11 files changed, 80 insertions, 1 deletions
diff --git a/README.md b/README.md
index a9c41cfc4..b3c415ea0 100644
--- a/README.md
+++ b/README.md
@@ -213,6 +213,14 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 Milestone page: https://github.com/netblue30/firejail/milestone/1
+### Shell tab completion
+```
+       --tab  Enable bash completion in sandboxes using private or whitelisted
+              home directories.
+              $ firejail --private --tab
+```
 ### Profile Statistics
 A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.
@@ -251,3 +259,4 @@ Stats:
 ### New profiles:
+onionshare, onionshare-cli
diff --git a/RELNOTES b/RELNOTES
index dc7811dab..14caa0840 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -4,6 +4,7 @@ firejail (0.9.69) baseline; urgency=low
  * bugfix: nogroups + wrc prints confusing messages (#4930 #4933)
  * ci: replace centos (EOL) with almalinux (#4912)
  * docs: Refer to firejail.config in configuration files (#4916)
+  * new profiles: onionshare, onionshare-cli
 -- netblue30 <netblue30@yahoo.com>  Mon, 7 Feb 2022 09:00:00 -0500
 firejail (0.9.68) baseline; urgency=low
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index f1fa66707..316518534 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -365,6 +365,7 @@ extern DbusPolicy arg_dbus_system; // --dbus-system
 extern int arg_dbus_log_user;
 extern int arg_dbus_log_system;
 extern const char *arg_dbus_log_file;
+extern int arg_tab;
 extern int login_shell;
 extern int parent_to_child_fds[2];
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 6a554dc89..061461590 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -34,8 +34,10 @@
 #endif
 static void disable_tab_completion(const char *homedir) {
-        char *fname;
+        if (arg_tab)
+                return;
+        char *fname;
        if (asprintf(&fname, "%s/.inputrc", homedir) == -1)
                errExit("asprintf");
diff --git a/src/firejail/main.c b/src/firejail/main.c
index d614ae1ac..4b01ea0a5 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -155,6 +155,7 @@ DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW;	// --dbus-system
 const char *arg_dbus_log_file = NULL;
 int arg_dbus_log_user = 0;
 int arg_dbus_log_system = 0;
+int arg_tab = 0;
 int login_shell = 0;
 int parent_to_child_fds[2];
@@ -2798,6 +2799,8 @@ int main(int argc, char **argv, char **envp) {
                else if (strcmp(argv[i], "--deterministic-shutdown") == 0) {
                        arg_deterministic_shutdown = 1;
                }
+                else if (strcmp(argv[i], "--tab") == 0)
+                        arg_tab = 1;
                else {
                        // double dash - positional params to follow
                        if (strcmp(argv[i], "--") == 0) {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 794668dc6..0b258e6bb 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -389,6 +389,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 #endif
                return 0;
        }
+        else if (strcmp(ptr, "tab") == 0) {
+                arg_tab = 1;
+                return 0;
+        }
        else if (strcmp(ptr, "private-cwd") == 0) {
                cfg.cwd = NULL;
                arg_private_cwd = 1;
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 0b24467be..2dd913b5e 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -245,6 +245,8 @@ static char *usage_str =
        "    --shell=none - run the program directly without a user shell.\n"
        "    --shell=program - set default user shell.\n"
        "    --shutdown=name|pid - shutdown the sandbox identified by name or PID.\n"
+        "    --tab - enable shell tab completion in sandboxes using private or\n"
+        "\twhitelisted home directories.\n"
        "    --timeout=hh:mm:ss - kill the sandbox automatically after the time\n"
        "\thas elapsed.\n"
        "    --tmpfs=dirname - mount a tmpfs filesystem on directory dirname.\n"
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 4cbe7f13d..a3dfb14ac 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -2683,6 +2683,13 @@ $ firejail \-\-list
 .br
 $ firejail \-\-shutdown=3272
 .TP
+\fB\-\-tab
+Enable bash completion in sandboxes using private or whitelisted home directories.
+.br
+.br
+$ firejail \-\-private --tab
+.TP
 \fB\-\-timeout=hh:mm:ss
 Kill the sandbox automatically after the time has elapsed. The time is specified in hours/minutes/seconds format.
 .br
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index 0ec714ffa..b49e447b7 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -10,6 +10,9 @@ export LC_ALL=C
 # These directories are required by some tests:
 mkdir -p ~/Desktop ~/Documents ~/Downloads ~/Music ~/Pictures ~/Videos
+echo "TESTING: tab completion (test/fs/tab.exp)"
+./tab.exp
 rm -fr ~/_firejail_test_*
 echo "TESTING: mkdir/mkfile (test/fs/mkdir_mkfile.exp)"
 ./mkdir_mkfile.exp
diff --git a/test/fs/tab.exp b/test/fs/tab.exp
new file mode 100755
index 000000000..cc9e11ed5
--- /dev/null
+++ b/test/fs/tab.exp
@@ -0,0 +1,46 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2022 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail --private ls -al\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 1\n";exit}
+        ".inputrc"
+}
+sleep 1
+send -- "firejail --private --tab ls -al\r"
+expect {
+        timeout {puts "TESTING ERROR 2\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 3\n";exit}
+        ".inputrc" {puts "TESTING ERROR 4\n";exit}
+        "Parent is shutting down"
+}
+sleep 1
+send -- "firejail --private --profile=tab.profile ls -al\r"
+expect {
+        timeout {puts "TESTING ERROR 5\n";exit}
+        -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
+}
+expect {
+        timeout {puts "TESTING ERROR 6\n";exit}
+        ".inputrc" {puts "TESTING ERROR 7\n";exit}
+        "Parent is shutting down"
+}
+sleep 1
+puts "\nall done\n"
diff --git a/test/fs/tab.profile b/test/fs/tab.profile
new file mode 100644
index 000000000..8cc35a3d5
--- /dev/null
+++ b/test/fs/tab.profile
@@ -0,0 +1 @@
+tab

