diff options
| -rw-r--r-- | src/firejail/firejail.h | 3 | ||||
| -rw-r--r-- | src/firejail/main.c | 57 | ||||
| -rw-r--r-- | src/firejail/profile.c | 33 |
3 files changed, 58 insertions, 35 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 85a4fbddb..8145c1bb5 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -458,7 +458,8 @@ void fs_mnt(const int enforce); | |||
| 458 | 458 | ||
| 459 | // profile.c | 459 | // profile.c |
| 460 | // find and read the profile specified by name from dir directory | 460 | // find and read the profile specified by name from dir directory |
| 461 | int profile_find(const char *name, const char *dir); | 461 | int profile_find(const char *name, const char *dir, int add_ext); |
| 462 | int profile_find_firejail(const char *name, int add_ext); | ||
| 462 | // read a profile file | 463 | // read a profile file |
| 463 | void profile_read(const char *fname); | 464 | void profile_read(const char *fname); |
| 464 | // check profile line; if line == 0, this was generated from a command line option | 465 | // check profile line; if line == 0, this was generated from a command line option |
diff --git a/src/firejail/main.c b/src/firejail/main.c index e0a149085..680ce5800 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -1485,8 +1485,33 @@ int main(int argc, char **argv) { | |||
| 1485 | if (!ppath) | 1485 | if (!ppath) |
| 1486 | errExit("strdup"); | 1486 | errExit("strdup"); |
| 1487 | 1487 | ||
| 1488 | profile_read(ppath); | 1488 | if (access(ppath, R_OK)) { |
| 1489 | custom_profile = 1; | 1489 | char *ptr = ppath; |
| 1490 | while (*ptr != '/' && *ptr != '.' && *ptr != '\0') | ||
| 1491 | ptr++; | ||
| 1492 | // profile path contains no / or . chars, | ||
| 1493 | // assume its a profile name | ||
| 1494 | if (*ptr != '\0') { | ||
| 1495 | fprintf(stderr, "Error: inaccessible profile file: %s\n", ppath); | ||
| 1496 | exit(1); | ||
| 1497 | } | ||
| 1498 | |||
| 1499 | // profile was not read in previously, try to see if | ||
| 1500 | // we were given a profile name. | ||
| 1501 | if (!profile_find_firejail(ppath, 1)) { | ||
| 1502 | // do not fall through to default profile, | ||
| 1503 | // because the user should be notified that | ||
| 1504 | // given profile arg could not be used. | ||
| 1505 | fprintf(stderr, "Error: no profile with name \"%s\" found.\n", ppath); | ||
| 1506 | exit(1); | ||
| 1507 | } | ||
| 1508 | else | ||
| 1509 | custom_profile = 1; | ||
| 1510 | } | ||
| 1511 | else { | ||
| 1512 | profile_read(ppath); | ||
| 1513 | custom_profile = 1; | ||
| 1514 | } | ||
| 1490 | free(ppath); | 1515 | free(ppath); |
| 1491 | } | 1516 | } |
| 1492 | else if (strcmp(argv[i], "--noprofile") == 0) { | 1517 | else if (strcmp(argv[i], "--noprofile") == 0) { |
| @@ -2327,21 +2352,8 @@ int main(int argc, char **argv) { | |||
| 2327 | 2352 | ||
| 2328 | 2353 | ||
| 2329 | // load the profile | 2354 | // load the profile |
| 2330 | if (!arg_noprofile) { | 2355 | if (!arg_noprofile && !custom_profile) { |
| 2331 | if (!custom_profile) { | 2356 | custom_profile = profile_find_firejail(cfg.command_name, 1); |
| 2332 | // look for a profile in ~/.config/firejail directory | ||
| 2333 | char *usercfgdir; | ||
| 2334 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | ||
| 2335 | errExit("asprintf"); | ||
| 2336 | int rv = profile_find(cfg.command_name, usercfgdir); | ||
| 2337 | free(usercfgdir); | ||
| 2338 | custom_profile = rv; | ||
| 2339 | } | ||
| 2340 | if (!custom_profile) { | ||
| 2341 | // look for a user profile in /etc/firejail directory | ||
| 2342 | int rv = profile_find(cfg.command_name, SYSCONFDIR); | ||
| 2343 | custom_profile = rv; | ||
| 2344 | } | ||
| 2345 | } | 2357 | } |
| 2346 | 2358 | ||
| 2347 | // use default.profile as the default | 2359 | // use default.profile as the default |
| @@ -2352,16 +2364,7 @@ int main(int argc, char **argv) { | |||
| 2352 | if (arg_debug) | 2364 | if (arg_debug) |
| 2353 | printf("Attempting to find %s.profile...\n", profile_name); | 2365 | printf("Attempting to find %s.profile...\n", profile_name); |
