diff options
Diffstat (limited to 'src/firejail/main.c')
| -rw-r--r-- | src/firejail/main.c | 35 |
1 files changed, 6 insertions, 29 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 069aa6ca8..7730e8384 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -888,8 +888,6 @@ int main(int argc, char **argv) { | |||
| 888 | int option_cgroup = 0; | 888 | int option_cgroup = 0; |
| 889 | int option_force = 0; | 889 | int option_force = 0; |
| 890 | int custom_profile = 0; // custom profile loaded | 890 | int custom_profile = 0; // custom profile loaded |
| 891 | char *custom_profile_dir = NULL; // custom profile directory | ||
| 892 | |||
| 893 | 891 | ||
| 894 | atexit(clear_atexit); | 892 | atexit(clear_atexit); |
| 895 | 893 | ||
| @@ -1497,22 +1495,8 @@ int main(int argc, char **argv) { | |||
| 1497 | free(ppath); | 1495 | free(ppath); |
| 1498 | } | 1496 | } |
| 1499 | else if (strncmp(argv[i], "--profile-path=", 15) == 0) { | 1497 | else if (strncmp(argv[i], "--profile-path=", 15) == 0) { |
| 1500 | if (arg_noprofile) { | 1498 | if (!arg_quiet) |
| 1501 | fprintf(stderr, "Error: --noprofile and --profile-path options are mutually exclusive\n"); | 1499 | fprintf(stderr, "Warning: --profile-path has been deprecated\n"); |
| 1502 | exit(1); | ||
| 1503 | } | ||
| 1504 | custom_profile_dir = expand_home(argv[i] + 15, cfg.homedir); | ||
| 1505 | invalid_filename(custom_profile_dir, 0); // no globbing | ||
| 1506 | if (!is_dir(custom_profile_dir) || is_link(custom_profile_dir) || strstr(custom_profile_dir, "..")) { | ||
| 1507 | fprintf(stderr, "Error: invalid profile path\n"); | ||
| 1508 | exit(1); | ||
| 1509 | } | ||
| 1510 | |||
| 1511 | // access call checks as real UID/GID, not as effective UID/GID | ||
| 1512 | if (access(custom_profile_dir, R_OK)) { | ||
| 1513 | fprintf(stderr, "Error: cannot access profile directory\n"); | ||
| 1514 | return 1; | ||
| 1515 | } | ||
| 1516 | } | 1500 | } |
| 1517 | else if (strcmp(argv[i], "--noprofile") == 0) { | 1501 | else if (strcmp(argv[i], "--noprofile") == 0) { |
| 1518 | if (custom_profile) { | 1502 | if (custom_profile) { |
| @@ -2398,11 +2382,7 @@ int main(int argc, char **argv) { | |||
| 2398 | } | 2382 | } |
| 2399 | if (!custom_profile) { | 2383 | if (!custom_profile) { |
| 2400 | // look for a user profile in /etc/firejail directory | 2384 | // look for a user profile in /etc/firejail directory |
| 2401 | int rv; | 2385 | int rv = profile_find(cfg.command_name, SYSCONFDIR); |
| 2402 | if (custom_profile_dir) | ||
| 2403 | rv = profile_find(cfg.command_name, custom_profile_dir); | ||
| 2404 | else | ||
| 2405 | rv = profile_find(cfg.command_name, SYSCONFDIR); | ||
| 2406 | custom_profile = rv; | 2386 | custom_profile = rv; |
| 2407 | } | 2387 | } |
| 2408 | } | 2388 | } |
| @@ -2430,13 +2410,10 @@ int main(int argc, char **argv) { | |||
| 2430 | custom_profile = profile_find(profile_name, usercfgdir); | 2410 | custom_profile = profile_find(profile_name, usercfgdir); |
| 2431 | free(usercfgdir); | 2411 | free(usercfgdir); |
| 2432 | 2412 | ||
| 2433 | if (!custom_profile) { | 2413 | if (!custom_profile) |
| 2434 | // look for the profile in /etc/firejail directory | 2414 | // look for the profile in /etc/firejail directory |
| 2435 | if (custom_profile_dir) | 2415 | custom_profile = profile_find(profile_name, SYSCONFDIR); |
| 2436 | custom_profile = profile_find(profile_name, custom_profile_dir); | 2416 | |
| 2437 | else | ||
| 2438 | custom_profile = profile_find(profile_name, SYSCONFDIR); | ||
| 2439 | } | ||
| 2440 | if (!custom_profile) { | 2417 | if (!custom_profile) { |
| 2441 | fprintf(stderr, "Error: no default.profile installed\n"); | 2418 | fprintf(stderr, "Error: no default.profile installed\n"); |
| 2442 | exit(1); | 2419 | exit(1); |