | ||
181 | else if (strncmp(ptr, "xephyr-extra-params ", 19) == 0) { | ||
182 | xephyr_extra_params = strdup(ptr + 19); | ||
183 | if (!xephyr_extra_params) | ||
184 | errExit("strdup"); | ||
185 | } | ||
186 | |||
168 | else | 187 | else |
169 | goto errout; | 188 | goto errout; |
170 | 189 | ||
171 | free(ptr); | 190 | free(ptr); |
172 | } | 191 | } |
173 | 192 | ||
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 026273aa3..6d64ce4cd 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -550,7 +550,6 @@ int x11_display(void); | |||
550 | void x11_start(int argc, char **argv); | 550 | void x11_start(int argc, char **argv); |
551 | void x11_start_xpra(int argc, char **argv); | 551 | void x11_start_xpra(int argc, char **argv); |
552 | void x11_start_xephyr(int argc, char **argv); | 552 | void x11_start_xephyr(int argc, char **argv); |
553 | extern char *xephyr_screen; | ||
554 | 553 | ||
555 | // ls.c | 554 | // ls.c |
556 | #define SANDBOX_FS_LS 0 | 555 | #define SANDBOX_FS_LS 0 |
@@ -569,7 +568,10 @@ void sandboxfs(int op, pid_t pid, const char *patqh); | |||
569 | #define CFG_RESTRICTED_NETWORK 7 | 568 | #define CFG_RESTRICTED_NETWORK 7 |
570 | #define CFG_FORCE_NONEWPRIVS 8 | 569 | #define CFG_FORCE_NONEWPRIVS 8 |
571 | #define CFG_WHITELIST 9 | 570 | #define CFG_WHITELIST 9 |
572 | #define CFG_MAX 10 // this should always be the last entry | 571 | #define CFG_XEPHYR_WINDOW_TITLE 10 |
572 | #define CFG_MAX 11 // this should always be the last entry | ||
573 | extern char *xephyr_screen; | ||
574 | extern char *xephyr_extra_params; | ||
573 | int checkcfg(int val); | 575 | int checkcfg(int val); |
574 | 576 | ||
575 | // fs_rdwr.c | 577 | // fs_rdwr.c |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 300078872..c742ff567 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -187,9 +187,15 @@ void x11_start_xephyr(int argc, char **argv) { | |||
187 | 187 | ||
188 | // start xephyr | 188 | // start xephyr |
189 | char *cmd1; | 189 | char *cmd1; |
190 | if (asprintf(&cmd1, "Xephyr -ac -br -title \"firejail x11 sandbox\" -noreset -screen %s :%d", xephyr_screen, display) == -1) | 190 | if (checkcfg(CFG_XEPHYR_WINDOW_TITLE)) { |
191 | errExit("asprintf"); | 191 | if (asprintf(&cmd1, "Xephyr -ac -br -title \"firejail x11 sandbox\" %s -noreset -screen %s :%d", xephyr_extra_params, xephyr_screen, display) == -1) |
192 | 192 | errExit("asprintf"); | |
193 | } | ||
194 | else { | ||
195 | if (asprintf(&cmd1, "Xephyr -ac -br %s -noreset -screen %s :%d", xephyr_extra_params, xephyr_screen, display) == -1) | ||
196 | errExit("asprintf"); | ||
197 | } | ||
198 | |||
193 | int len = 50; // DISPLAY... | 199 | int len = 50; // DISPLAY... |
194 | for (i = 0; i < argc; i++) { | 200 | for (i = 0; i < argc; i++) { |
195 | len += strlen(argv[i]) + 1; // + ' ' | 201 | len += strlen(argv[i]) + 1; // + ' ' |