diff --git a/README.md b/README.md index a9c41cfc4..b3c415ea0 100644 --- a/README.md +++ b/README.md
@@ -213,6 +213,14 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
213		213
214	Milestone page: https://github.com/netblue30/firejail/milestone/1	214	Milestone page: https://github.com/netblue30/firejail/milestone/1
215		215
		216	### Shell tab completion
		217	```
		218	--tab Enable bash completion in sandboxes using private or whitelisted
		219	home directories.
		220
		221	$ firejail --private --tab
		222	```
		223
216	### Profile Statistics	224	### Profile Statistics
217		225
218	A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.	226	A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.
@@ -251,3 +259,4 @@ Stats:
251		259
252	### New profiles:	260	### New profiles:
253		261
		262	onionshare, onionshare-cli


diff --git a/RELNOTES b/RELNOTES index dc7811dab..14caa0840 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -4,6 +4,7 @@ firejail (0.9.69) baseline; urgency=low
4	* bugfix: nogroups + wrc prints confusing messages (#4930 #4933)	4	* bugfix: nogroups + wrc prints confusing messages (#4930 #4933)
5	* ci: replace centos (EOL) with almalinux (#4912)	5	* ci: replace centos (EOL) with almalinux (#4912)
6	* docs: Refer to firejail.config in configuration files (#4916)	6	* docs: Refer to firejail.config in configuration files (#4916)
		7	* new profiles: onionshare, onionshare-cli
7	-- netblue30 <netblue30@yahoo.com> Mon, 7 Feb 2022 09:00:00 -0500	8	-- netblue30 <netblue30@yahoo.com> Mon, 7 Feb 2022 09:00:00 -0500
8		9
9	firejail (0.9.68) baseline; urgency=low	10	firejail (0.9.68) baseline; urgency=low


diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index f1fa66707..316518534 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -365,6 +365,7 @@ extern DbusPolicy arg_dbus_system; // --dbus-system
365	extern int arg_dbus_log_user;	365	extern int arg_dbus_log_user;
366	extern int arg_dbus_log_system;	366	extern int arg_dbus_log_system;
367	extern const char *arg_dbus_log_file;	367	extern const char *arg_dbus_log_file;
		368	extern int arg_tab;
368		369
369	extern int login_shell;	370	extern int login_shell;
370	extern int parent_to_child_fds[2];	371	extern int parent_to_child_fds[2];


diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 6a554dc89..061461590 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -34,8 +34,10 @@
34	#endif	34	#endif
35		35
36	static void disable_tab_completion(const char *homedir) {	36	static void disable_tab_completion(const char *homedir) {
37	char *fname;	37	if (arg_tab)
		38	return;
38		39
		40	char *fname;
39	if (asprintf(&fname, "%s/.inputrc", homedir) == -1)	41	if (asprintf(&fname, "%s/.inputrc", homedir) == -1)
40	errExit("asprintf");	42	errExit("asprintf");
41		43


diff --git a/src/firejail/main.c b/src/firejail/main.c index d614ae1ac..4b01ea0a5 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -155,6 +155,7 @@ DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system
155	const char *arg_dbus_log_file = NULL;	155	const char *arg_dbus_log_file = NULL;
156	int arg_dbus_log_user = 0;	156	int arg_dbus_log_user = 0;
157	int arg_dbus_log_system = 0;	157	int arg_dbus_log_system = 0;
		158	int arg_tab = 0;
158	int login_shell = 0;	159	int login_shell = 0;
159		160
160	int parent_to_child_fds[2];	161	int parent_to_child_fds[2];
@@ -2798,6 +2799,8 @@ int main(int argc, char argv, char envp) {
2798	else if (strcmp(argv[i], "--deterministic-shutdown") == 0) {	2799	else if (strcmp(argv[i], "--deterministic-shutdown") == 0) {
2799	arg_deterministic_shutdown = 1;	2800	arg_deterministic_shutdown = 1;
2800	}	2801	}
		2802	else if (strcmp(argv[i], "--tab") == 0)
		2803	arg_tab = 1;
2801	else {	2804	else {
2802	// double dash - positional params to follow	2805	// double dash - positional params to follow
2803	if (strcmp(argv[i], "--") == 0) {	2806	if (strcmp(argv[i], "--") == 0) {


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 794668dc6..0b258e6bb 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -389,6 +389,10 @@ int profile_check_line(char ptr, int lineno, const char fname) {
389	#endif	389	#endif
390	return 0;	390	return 0;
391	}	391	}
		392	else if (strcmp(ptr, "tab") == 0) {
		393	arg_tab = 1;
		394	return 0;
		395	}
392	else if (strcmp(ptr, "private-cwd") == 0) {	396	else if (strcmp(ptr, "private-cwd") == 0) {
393	cfg.cwd = NULL;	397	cfg.cwd = NULL;
394	arg_private_cwd = 1;	398	arg_private_cwd = 1;


diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 0b24467be..2dd913b5e 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c
@@ -245,6 +245,8 @@ static char *usage_str =
245	" --shell=none - run the program directly without a user shell.\n"	245	" --shell=none - run the program directly without a user shell.\n"
246	" --shell=program - set default user shell.\n"	246	" --shell=program - set default user shell.\n"
247	" --shutdown=name\|pid - shutdown the sandbox identified by name or PID.\n"	247	" --shutdown=name\|pid - shutdown the sandbox identified by name or PID.\n"
		248	" --tab - enable shell tab completion in sandboxes using private or\n"
		249	"\twhitelisted home directories.\n"
248	" --timeout=hh:mm:ss - kill the sandbox automatically after the time\n"	250	" --timeout=hh:mm:ss - kill the sandbox automatically after the time\n"
249	"\thas elapsed.\n"	251	"\thas elapsed.\n"
250	" --tmpfs=dirname - mount a tmpfs filesystem on directory dirname.\n"	252	" --tmpfs=dirname - mount a tmpfs filesystem on directory dirname.\n"


