6 files changed, 37 insertions, 89 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 640605a6c..1554209b9 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -157,6 +157,7 @@ int arg_dbus_log_user = 0;
 int arg_dbus_log_system = 0;
 int arg_tab = 0;
 int login_shell = 0;
+int just_run_the_shell = 0;
 int parent_to_child_fds[2];
 int child_to_parent_fds[2];
@@ -795,15 +796,10 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                if (checkcfg(CFG_JOIN) || getuid() == 0) {
                        logargs(argc, argv);
-                        if (arg_shell_none) {
+                        if (argc <= (i+1))
-                                if (argc <= (i+1)) {
+                                just_run_the_shell = 1;
-                                        fprintf(stderr, "Error: --shell=none set, but no command specified\n");
+                        cfg.original_program_index = i + 1;
-                                        exit(1);
+                        if (!cfg.shell)
-                                }
-                                cfg.original_program_index = i + 1;
-                        }
-                        if (!cfg.shell && !arg_shell_none)
                                cfg.shell = cfg.usershell;
                        // join sandbox by pid or by name
@@ -821,19 +817,17 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                if (checkcfg(CFG_JOIN) || getuid() == 0) {
                        logargs(argc, argv);
-                        if (arg_shell_none) {
+                        if (argc <= (i+1))
-                                if (argc <= (i+1)) {
+                                just_run_the_shell = 1;
-                                        fprintf(stderr, "Error: --shell=none set, but no command specified\n");
+                        cfg.original_program_index = i + 1;
-                                        exit(1);
-                                }
+                        if (!cfg.shell)
-                                cfg.original_program_index = i + 1;
+                                cfg.shell = cfg.usershell;
-                        }
+printf("***** %d\n", just_run_the_shell);
                        // try to join by name only
                        pid_t pid;
                        if (!read_pid(argv[i] + 16, &pid)) {
-                                if (!cfg.shell && !arg_shell_none)
-                                        cfg.shell = cfg.usershell;
                                join(pid, argc, argv, i + 1);
                                exit(0);
@@ -853,7 +847,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                                exit(1);
                        }
-                        if (!cfg.shell && !arg_shell_none)
+                        if (!cfg.shell)
                                cfg.shell = cfg.usershell;
                        // join sandbox by pid or by name
@@ -873,7 +867,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                        exit(1);
                }
-                if (!cfg.shell && !arg_shell_none)
+                if (!cfg.shell)
                        cfg.shell = cfg.usershell;
                // join sandbox by pid or by name
@@ -2822,8 +2816,9 @@ int main(int argc, char **argv, char **envp) {
        // prog_index could still be -1 if no program was specified
        if (prog_index == -1 && arg_shell_none) {
-                fprintf(stderr, "Error: shell=none configured, but no program specified\n");
+                just_run_the_shell = 1;
-                exit(1);
+                if (!cfg.shell)
+                        cfg.shell = cfg.usershell;
        }
        // check trace configuration
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 4ad9eb678..7f74635ec 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -51,6 +51,7 @@
 #endif
 static int force_nonewprivs = 0;
+extern int just_run_the_shell;
 static int monitored_pid = 0;
 static void sandbox_handler(int sig){
