diff options
Diffstat (limited to 'src/firejail/main.c')
| -rw-r--r-- | src/firejail/main.c | 35 |
1 files changed, 11 insertions, 24 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 52f6af667..787fa28e1 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -829,7 +829,6 @@ int main(int argc, char **argv) { | |||
| 829 | int lockfd_network = -1; | 829 | int lockfd_network = -1; |
| 830 | int lockfd_directory = -1; | 830 | int lockfd_directory = -1; |
| 831 | int option_cgroup = 0; | 831 | int option_cgroup = 0; |
| 832 | int option_force = 0; | ||
| 833 | int custom_profile = 0; // custom profile loaded | 832 | int custom_profile = 0; // custom profile loaded |
| 834 | 833 | ||
| 835 | atexit(clear_atexit); | 834 | atexit(clear_atexit); |
| @@ -900,27 +899,21 @@ int main(int argc, char **argv) { | |||
| 900 | // check if we already have a sandbox running | 899 | // check if we already have a sandbox running |
| 901 | // If LXC is detected, start firejail sandbox | 900 | // If LXC is detected, start firejail sandbox |
| 902 | // otherwise try to detect a PID namespace by looking under /proc for specific kernel processes and: | 901 | // otherwise try to detect a PID namespace by looking under /proc for specific kernel processes and: |
| 903 | // - if --force flag is set, start firejail sandbox | 902 | // - start the application in a /bin/bash shell |
| 904 | // -- if --force flag is not set, start the application in a /bin/bash shell | ||
| 905 | if (check_namespace_virt() == 0) { | 903 | if (check_namespace_virt() == 0) { |
| 906 | EUID_ROOT(); | 904 | EUID_ROOT(); |
| 907 | int rv = check_kernel_procs(); | 905 | int rv = check_kernel_procs(); |
| 908 | EUID_USER(); | 906 | EUID_USER(); |
| 909 | if (rv == 0) { | 907 | if (rv == 0) { |
| 910 | // if --force option is passed to the program, disregard the existing sandbox | 908 | if (check_arg(argc, argv, "--version", 1)) { |
| 911 | if (check_arg(argc, argv, "--force", 1)) | 909 | printf("firejail version %s\n", VERSION); |
| 912 | option_force = 1; | 910 | exit(0); |
| 913 | else { | ||
| 914 | if (check_arg(argc, argv, "--version", 1)) { | ||
| 915 | printf("firejail version %s\n", VERSION); | ||
| 916 | exit(0); | ||
| 917 | } | ||
| 918 | |||
| 919 | // start the program directly without sandboxing | ||
| 920 | run_no_sandbox(argc, argv); | ||
| 921 | // it will never get here! | ||
| 922 | assert(0); | ||
| 923 | } | 911 | } |
| 912 | |||
| 913 | // start the program directly without sandboxing | ||
| 914 | run_no_sandbox(argc, argv); | ||
| 915 | // it will never get here! | ||
| 916 | assert(0); | ||
| 924 | } | 917 | } |
| 925 | } | 918 | } |
| 926 | 919 | ||
| @@ -1064,12 +1057,8 @@ int main(int argc, char **argv) { | |||
| 1064 | for (i = 1; i < argc; i++) { | 1057 | for (i = 1; i < argc; i++) { |
| 1065 | run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized | 1058 | run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized |
| 1066 | 1059 | ||
| 1067 | if (strcmp(argv[i], "--debug") == 0) { | 1060 | if (strcmp(argv[i], "--debug") == 0 && !arg_quiet) { |
| 1068 | if (!arg_quiet) { | 1061 | arg_debug = 1; |
| 1069 | arg_debug = 1; | ||
| 1070 | if (option_force) | ||
| 1071 | fmessage("Entering sandbox-in-sandbox mode\n"); | ||
| 1072 | } | ||
| 1073 | } | 1062 | } |
| 1074 | else if (strcmp(argv[i], "--debug-check-filename") == 0) | 1063 | else if (strcmp(argv[i], "--debug-check-filename") == 0) |
| 1075 | arg_debug_check_filename = 1; | 1064 | arg_debug_check_filename = 1; |
| @@ -1083,8 +1072,6 @@ int main(int argc, char **argv) { | |||
| 1083 | arg_quiet = 1; | 1072 | arg_quiet = 1; |
| 1084 | arg_debug = 0; | 1073 | arg_debug = 0; |
| 1085 | } | 1074 | } |
| 1086 | else if (strcmp(argv[i], "--force") == 0) | ||
| 1087 | ; | ||
| 1088 | else if (strcmp(argv[i], "--allow-debuggers") == 0) { | 1075 | else if (strcmp(argv[i], "--allow-debuggers") == 0) { |
| 1089 | // already handled | 1076 | // already handled |
| 1090 | } | 1077 | } |