diff options
| -rw-r--r-- | RELNOTES | 1 | ||||
| -rw-r--r-- | src/firejail/cpu.c | 2 | ||||
| -rw-r--r-- | src/firejail/env.c | 83 | ||||
| -rw-r--r-- | src/firejail/firejail.h | 2 | ||||
| -rw-r--r-- | src/firejail/sandbox.c | 25 |
5 files changed, 95 insertions, 18 deletions
| @@ -2,6 +2,7 @@ firejail (0.9.34-rc1) baseline; urgency=low | |||
| 2 | * added --ignore option | 2 | * added --ignore option |
| 3 | * added --protocol option | 3 | * added --protocol option |
| 4 | * support dual i386/amd64 seccomp filters | 4 | * support dual i386/amd64 seccomp filters |
| 5 | * IBus support | ||
| 5 | * added Steam, Skype, Wine and Conkeror profiles | 6 | * added Steam, Skype, Wine and Conkeror profiles |
| 6 | * bugfixes | 7 | * bugfixes |
| 7 | -- netblue30 <netblue30@yahoo.com> Thu, 29 Oct 2015 08:00:00 -0500 | 8 | -- netblue30 <netblue30@yahoo.com> Thu, 29 Oct 2015 08:00:00 -0500 |
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c index 807dc55a4..343bc8971 100644 --- a/src/firejail/cpu.c +++ b/src/firejail/cpu.c | |||
| @@ -19,6 +19,8 @@ | |||
| 19 | */ | 19 | */ |
| 20 | #include "firejail.h" | 20 | #include "firejail.h" |
| 21 | #include <sched.h> | 21 | #include <sched.h> |
| 22 | #include <unistd.h> | ||
| 23 | #include <sys/stat.h> | ||
| 22 | 24 | ||
| 23 | // converts a numeric cpu value in the corresponding bit mask | 25 | // converts a numeric cpu value in the corresponding bit mask |
| 24 | static void set_cpu(const char *str) { | 26 | static void set_cpu(const char *str) { |
diff --git a/src/firejail/env.c b/src/firejail/env.c index b4f56a9f0..2bbd2d226 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
| @@ -18,6 +18,10 @@ | |||
| 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 19 | */ | 19 | */ |
| 20 | #include "firejail.h" | 20 | #include "firejail.h" |
| 21 | #include <sys/types.h> | ||
| 22 | #include <sys/stat.h> | ||
| 23 | #include <unistd.h> | ||
| 24 | #include <dirent.h> | ||
| 21 | 25 | ||
| 22 | typedef struct env_t { | 26 | typedef struct env_t { |
| 23 | struct env_t *next; | 27 | struct env_t *next; |
| @@ -31,6 +35,85 @@ static void env_add(Env *env) { | |||
| 31 | envlist = env; | 35 | envlist = env; |
| 32 | } | 36 | } |
| 33 | 37 | ||
| 38 | // load IBUS env variables | ||
| 39 | void env_ibus_load(void) { | ||
| 40 | // check ~/.config/ibus/bus directory | ||
| 41 | char *dirname; | ||
| 42 | if (asprintf(&dirname, "%s/.config/ibus/bus", cfg.homedir) == -1) | ||
| 43 | errExit("asprintf"); | ||
| 44 | |||
| 45 | struct stat s; | ||
| 46 | if (stat(dirname, &s) == -1) | ||
| 47 | return; | ||
| 48 | |||
| 49 | // find the file | ||
| 50 | DIR *dir = opendir(dirname); | ||
| 51 | if (!dir) { | ||
| 52 | free(dirname); | ||
| 53 | return; | ||
| 54 | } | ||
| 55 | |||
| 56 | struct dirent *entry; | ||
| 57 | while ((entry = readdir(dir)) != NULL) { | ||
| 58 | // check the file name ends in "unix-0" | ||
| 59 | char *ptr = strstr(entry->d_name, "unix-0"); | ||
| 60 | if (!ptr) | ||
| 61 | continue; | ||
| 62 | if (strlen(ptr) != 6) | ||
| 63 | continue; | ||
| 64 | |||
| 65 | // open the file | ||
| 66 | char *fname; | ||
| 67 | if (asprintf(&fname, "%s/%s", dirname, entry->d_name) == -1) | ||
| 68 | errExit("asprintf"); | ||
| 69 | FILE *fp = fopen(fname, "r"); | ||
| 70 | free(fname); | ||
| 71 | if (!fp) | ||
| 72 | continue; | ||
| 73 | |||
| 74 | // read the file | ||
| 75 | const int maxline = 4096; | ||
| 76 | char buf[maxline]; | ||
| 77 | while (fgets(buf, maxline, fp)) { | ||
| 78 | if (strncmp(buf, "IBUS_", 5) != 0) | ||
| 79 | continue; | ||
| 80 | char *ptr = strchr(buf, '='); | ||
| 81 | if (!ptr) | ||
| 82 | continue; | ||
| 83 | ptr = strchr(buf, '\n'); | ||
| 84 | if (ptr) | ||
| 85 | *ptr = '\0'; | ||
| 86 | if (arg_debug) | ||
| 87 | printf("%s\n", buf); | ||
| 88 | env_store(buf); | ||
| 89 | } | ||
| 90 | |||
| 91 | fclose(fp); | ||
| 92 | } | ||
| 93 | |||
| 94 | free(dirname); | ||
| 95 | } | ||
| 96 | |||
| 97 | |||