@@ -506,10 +507,28 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
                printf("LD_PRELOAD=%s\n", getenv("LD_PRELOAD"));
        }
+        if (just_run_the_shell) {
+                char *arg[2];
+                arg[0] = cfg.usershell;
+                arg[1] = NULL;
+                if (!arg_command && !arg_quiet)
+                        print_time();
+                __gcov_dump();
+                seccomp_install_filters();
+                if (set_sandbox_status)
+                        *set_sandbox_status = SANDBOX_DONE;
+                execvp(arg[0], arg);
+        }
        //****************************************
        // start the program without using a shell
        //****************************************
-        if (arg_shell_none) {
+        else if (arg_shell_none) {
                if (arg_debug) {
                        int i;
                        for (i = cfg.original_program_index; i < cfg.original_argc; i++) {
diff --git a/test/environment/environment.sh b/test/environment/environment.sh
index 2b77973ac..9e58fdf95 100755
--- a/test/environment/environment.sh
+++ b/test/environment/environment.sh
@@ -36,9 +36,6 @@ echo "TESTING: extract command (extract_command.exp)"
 echo "TESTING: environment variables (test/environment/env.exp)"
 ./env.exp
-echo "TESTING: shell none(test/environment/shell-none.exp)"
-./shell-none.exp
 which dash 2>/dev/null
 if [ "$?" -eq 0 ];
 then
diff --git a/test/environment/shell-none.exp b/test/environment/shell-none.exp
deleted file mode 100755
index 512e2efc2..000000000
--- a/test/environment/shell-none.exp
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/bin/expect -f
-# This file is part of Firejail project
-# Copyright (C) 2014-2022 Firejail Authors
-# License GPL v2
-set timeout 10
-spawn $env(SHELL)
-match_max 100000
-send -- "firejail  --shell=none\r"
-expect {
-        timeout {puts "TESTING ERROR 0\n";exit}
-        "shell=none configured, but no program specified"
-}
-sleep 1
-send -- "firejail  --profile=shell-none.profile\r"
-expect {
-        timeout {puts "TESTING ERROR 1\n";exit}
-        "shell=none configured, but no program specified"
-}
-after 100
-send -- "firejail  --shell=none ls\r"
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-expect {
-        timeout {puts "TESTING ERROR 3\n";exit}
-        "environment.sh"
-}
-after 100
-send -- "firejail  --profile=shell-none.profile ls\r"
-expect {
-        timeout {puts "TESTING ERROR 4\n";exit}
-        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
-}
-expect {
-        timeout {puts "TESTING ERROR 5\n";exit}
-        "environment.sh"
-}
-after 100
-puts "\nall done\n"
diff --git a/test/fs/invalid_filename.exp b/test/fs/invalid_filename.exp
index 0c37b780d..3d4904d8f 100755
--- a/test/fs/invalid_filename.exp
+++ b/test/fs/invalid_filename.exp
@@ -102,18 +102,6 @@ expect {
 }
 after 100
-send -- "firejail --shell=\"bla&&bla\"\r"
-expect {
-        timeout {puts "TESTING ERROR 12.2\n";exit}
-        "Error:"
-}
-expect {
-        timeout {puts "TESTING ERROR 12.3\n";exit}
-        "is an invalid filename"
-}
-after 100
 send -- "firejail --whitelist=\"bla&&bla\"\r"
 expect {
        timeout {puts "TESTING ERROR 14.2\n";exit}
diff --git a/test/profiles/profile_appname.exp b/test/profiles/profile_appname.exp
index fce278b4c..c178e8e00 100755
--- a/test/profiles/profile_appname.exp
+++ b/test/profiles/profile_appname.exp
@@ -16,10 +16,6 @@ expect {
        timeout {puts "TESTING ERROR 1\n";exit}
        "Reading profile /etc/firejail/firefox-common.profile"
 }
-expect {
-        timeout {puts "TESTING ERROR 2\n";exit}
-        "shell=none configured, but no program specified"
-}
 after 100
 puts "\nall done\n"

diff --git a/src/firejail/main.c b/src/firejail/main.c index 640605a6c..1554209b9 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -157,6 +157,7 @@ int arg_dbus_log_user = 0;
157	int arg_dbus_log_system = 0;	157	int arg_dbus_log_system = 0;
