aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/main.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r--src/firejail/main.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 8f89a804f..476f9c39c 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -645,7 +645,8 @@ int main(int argc, char **argv) {
645 int i; 645 int i;
646 int prog_index = -1; // index in argv where the program command starts 646 int prog_index = -1; // index in argv where the program command starts
647 int lockfd = -1; 647 int lockfd = -1;
648 int arg_cgroup = 0; 648 int option_cgroup = 0;
649 int option_force = 0;
649 int custom_profile = 0; // custom profile loaded 650 int custom_profile = 0; // custom profile loaded
650 char *custom_profile_dir = NULL; // custom profile directory 651 char *custom_profile_dir = NULL; // custom profile directory
651 int arg_noprofile = 0; // use generic.profile if none other found/specified 652 int arg_noprofile = 0; // use generic.profile if none other found/specified
@@ -667,7 +668,11 @@ int main(int argc, char **argv) {
667 // if --force option is passed to the program, disregard the existing sandbox 668 // if --force option is passed to the program, disregard the existing sandbox
668 int found = 0; 669 int found = 0;
669 for (i = 1; i < argc; i++) { 670 for (i = 1; i < argc; i++) {
670 if (strcmp(argv[i], "--force") == 0) { 671 if (strcmp(argv[i], "--force") == 0 ||
672 strcmp(argv[i], "--netstats") == 0 ||
673 strcmp(argv[i], "--list") == 0 ||
674 strcmp(argv[i], "--tree") == 0 ||
675 strcmp(argv[i], "--top") == 0) {
671 found = 1; 676 found = 1;
672 break; 677 break;
673 } 678 }
@@ -683,6 +688,8 @@ int main(int argc, char **argv) {
683 // it will never get here! 688 // it will never get here!
684 assert(0); 689 assert(0);
685 } 690 }
691 else
692 option_force = 1;
686 } 693 }
687 694
688 // check root/suid 695 // check root/suid
@@ -740,8 +747,11 @@ int main(int argc, char **argv) {
740 for (i = 1; i < argc; i++) { 747 for (i = 1; i < argc; i++) {
741 run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized 748 run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized
742 749
743 if (strcmp(argv[i], "--debug") == 0) 750 if (strcmp(argv[i], "--debug") == 0) {
744 arg_debug = 1; 751 arg_debug = 1;
752 if (option_force)
753 printf("Entering sandbox-in-sandbox mode\n");
754 }
745 else if (strcmp(argv[i], "--debug-check-filename") == 0) 755 else if (strcmp(argv[i], "--debug-check-filename") == 0)
746 arg_debug_check_filename = 1; 756 arg_debug_check_filename = 1;
747 else if (strcmp(argv[i], "--debug-blacklists") == 0) 757 else if (strcmp(argv[i], "--debug-blacklists") == 0)
@@ -752,7 +762,7 @@ int main(int argc, char **argv) {
752 arg_quiet = 1; 762 arg_quiet = 1;
753 else if (strcmp(argv[i], "--force") == 0) 763 else if (strcmp(argv[i], "--force") == 0)
754 ; 764 ;
755 765
756 //************************************* 766 //*************************************
757 // filtering 767 // filtering
758 //************************************* 768 //*************************************
@@ -931,12 +941,12 @@ int main(int argc, char **argv) {
931 arg_nice = 1; 941 arg_nice = 1;
932 } 942 }
933 else if (strncmp(argv[i], "--cgroup=", 9) == 0) { 943 else if (strncmp(argv[i], "--cgroup=", 9) == 0) {
934 if (arg_cgroup) { 944 if (option_cgroup) {
935 fprintf(stderr, "Error: only a cgroup can be defined\n"); 945 fprintf(stderr, "Error: only a cgroup can be defined\n");
936 exit(1); 946 exit(1);
937 } 947 }
938 948
939 arg_cgroup = 1; 949 option_cgroup = 1;
940 cfg.cgroup = strdup(argv[i] + 9); 950 cfg.cgroup = strdup(argv[i] + 9);
941 if (!cfg.cgroup) 951 if (!cfg.cgroup)
942 errExit("strdup"); 952 errExit("strdup");
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-15 21:56:33 +0000