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 4cbe7f13d..a3dfb14ac 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -2683,6 +2683,13 @@ $ firejail \-\-list
2683	.br	2683	.br
2684	$ firejail \-\-shutdown=3272	2684	$ firejail \-\-shutdown=3272
2685	.TP	2685	.TP
		2686	\fB\-\-tab
		2687	Enable bash completion in sandboxes using private or whitelisted home directories.
		2688	.br
		2689
		2690	.br
		2691	$ firejail \-\-private --tab
		2692	.TP
2686	\fB\-\-timeout=hh:mm:ss	2693	\fB\-\-timeout=hh:mm:ss
2687	Kill the sandbox automatically after the time has elapsed. The time is specified in hours/minutes/seconds format.	2694	Kill the sandbox automatically after the time has elapsed. The time is specified in hours/minutes/seconds format.
2688	.br	2695	.br


diff --git a/test/fs/fs.sh b/test/fs/fs.sh index 0ec714ffa..b49e447b7 100755 --- a/test/fs/fs.sh +++ b/test/fs/fs.sh
@@ -10,6 +10,9 @@ export LC_ALL=C
10	# These directories are required by some tests:	10	# These directories are required by some tests:
11	mkdir -p ~/Desktop ~/Documents ~/Downloads ~/Music ~/Pictures ~/Videos	11	mkdir -p ~/Desktop ~/Documents ~/Downloads ~/Music ~/Pictures ~/Videos
12		12
		13	echo "TESTING: tab completion (test/fs/tab.exp)"
		14	./tab.exp
		15
13	rm -fr ~/_firejail_test_*	16	rm -fr ~/_firejail_test_*
14	echo "TESTING: mkdir/mkfile (test/fs/mkdir_mkfile.exp)"	17	echo "TESTING: mkdir/mkfile (test/fs/mkdir_mkfile.exp)"
15	./mkdir_mkfile.exp	18	./mkdir_mkfile.exp


diff --git a/test/fs/tab.exp b/test/fs/tab.exp new file mode 100755 index 000000000..cc9e11ed5 --- /dev/null +++ b/test/fs/tab.exp
@@ -0,0 +1,46 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2022 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10
		11	send -- "firejail --private ls -al\r"
		12	expect {
		13	timeout {puts "TESTING ERROR 0\n";exit}
		14	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		15	}
		16	expect {
		17	timeout {puts "TESTING ERROR 1\n";exit}
		18	".inputrc"
		19	}
		20	sleep 1
		21
		22	send -- "firejail --private --tab ls -al\r"
		23	expect {
		24	timeout {puts "TESTING ERROR 2\n";exit}
		25	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		26	}
		27	expect {
		28	timeout {puts "TESTING ERROR 3\n";exit}
		29	".inputrc" {puts "TESTING ERROR 4\n";exit}
		30	"Parent is shutting down"
		31	}
		32	sleep 1
		33
		34	send -- "firejail --private --profile=tab.profile ls -al\r"
		35	expect {
		36	timeout {puts "TESTING ERROR 5\n";exit}
		37	-re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"
		38	}
		39	expect {
		40	timeout {puts "TESTING ERROR 6\n";exit}
		41	".inputrc" {puts "TESTING ERROR 7\n";exit}
		42	"Parent is shutting down"
		43	}
		44	sleep 1
		45
		46	puts "\nall done\n"


diff --git a/test/fs/tab.profile b/test/fs/tab.profile new file mode 100644 index 000000000..8cc35a3d5 --- /dev/null +++ b/test/fs/tab.profile
@@ -0,0 +1 @@
			tab