| 2354 | 2366 | ||
| 2355 | // look for the profile in ~/.config/firejail directory | 2367 | custom_profile = profile_find_firejail(profile_name, 1); |
| 2356 | char *usercfgdir; | ||
| 2357 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | ||
| 2358 | errExit("asprintf"); | ||
| 2359 | custom_profile = profile_find(profile_name, usercfgdir); | ||
| 2360 | free(usercfgdir); | ||
| 2361 | |||
| 2362 | if (!custom_profile) | ||
| 2363 | // look for the profile in /etc/firejail directory | ||
| 2364 | custom_profile = profile_find(profile_name, SYSCONFDIR); | ||
| 2365 | 2368 | ||
| 2366 | if (!custom_profile) { | 2369 | if (!custom_profile) { |
| 2367 | fprintf(stderr, "Error: no default.profile installed\n"); | 2370 | fprintf(stderr, "Error: no default.profile installed\n"); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index f70c0c9d1..4fc710f39 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -25,26 +25,29 @@ extern char *xephyr_screen; | |||
| 25 | #define MAX_READ 8192 // line buffer for profile files | 25 | #define MAX_READ 8192 // line buffer for profile files |
| 26 | 26 | ||
| 27 | // find and read the profile specified by name from dir directory | 27 | // find and read the profile specified by name from dir directory |
| 28 | int profile_find(const char *name, const char *dir) { | 28 | int profile_find(const char *name, const char *dir, int add_ext) { |
| 29 | EUID_ASSERT(); | 29 | EUID_ASSERT(); |
| 30 | assert(name); | 30 | assert(name); |
| 31 | assert(dir); | 31 | assert(dir); |
| 32 | 32 | ||
| 33 | int rv = 0; | 33 | int rv = 0; |
| 34 | DIR *dp; | 34 | DIR *dp; |
| 35 | char *pname; | 35 | char *pname = NULL; |
| 36 | if (asprintf(&pname, "%s.profile", name) == -1) | 36 | if (add_ext) |
| 37 | errExit("asprintf"); | 37 | if (asprintf(&pname, "%s.profile", name) == -1) |
| 38 | errExit("asprintf"); | ||
| 39 | else | ||
| 40 | name = pname; | ||
| 38 | 41 | ||
| 39 | dp = opendir (dir); | 42 | dp = opendir (dir); |
| 40 | if (dp != NULL) { | 43 | if (dp != NULL) { |
| 41 | struct dirent *ep; | 44 | struct dirent *ep; |
| 42 | while ((ep = readdir(dp)) != NULL) { | 45 | while ((ep = readdir(dp)) != NULL) { |
| 43 | if (strcmp(ep->d_name, pname) == 0) { | 46 | if (strcmp(ep->d_name, name) == 0) { |
| 44 | if (arg_debug) | 47 | if (arg_debug) |
| 45 | printf("Found %s profile in %s directory\n", name, dir); | 48 | printf("Found %s profile in %s directory\n", name, dir); |
| 46 | char *etcpname; | 49 | char *etcpname; |
| 47 | if (asprintf(&etcpname, "%s/%s", dir, pname) == -1) | 50 | if (asprintf(&etcpname, "%s/%s", dir, name) == -1) |
| 48 | errExit("asprintf"); | 51 | errExit("asprintf"); |
| 49 | profile_read(etcpname); | 52 | profile_read(etcpname); |
| 50 | free(etcpname); | 53 | free(etcpname); |
| @@ -55,10 +58,26 @@ int profile_find(const char *name, const char *dir) { | |||
| 55 | (void) closedir (dp); | 58 | (void) closedir (dp); |
| 56 | } | 59 | } |
| 57 | 60 | ||
| 58 | free(pname); | 61 | if (pname) |
| 62 | free(pname); | ||
| 59 | return rv; | 63 | return rv; |
| 60 | } | 64 | } |
| 61 | 65 | ||
| 66 | // search and read the profile specified by name from firejail directories | ||
| 67 | int profile_find_firejail(const char *name, int add_ext) { | ||
| 68 | // look for a profile in ~/.config/firejail directory | ||
| 69 | char *usercfgdir; | ||
| 70 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | ||
| 71 | errExit("asprintf"); | ||
| 72 | int rv = profile_find(name, usercfgdir, add_ext); | ||
| 73 | free(usercfgdir); | ||
| 74 | |||
| 75 | if (!rv) | ||
| 76 | // look for a user profile in /etc/firejail directory | ||
| 77 | rv = profile_find(name, SYSCONFDIR, add_ext); | ||
| 78 | |||
| 79 | return rv; | ||
| 80 | } | ||
| 62 | 81 | ||
| 63 | //*************************************************** | 82 | //*************************************************** |
| 64 | // run-time profiles | 83 | // run-time profiles |