diff options
-rw-r--r-- | etc/firejail.config | 5 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 6 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/join.c | 2 |
4 files changed, 13 insertions, 1 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index 565796d5a..3bff2f7ed 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -62,6 +62,11 @@ | |||
62 | # root user can always join sandboxes. | 62 | # root user can always join sandboxes. |
63 | # join yes | 63 | # join yes |
64 | 64 | ||
65 | # Timeout when joining a sandbox, default five seconds. Wait up to | ||
66 | # the specified period of time to allow sandbox setup to finish. | ||
67 | # It is not possible to join a sandbox while it is still starting up. | ||
68 | # join-timeout 5 | ||
69 | |||
65 | # Enable or disable sandbox name change, default enabled. | 70 | # Enable or disable sandbox name change, default enabled. |
66 | # name-change yes | 71 | # name-change yes |
67 | 72 | ||
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index f94b95d60..6ea92cd9d 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -31,6 +31,7 @@ char *xpra_extra_params = ""; | |||
31 | char *xvfb_screen = "800x600x24"; | 31 | char *xvfb_screen = "800x600x24"; |
32 | char *xvfb_extra_params = ""; | 32 | char *xvfb_extra_params = ""; |
33 | char *netfilter_default = NULL; | 33 | char *netfilter_default = NULL; |
34 | unsigned join_timeout = 50; // 5 sec (unit is 0.1 sec) | ||
34 | 35 | ||
35 | int checkcfg(int val) { | 36 | int checkcfg(int val) { |
36 | assert(val < CFG_MAX); | 37 | assert(val < CFG_MAX); |
@@ -213,6 +214,11 @@ int checkcfg(int val) { | |||
213 | if (setenv("FIREJAIL_FILE_COPY_LIMIT", ptr + 16, 1) == -1) | 214 | if (setenv("FIREJAIL_FILE_COPY_LIMIT", ptr + 16, 1) == -1) |
214 | errExit("setenv"); | 215 | errExit("setenv"); |
215 | } | 216 | } |
217 | |||
218 | // timeout for join option | ||
219 | else if (strncmp(ptr, "join-timeout ", 13) == 0) | ||
220 | join_timeout = strtoul(ptr + 13, NULL, 10) * 10; | ||
221 | |||
216 | else | 222 | else |
217 | goto errout; | 223 | goto errout; |
218 | 224 | ||
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index a8c580aa1..37d8c6883 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -738,6 +738,7 @@ extern char *xpra_extra_params; | |||
738 | extern char *xvfb_screen; | 738 | extern char *xvfb_screen; |
739 | extern char *xvfb_extra_params; | 739 | extern char *xvfb_extra_params; |
740 | extern char *netfilter_default; | 740 | extern char *netfilter_default; |
741 | extern unsigned join_timeout; | ||
741 | int checkcfg(int val); | 742 | int checkcfg(int val); |
742 | void print_compiletime_support(void); | 743 | void print_compiletime_support(void); |
743 | 744 | ||
diff --git a/src/firejail/join.c b/src/firejail/join.c index 864d4069d..08120cffe 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -322,7 +322,7 @@ void check_join_permission(pid_t pid) { | |||
322 | // check if pid belongs to a fully set up firejail sandbox | 322 | // check if pid belongs to a fully set up firejail sandbox |
323 | unsigned i; | 323 | unsigned i; |
324 | for (i = 0; is_ready_for_join(pid) == 0; i++) { // give sandbox some time to start up | 324 | for (i = 0; is_ready_for_join(pid) == 0; i++) { // give sandbox some time to start up |
325 | if (i >= 50) { | 325 | if (i >= join_timeout) { |
326 | fprintf(stderr, "Error: no valid sandbox\n"); | 326 | fprintf(stderr, "Error: no valid sandbox\n"); |
327 | exit(1); | 327 | exit(1); |
328 | } | 328 | } |