diff options
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r-- | src/firejail/main.c | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 2a56d1725..f7191c981 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -399,6 +399,7 @@ int main(int argc, char **argv) { | |||
399 | int arg_ipc = 0; | 399 | int arg_ipc = 0; |
400 | int arg_cgroup = 0; | 400 | int arg_cgroup = 0; |
401 | int custom_profile = 0; // custom profile loaded | 401 | int custom_profile = 0; // custom profile loaded |
402 | int arg_noprofile = 0; // use generic.profile if none other found/specified | ||
402 | 403 | ||
403 | // initialize globals | 404 | // initialize globals |
404 | init_cfg(); | 405 | init_cfg(); |
@@ -653,6 +654,10 @@ int main(int argc, char **argv) { | |||
653 | arg_overlay = 1; | 654 | arg_overlay = 1; |
654 | } | 655 | } |
655 | else if (strncmp(argv[i], "--profile=", 10) == 0) { | 656 | else if (strncmp(argv[i], "--profile=", 10) == 0) { |
657 | if (arg_noprofile) { | ||
658 | fprintf(stderr, "Error: --noprofile and --profile options are mutually exclusive\n"); | ||
659 | exit(1); | ||
660 | } | ||
656 | // multiple profile files are allowed! | 661 | // multiple profile files are allowed! |
657 | char *ptr = argv[i] + 10; | 662 | char *ptr = argv[i] + 10; |
658 | if (is_dir(ptr) || is_link(ptr) || strstr(ptr, "..")) { | 663 | if (is_dir(ptr) || is_link(ptr) || strstr(ptr, "..")) { |
@@ -669,6 +674,13 @@ int main(int argc, char **argv) { | |||
669 | profile_read(argv[i] + 10, NULL, NULL); | 674 | profile_read(argv[i] + 10, NULL, NULL); |
670 | custom_profile = 1; | 675 | custom_profile = 1; |
671 | } | 676 | } |
677 | else if (strcmp(argv[i], "--noprofile") == 0) { | ||
678 | if (custom_profile) { | ||
679 | fprintf(stderr, "Error: --profile and --noprofile options are mutually exclusive\n"); | ||
680 | exit(1); | ||
681 | } | ||
682 | arg_noprofile = 1; | ||
683 | } | ||
672 | #ifdef HAVE_CHROOT | 684 | #ifdef HAVE_CHROOT |
673 | else if (strncmp(argv[i], "--chroot=", 9) == 0) { | 685 | else if (strncmp(argv[i], "--chroot=", 9) == 0) { |
674 | if (arg_overlay) { | 686 | if (arg_overlay) { |
@@ -1054,7 +1066,7 @@ int main(int argc, char **argv) { | |||
1054 | } | 1066 | } |
1055 | 1067 | ||
1056 | // load the profile | 1068 | // load the profile |
1057 | { | 1069 | if (!arg_noprofile) { |
1058 | assert(cfg.command_name); | 1070 | assert(cfg.command_name); |
1059 | if (arg_debug) | 1071 | if (arg_debug) |
1060 | printf("Command name #%s#\n", cfg.command_name); | 1072 | printf("Command name #%s#\n", cfg.command_name); |
@@ -1074,6 +1086,26 @@ int main(int argc, char **argv) { | |||
1074 | } | 1086 | } |
1075 | } | 1087 | } |
1076 | 1088 | ||
1089 | // use generic.profile as the default | ||
1090 | if (!custom_profile && !arg_noprofile) { | ||
1091 | if (arg_debug) | ||
1092 | printf("Attempting to find generic.profile..."); | ||
1093 | |||
1094 | // look for the profile in ~/.config/firejail directory | ||
1095 | char *usercfgdir; | ||
1096 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | ||
1097 | errExit("asprintf"); | ||
1098 | int rv = profile_find(GENERIC_PROFILE_NAME, usercfgdir); | ||
1099 | free(usercfgdir); | ||
1100 | custom_profile = rv; | ||
1101 | |||
1102 | if (!custom_profile) { | ||
1103 | // look for the profile in /etc/firejail directory | ||
1104 | int rv = profile_find(GENERIC_PROFILE_NAME, "/etc/firejail"); | ||
1105 | custom_profile = rv; | ||
1106 | } | ||
1107 | } | ||
1108 | |||
1077 | // check and assign an IP address - for macvlan it will be done again in the sandbox! | 1109 | // check and assign an IP address - for macvlan it will be done again in the sandbox! |
1078 | if (any_bridge_configured()) { | 1110 | if (any_bridge_configured()) { |
1079 | lockfd = open("/tmp/firejail/firejail.lock", O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); | 1111 | lockfd = open("/tmp/firejail/firejail.lock", O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); |