158	int arg_tab = 0;	158	int arg_tab = 0;
159	int login_shell = 0;	159	int login_shell = 0;
		160	int just_run_the_shell = 0;
160		161
161	int parent_to_child_fds[2];	162	int parent_to_child_fds[2];
162	int child_to_parent_fds[2];	163	int child_to_parent_fds[2];
@@ -795,15 +796,10 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
795	if (checkcfg(CFG_JOIN) \|\| getuid() == 0) {	796	if (checkcfg(CFG_JOIN) \|\| getuid() == 0) {
796	logargs(argc, argv);	797	logargs(argc, argv);
797		798
798	if (arg_shell_none) {	799	if (argc <= (i+1))
799	if (argc <= (i+1)) {	800	just_run_the_shell = 1;
800	fprintf(stderr, "Error: --shell=none set, but no command specified\n");	801	cfg.original_program_index = i + 1;
801	exit(1);	802	if (!cfg.shell)
802	}
803	cfg.original_program_index = i + 1;
804	}
805
806	if (!cfg.shell && !arg_shell_none)
807	cfg.shell = cfg.usershell;	803	cfg.shell = cfg.usershell;
808		804
809	// join sandbox by pid or by name	805	// join sandbox by pid or by name
@@ -821,19 +817,17 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
821	if (checkcfg(CFG_JOIN) \|\| getuid() == 0) {	817	if (checkcfg(CFG_JOIN) \|\| getuid() == 0) {
822	logargs(argc, argv);	818	logargs(argc, argv);
823		819
824	if (arg_shell_none) {	820	if (argc <= (i+1))
825	if (argc <= (i+1)) {	821	just_run_the_shell = 1;
826	fprintf(stderr, "Error: --shell=none set, but no command specified\n");	822	cfg.original_program_index = i + 1;
827	exit(1);	823
828	}	824	if (!cfg.shell)
829	cfg.original_program_index = i + 1;	825	cfg.shell = cfg.usershell;
830	}
831		826
		827	printf("***** %d\n", just_run_the_shell);
832	// try to join by name only	828	// try to join by name only
833	pid_t pid;	829	pid_t pid;
834	if (!read_pid(argv[i] + 16, &pid)) {	830	if (!read_pid(argv[i] + 16, &pid)) {
835	if (!cfg.shell && !arg_shell_none)
836	cfg.shell = cfg.usershell;
837		831
838	join(pid, argc, argv, i + 1);	832	join(pid, argc, argv, i + 1);
839	exit(0);	833	exit(0);
@@ -853,7 +847,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
853	exit(1);	847	exit(1);
854	}	848	}
855		849
856	if (!cfg.shell && !arg_shell_none)	850	if (!cfg.shell)
857	cfg.shell = cfg.usershell;	851	cfg.shell = cfg.usershell;
858		852
859	// join sandbox by pid or by name	853	// join sandbox by pid or by name
@@ -873,7 +867,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
873	exit(1);	867	exit(1);
874	}	868	}
875		869
876	if (!cfg.shell && !arg_shell_none)	870	if (!cfg.shell)
877	cfg.shell = cfg.usershell;	871	cfg.shell = cfg.usershell;
878		872
879	// join sandbox by pid or by name	873	// join sandbox by pid or by name
@@ -2822,8 +2816,9 @@ int main(int argc, char argv, char envp) {
2822		2816
2823	// prog_index could still be -1 if no program was specified	2817	// prog_index could still be -1 if no program was specified
2824	if (prog_index == -1 && arg_shell_none) {	2818	if (prog_index == -1 && arg_shell_none) {
2825	fprintf(stderr, "Error: shell=none configured, but no program specified\n");	2819	just_run_the_shell = 1;
2826	exit(1);	2820	if (!cfg.shell)
		2821	cfg.shell = cfg.usershell;
2827	}	2822	}
2828		2823
2829	// check trace configuration	2824	// check trace configuration


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 4ad9eb678..7f74635ec 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -51,6 +51,7 @@
51	#endif	51	#endif
52		52
53	static int force_nonewprivs = 0;	53	static int force_nonewprivs = 0;
		54	extern int just_run_the_shell;
54		55
55	static int monitored_pid = 0;	56	static int monitored_pid = 0;
56	static void sandbox_handler(int sig){	57	static void sandbox_handler(int sig){
@@ -506,10 +507,28 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
506	printf("LD_PRELOAD=%s\n", getenv("LD_PRELOAD"));	507	printf("LD_PRELOAD=%s\n", getenv("LD_PRELOAD"));
507	}	508	}
508		509
		510	if (just_run_the_shell) {
		511	char *arg[2];
		512	arg[0] = cfg.usershell;
		513	arg[1] = NULL;
		514
		515	if (!arg_command && !arg_quiet)
		516	print_time();
		517
