diff options
| -rw-r--r-- | etc/firejail.config | 3 | ||||
| -rw-r--r-- | src/firejail/checkcfg.c | 9 | ||||
| -rw-r--r-- | src/firejail/dbus.c | 5 | ||||
| -rw-r--r-- | src/firejail/firejail.h | 1 |
4 files changed, 18 insertions, 0 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index ade3e3c84..0cd4dca3a 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
| @@ -23,6 +23,9 @@ | |||
| 23 | # and it will harden the rest of the chroot tree. | 23 | # and it will harden the rest of the chroot tree. |
| 24 | # chroot-desktop yes | 24 | # chroot-desktop yes |
| 25 | 25 | ||
| 26 | # Enable or disable dbus handling by --nodbus flag, default enabled. | ||
| 27 | # dbus yes | ||
| 28 | |||
| 26 | # Disable /mnt, /media, /run/mount and /run/media access. By default access | 29 | # Disable /mnt, /media, /run/mount and /run/media access. By default access |
| 27 | # to these directories is enabled. | 30 | # to these directories is enabled. |
| 28 | # disable-mnt no | 31 | # disable-mnt no |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 0d77c199b..20845270e 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
| @@ -85,6 +85,15 @@ int checkcfg(int val) { | |||
| 85 | else | 85 | else |
| 86 | goto errout; | 86 | goto errout; |
| 87 | } | 87 | } |
| 88 | // dbus | ||
| 89 | else if (strncmp(ptr, "dbus ", 5) == 0) { | ||
| 90 | if (strcmp(ptr + 5, "yes") == 0) | ||
| 91 | cfg_val[CFG_DBUS] = 1; | ||
| 92 | else if (strcmp(ptr + 5, "no") == 0) | ||
| 93 | cfg_val[CFG_DBUS] = 0; | ||
| 94 | else | ||
| 95 | goto errout; | ||
| 96 | } | ||
| 88 | // join | 97 | // join |
| 89 | else if (strncmp(ptr, "join ", 5) == 0) { | 98 | else if (strncmp(ptr, "join ", 5) == 0) { |
| 90 | if (strcmp(ptr + 5, "yes") == 0) | 99 | if (strcmp(ptr + 5, "yes") == 0) |
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c index eee3e2a35..6c122c6d0 100644 --- a/src/firejail/dbus.c +++ b/src/firejail/dbus.c | |||
| @@ -20,6 +20,11 @@ | |||
| 20 | #include "firejail.h" | 20 | #include "firejail.h" |
| 21 | 21 | ||
| 22 | void dbus_session_disable(void) { | 22 | void dbus_session_disable(void) { |
| 23 | if (!checkcfg(CFG_DBUS)) { | ||
| 24 | fwarning("D-Bus handling is disabled in Firejail configuration file\n"); | ||
| 25 | return; | ||
| 26 | } | ||
| 27 | |||
| 23 | char *path; | 28 | char *path; |
| 24 | if (asprintf(&path, "/run/user/%d/bus", getuid()) == -1) | 29 | if (asprintf(&path, "/run/user/%d/bus", getuid()) == -1) |
| 25 | errExit("asprintf"); | 30 | errExit("asprintf"); |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 6141d6223..fdb5745cb 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -744,6 +744,7 @@ enum { | |||
| 744 | CFG_XPRA_ATTACH, | 744 | CFG_XPRA_ATTACH, |
| 745 | CFG_PRIVATE_LIB, | 745 | CFG_PRIVATE_LIB, |
| 746 | CFG_APPARMOR, | 746 | CFG_APPARMOR, |
| 747 | CFG_DBUS, | ||
| 747 | CFG_MAX // this should always be the last entry | 748 | CFG_MAX // this should always be the last entry |
| 748 | }; | 749 | }; |
| 749 | extern char *xephyr_screen; | 750 | extern char *xephyr_screen; |