1 files changed, 93 insertions, 11 deletions

diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index 1ecfbf524..5928b9ae5 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -31,6 +31,7 @@
 #include <errno.h>
 #include <sys/mman.h>
 #include <pwd.h>
+#include <dirent.h>
 
 #include "../include/common.h"
 static int arg_debug = 0;
@@ -277,7 +278,8 @@ static void set_file(const char *name, const char *firejail_exec) {
         free(fname);
 }
 
-static void set_links(void) {
+// parse /usr/lib/firejail/firecfg.cfg file
+static void set_links_firecfg(void) {
         char *cfgfile;
         if (asprintf(&cfgfile, "%s/firejail/firecfg.config", LIBDIR) == -1)
                 errExit("asprintf");
@@ -286,12 +288,13 @@ static void set_links(void) {
         if (asprintf(&firejail_exec, "%s/bin/firejail", PREFIX) == -1)
                 errExit("asprintf");
 
+        // parse /usr/lib/firejail/firecfg.cfg file
         FILE *fp = fopen(cfgfile, "r");
         if (!fp) {
                 fprintf(stderr, "Error: cannot open %s\n", cfgfile);
                 exit(1);
         }
-        printf("Configuring symlinks in /usr/local/bin\n");
+        printf("Configuring symlinks in /usr/local/bin based on firecfg.config\n");
 
         char buf[MAX_BUF];
         int lineno = 0;
@@ -330,7 +333,69 @@ static void set_links(void) {
         free(firejail_exec);
 }
 
-int have_profile(const char *filename) {
+// parse ~/.config/firejail/ directory
+static void set_links_homedir(const char *homedir) {
+        assert(homedir);
+
+        // check firejail config directory
+        char *dirname;
+        if (asprintf(&dirname, "%s/.config/firejail", homedir) == -1)
+                errExit("asprintf");
+        struct stat s;
+        if (stat(dirname, &s) != 0) {
+                free(dirname);
+                return;
+        }
+
+        char *firejail_exec;
+        if (asprintf(&firejail_exec, "%s/bin/firejail", PREFIX) == -1)
+                errExit("asprintf");
+
+        // parse ~/.config/firejail/ directory
+        printf("\nConfiguring symlinks in /usr/local/bin based on local firejail config directory\n");
+
+        DIR *dir = opendir(dirname);
+        if (!dir) {
+                fprintf(stderr, "Error: cannot open ~/.config/firejail directory\n");
+                free(dirname);
+                return;
+        }
+
+        struct dirent *entry;
+        while ((entry = readdir(dir))) {
+                if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
+                        continue;
+
+                char *exec = strdup(entry->d_name);
+                if (!exec)
+                        errExit("strdup");
+                char *ptr = strrchr(exec, '.');
+                if (!ptr) {
+                        free(exec);
+                        continue;
+                }
+                if (strcmp(ptr, ".profile") != 0) {
+                        free(exec);
+                        continue;
+                }
+
+                *ptr = '\0';
+                set_file(exec, firejail_exec);
+                free(exec);
+        }
+        closedir(dir);
+
+        free(firejail_exec);
+}
+
+// look for a profile file in /etc/firejail diectory and in homedir/.config/firejail directory
+static int have_profile(const char *filename, const char *homedir) {
+        assert(filename);
+        assert(homedir);
+
+        if (arg_debug)
+                printf("checking profile for %s\n", filename);
+
         // remove .desktop extension
         char *f1 = strdup(filename);
         if (!f1)
@@ -338,15 +403,29 @@ int have_profile(const char *filename) {
         f1[strlen(filename) - 8] = '\0';
 
         // build profile name
-        char *profname;
-        if (asprintf(&profname, "%s/%s.profile", SYSCONFDIR, f1) == -1)
+        char *profname1;
+        char *profname2;
+        if (asprintf(&profname1, "%s/%s.profile", SYSCONFDIR, f1) == -1)
+                errExit("asprintf");
+        if (asprintf(&profname2, "%s/.config/firejail/%s.profile", homedir, f1) == -1)
                 errExit("asprintf");
 
-        struct stat s;
-        int rv = stat(profname, &s);
+        int rv = 0;
+        if (access(profname1, R_OK) == 0) {
+                if (arg_debug)
+                        printf("found %s\n", profname1);
+                rv = 1;
+        }
+        else if (access(profname2, R_OK) == 0) {
+                if (arg_debug)
+                        printf("found %s\n", profname2);
+                rv = 1;
+        }
+                
         free(f1);
-        free(profname);
-        return (rv == 0)? 1: 0;
+        free(profname1);
+        free(profname2);
+        return rv;
 }
 
 static void fix_desktop_files(char *homedir) {
@@ -411,7 +490,7 @@ static void fix_desktop_files(char *homedir) {
                         errExit("stat");
 
                 // no profile in /etc/firejail, no desktop file fixing
-                if (!have_profile(filename))
+                if (!have_profile(filename, homedir))
                         continue;
 
                 /* coverity[toctou] */
@@ -599,7 +678,7 @@ int main(int argc, char **argv) {
                         }
                 }
         }
-        set_links();
+        set_links_firecfg();
 
 
 
@@ -623,6 +702,9 @@ int main(int argc, char **argv) {
                         goto errexit;
                 }
 
+                // running as root
+                set_links_homedir(home);
+
                 // drop permissions
                 if (setgroups(0, NULL) < 0)
                         errExit("setgroups");