		518	__gcov_dump();
		519
		520	seccomp_install_filters();
		521
		522	if (set_sandbox_status)
		523	*set_sandbox_status = SANDBOX_DONE;
		524	execvp(arg[0], arg);
		525
		526
		527	}
509	//****************************************	528	//****************************************
510	// start the program without using a shell	529	// start the program without using a shell
511	//****************************************	530	//****************************************
512	if (arg_shell_none) {	531	else if (arg_shell_none) {
513	if (arg_debug) {	532	if (arg_debug) {
514	int i;	533	int i;
515	for (i = cfg.original_program_index; i < cfg.original_argc; i++) {	534	for (i = cfg.original_program_index; i < cfg.original_argc; i++) {


diff --git a/test/environment/environment.sh b/test/environment/environment.sh index 2b77973ac..9e58fdf95 100755 --- a/test/environment/environment.sh +++ b/test/environment/environment.sh
@@ -36,9 +36,6 @@ echo "TESTING: extract command (extract_command.exp)"
36	echo "TESTING: environment variables (test/environment/env.exp)"	36	echo "TESTING: environment variables (test/environment/env.exp)"
37	./env.exp	37	./env.exp
38		38
39	echo "TESTING: shell none(test/environment/shell-none.exp)"
40	./shell-none.exp
41
42	which dash 2>/dev/null	39	which dash 2>/dev/null
43	if [ "$?" -eq 0 ];	40	if [ "$?" -eq 0 ];
44	then	41	then


diff --git a/test/environment/shell-none.exp b/test/environment/shell-none.exp deleted file mode 100755 index 512e2efc2..000000000 --- a/test/environment/shell-none.exp +++ /dev/null
@@ -1,47 +0,0 @@
1	#!/usr/bin/expect -f
2	# This file is part of Firejail project
3	# Copyright (C) 2014-2022 Firejail Authors
4	# License GPL v2
5
6	set timeout 10
7	spawn $env(SHELL)
8	match_max 100000
9
10	send -- "firejail --shell=none\r"
11	expect {
12	timeout {puts "TESTING ERROR 0\n";exit}
13	"shell=none configured, but no program specified"
14	}
15	sleep 1
16
17	send -- "firejail --profile=shell-none.profile\r"
18	expect {
19	timeout {puts "TESTING ERROR 1\n";exit}
20	"shell=none configured, but no program specified"
21	}
22	after 100
23
24	send -- "firejail --shell=none ls\r"
25	expect {
26	timeout {puts "TESTING ERROR 2\n";exit}
27	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
28	}
29	expect {
30	timeout {puts "TESTING ERROR 3\n";exit}
31	"environment.sh"
32	}
33	after 100
34
35	send -- "firejail --profile=shell-none.profile ls\r"
36	expect {
37	timeout {puts "TESTING ERROR 4\n";exit}
38	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
39	}
40	expect {
41	timeout {puts "TESTING ERROR 5\n";exit}
42	"environment.sh"
43	}
44	after 100
45
46
47	puts "\nall done\n"


diff --git a/test/fs/invalid_filename.exp b/test/fs/invalid_filename.exp index 0c37b780d..3d4904d8f 100755 --- a/test/fs/invalid_filename.exp +++ b/test/fs/invalid_filename.exp
@@ -102,18 +102,6 @@ expect {
102	}	102	}
103	after 100	103	after 100
104		104
105	send -- "firejail --shell=\"bla&&bla\"\r"
106	expect {
107	timeout {puts "TESTING ERROR 12.2\n";exit}
108	"Error:"
109	}
110	expect {
111	timeout {puts "TESTING ERROR 12.3\n";exit}
112	"is an invalid filename"
113	}
114	after 100
115
116
117	send -- "firejail --whitelist=\"bla&&bla\"\r"	105	send -- "firejail --whitelist=\"bla&&bla\"\r"
118	expect {	106	expect {
119	timeout {puts "TESTING ERROR 14.2\n";exit}	107	timeout {puts "TESTING ERROR 14.2\n";exit}


diff --git a/test/profiles/profile_appname.exp b/test/profiles/profile_appname.exp index fce278b4c..c178e8e00 100755 --- a/test/profiles/profile_appname.exp +++ b/test/profiles/profile_appname.exp
@@ -16,10 +16,6 @@ expect {
16	timeout {puts "TESTING ERROR 1\n";exit}	16	timeout {puts "TESTING ERROR 1\n";exit}
17	"Reading profile /etc/firejail/firefox-common.profile"	17	"Reading profile /etc/firejail/firefox-common.profile"
18	}	18	}
19	expect {
20	timeout {puts "TESTING ERROR 2\n";exit}
21	"shell=none configured, but no program specified"
22	}
23		19
24	after 100	20	after 100
25	puts "\nall done\n"	21	puts "\nall done\n"