| 98 | // default sandbox env variables | ||
| 99 | void env_defaults(void) { | ||
| 100 | // fix qt 4.8 | ||
| 101 | if (setenv("QT_X11_NO_MITSHM", "1", 1) < 0) | ||
| 102 | errExit("setenv"); | ||
| 103 | if (setenv("container", "firejail", 1) < 0) // LXC sets container=lxc, | ||
| 104 | errExit("setenv"); | ||
| 105 | if (arg_zsh && setenv("SHELL", "/usr/bin/zsh", 1) < 0) | ||
| 106 | errExit("setenv"); | ||
| 107 | if (arg_csh && setenv("SHELL", "/bin/csh", 1) < 0) | ||
| 108 | errExit("setenv"); | ||
| 109 | if (cfg.shell && setenv("SHELL", cfg.shell, 1) < 0) | ||
| 110 | errExit("setenv"); | ||
| 111 | // set prompt color to green | ||
| 112 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' | ||
| 113 | if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) | ||
| 114 | errExit("setenv"); | ||
| 115 | } | ||
| 116 | |||
| 34 | // parse and store the environment setting | 117 | // parse and store the environment setting |
| 35 | void env_store(const char *str) { | 118 | void env_store(const char *str) { |
| 36 | assert(str); | 119 | assert(str); |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 29ce77ca4..18fc4baf0 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -424,6 +424,8 @@ void run_no_sandbox(int argc, char **argv); | |||
| 424 | // env.c | 424 | // env.c |
| 425 | void env_store(const char *str); | 425 | void env_store(const char *str); |
| 426 | void env_apply(void); | 426 | void env_apply(void); |
| 427 | void env_defaults(void); | ||
| 428 | void env_ibus_load(void); | ||
| 427 | 429 | ||
| 428 | // fs_whitelist.c | 430 | // fs_whitelist.c |
| 429 | void fs_whitelist(void); | 431 | void fs_whitelist(void); |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 79ed473c0..d0aaa214e 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -159,17 +159,19 @@ int sandbox(void* sandbox_arg) { | |||
| 159 | } | 159 | } |
| 160 | 160 | ||
| 161 | //**************************** | 161 | //**************************** |
| 162 | // netfilter | 162 | // netfilter etc. |
| 163 | //**************************** | 163 | //**************************** |
| 164 | if (arg_netfilter && any_bridge_configured()) { // assuming by default the client filter | 164 | if (arg_netfilter && any_bridge_configured()) { // assuming by default the client filter |
| 165 | netfilter(arg_netfilter_file); | 165 | netfilter(arg_netfilter_file); |
| 166 | } | 166 | } |
| 167 | 167 | ||
| 168 | // load IBUS env variables | ||
| 169 | env_ibus_load(); | ||
| 170 | |||
| 171 | // grab a copy of cp command | ||
| 168 | fs_build_cp_command(); | 172 | fs_build_cp_command(); |
| 169 | 173 | ||
| 170 | //**************************** | ||
| 171 | // trace pre-install | 174 | // trace pre-install |
| 172 | //**************************** | ||
| 173 | if (arg_trace) | 175 | if (arg_trace) |
| 174 | fs_trace_preload(); | 176 | fs_trace_preload(); |
| 175 | 177 | ||
| @@ -396,21 +398,8 @@ int sandbox(void* sandbox_arg) { | |||
| 396 | } | 398 | } |
| 397 | 399 | ||
| 398 | // set environment | 400 | // set environment |
| 399 | // fix qt 4.8 | 401 | env_defaults(); |
| 400 | if (setenv("QT_X11_NO_MITSHM", "1", 1) < 0) | 402 | |
| 401 | errExit("setenv"); | ||
| 402 | if (setenv("container", "firejail", 1) < 0) // LXC sets container=lxc, | ||
| 403 | errExit("setenv"); | ||
| 404 | if (arg_zsh && setenv("SHELL", "/usr/bin/zsh", 1) < 0) | ||
| 405 | errExit("setenv"); | ||
| 406 | if (arg_csh && setenv("SHELL", "/bin/csh", 1) < 0) | ||
| 407 | errExit("setenv"); | ||
| 408 | if (cfg.shell && setenv("SHELL", cfg.shell, 1) < 0) | ||
| 409 | errExit("setenv"); | ||
| 410 | // set prompt color to green | ||
| 411 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' | ||
| 412 | if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) | ||
| 413 | errExit("setenv"); | ||
| 414 | // set user-supplied environment variables | 403 | // set user-supplied environment variables |
| 415 | env_apply(); | 404 | env_apply(); |
| 416 | 405 | ||