aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--RELNOTES1
-rw-r--r--etc/firejail.config3
-rw-r--r--src/firejail/checkcfg.c9
-rw-r--r--src/firejail/firejail.h2
-rw-r--r--src/firejail/main.c22
-rw-r--r--src/firejail/profile.c5
6 files changed, 31 insertions, 11 deletions
diff --git a/RELNOTES b/RELNOTES
index ccdff8dc8..02bceb2be 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,5 +1,6 @@
1firejail (0.9.59) baseline; urgency=low 1firejail (0.9.59) baseline; urgency=low
2 * work in progress 2 * work in progress
3 * enable/disable cgroup in firejail.config
3 -- netblue30 <netblue30@yahoo.com> Sun, 27 Jan 2019 08:00:00 -0500 4 -- netblue30 <netblue30@yahoo.com> Sun, 27 Jan 2019 08:00:00 -0500
4 5
5firejail (0.9.58) baseline; urgency=low 6firejail (0.9.58) baseline; urgency=low
diff --git a/etc/firejail.config b/etc/firejail.config
index 00f2c1b5d..fc13451fb 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -18,6 +18,9 @@
18# Enable or disable bind support, default enabled. 18# Enable or disable bind support, default enabled.
19# bind yes 19# bind yes
20 20
21# Enable or disable cgroup support, default enabled.
22# cgroup yes
23
21# Enable or disable chroot support, default enabled. 24# Enable or disable chroot support, default enabled.
22# chroot yes 25# chroot yes
23 26
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 45e28fe40..6a9d017b7 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -130,6 +130,15 @@ int checkcfg(int val) {
130 else 130 else
131 goto errout; 131 goto errout;
132 } 132 }
133 // cgroup
134 else if (strncmp(ptr, "cgroup ", 5) == 0) {
135 if (strcmp(ptr + 5, "yes") == 0)
136 cfg_val[CFG_CGROUP] = 1;
137 else if (strcmp(ptr + 5, "no") == 0)
138 cfg_val[CFG_CGROUP] = 0;
139 else
140 goto errout;
141 }
133 // user namespace 142 // user namespace
134 else if (strncmp(ptr, "userns ", 7) == 0) { 143 else if (strncmp(ptr, "userns ", 7) == 0) {
135 if (strcmp(ptr + 7, "yes") == 0) 144 if (strcmp(ptr + 7, "yes") == 0)
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 03ad25f75..b861bf1fa 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -272,7 +272,6 @@ typedef struct config_t {
272 int nice; 272 int nice;
273 char *cgroup; 273 char *cgroup;
274 274
275
276 // command line 275 // command line
277 char *command_line; 276 char *command_line;
278 char *window_title; 277 char *window_title;
@@ -781,6 +780,7 @@ enum {
781 CFG_APPARMOR, 780 CFG_APPARMOR,
782 CFG_DBUS, 781 CFG_DBUS,
783 CFG_PRIVATE_CACHE, 782 CFG_PRIVATE_CACHE,
783 CFG_CGROUP,
784 CFG_MAX // this should always be the last entry 784 CFG_MAX // this should always be the last entry
785}; 785};
786extern char *xephyr_screen; 786extern char *xephyr_screen;
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 61f507f36..c262402fa 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1286,16 +1286,20 @@ int main(int argc, char **argv) {
1286 arg_nice = 1; 1286 arg_nice = 1;
1287 } 1287 }
1288 else if (strncmp(argv[i], "--cgroup=", 9) == 0) { 1288 else if (strncmp(argv[i], "--cgroup=", 9) == 0) {
1289 if (option_cgroup) { 1289 if (checkcfg(CFG_CGROUP)) {
1290 fprintf(stderr, "Error: only a cgroup can be defined\n"); 1290 if (option_cgroup) {
1291 exit(1); 1291 fprintf(stderr, "Error: only a cgroup can be defined\n");
1292 } 1292 exit(1);
1293 }
1293 1294
1294 option_cgroup = 1; 1295 option_cgroup = 1;
1295 cfg.cgroup = strdup(argv[i] + 9); 1296 cfg.cgroup = strdup(argv[i] + 9);
1296 if (!cfg.cgroup) 1297 if (!cfg.cgroup)
1297 errExit("strdup"); 1298 errExit("strdup");
1298 set_cgroup(cfg.cgroup); 1299 set_cgroup(cfg.cgroup);
1300 }
1301 else
1302 exit_err_feature("cgroup");
1299 } 1303 }
1300 1304
1301 //************************************* 1305 //*************************************
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 83caef199..348b4e0ca 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -878,7 +878,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
878 878
879 // cgroup 879 // cgroup
880 if (strncmp(ptr, "cgroup ", 7) == 0) { 880 if (strncmp(ptr, "cgroup ", 7) == 0) {
881 set_cgroup(ptr + 7); 881 if (checkcfg(CFG_CGROUP))
882 set_cgroup(ptr + 7);
883 else
884 warning_feature_disabled("cgroup");
882 return 0; 885 return 0;
883 } 886 }
884 887
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-17 06:40:31 +0000