summaryrefslogtreecommitdiffstats
path: root/src/firejail/main.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r--src/firejail/main.c25
1 files changed, 24 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index b6fd745a2..9f6fa5142 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -51,6 +51,7 @@ uid_t firejail_uid = 0;
51static char child_stack[STACK_SIZE]; // space for child's stack 51static char child_stack[STACK_SIZE]; // space for child's stack
52Config cfg; // configuration 52Config cfg; // configuration
53int arg_private = 0; // mount private /home and /tmp directoryu 53int arg_private = 0; // mount private /home and /tmp directoryu
54int arg_private_template = 0; // mount private /home using a template
54int arg_debug = 0; // print debug messages 55int arg_debug = 0; // print debug messages
55int arg_debug_check_filename; // print debug messages for filename checking 56int arg_debug_check_filename; // print debug messages for filename checking
56int arg_debug_blacklists; // print debug messages for blacklists 57int arg_debug_blacklists; // print debug messages for blacklists
@@ -1348,9 +1349,18 @@ int main(int argc, char **argv) {
1348 else if (strcmp(argv[i], "--writable-var") == 0) { 1349 else if (strcmp(argv[i], "--writable-var") == 0) {
1349 arg_writable_var = 1; 1350 arg_writable_var = 1;
1350 } 1351 }
1351 else if (strcmp(argv[i], "--private") == 0) 1352 else if (strcmp(argv[i], "--private") == 0) {
1353 if (arg_private_template) {
1354 fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n");
1355 exit(1);
1356 }
1352 arg_private = 1; 1357 arg_private = 1;
1358 }
1353 else if (strncmp(argv[i], "--private=", 10) == 0) { 1359 else if (strncmp(argv[i], "--private=", 10) == 0) {
1360 if (arg_private_template) {
1361 fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n");
1362 exit(1);
1363 }
1354 // extract private home dirname 1364 // extract private home dirname
1355 cfg.home_private = argv[i] + 10; 1365 cfg.home_private = argv[i] + 10;
1356 if (*cfg.home_private == '\0') { 1366 if (*cfg.home_private == '\0') {
@@ -1360,6 +1370,19 @@ int main(int argc, char **argv) {
1360 fs_check_private_dir(); 1370 fs_check_private_dir();
1361 arg_private = 1; 1371 arg_private = 1;
1362 } 1372 }
1373 else if (strncmp(argv[i], "--private-template=", 19) == 0) {
1374 cfg.private_template = argv[i] + 19;
1375 if (arg_private) {
1376 fprintf(stderr, "Error: --private and --private-template are mutually exclusive\n");
1377 exit(1);
1378 }
1379 if (*cfg.private_template == '\0') {
1380 fprintf(stderr, "Error: invalid private-template option\n");
1381 exit(1);
1382 }
1383 fs_check_private_template();
1384 arg_private_template = 1;
1385 }
1363 else if (strcmp(argv[i], "--private-dev") == 0) { 1386 else if (strcmp(argv[i], "--private-dev") == 0) {
1364 arg_private_dev = 1; 1387 arg_private_dev = 1;
1365 } 1388 }