diff options
Diffstat (limited to 'src/firejail/profile.c')
| -rw-r--r-- | src/firejail/profile.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index c7c8fd9fa..5f5d94ddf 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -25,7 +25,8 @@ extern char *xephyr_screen; | |||
| 25 | #define MAX_READ 8192 // line buffer for profile files | 25 | #define MAX_READ 8192 // line buffer for profile files |
| 26 | 26 | ||
| 27 | // find and read the profile specified by name from dir directory | 27 | // find and read the profile specified by name from dir directory |
| 28 | int profile_find(const char *name, const char *dir, int add_ext) { | 28 | // return 1 if a profile was found |
| 29 | static int profile_find(const char *name, const char *dir, int add_ext) { | ||
| 29 | EUID_ASSERT(); | 30 | EUID_ASSERT(); |
| 30 | assert(name); | 31 | assert(name); |
| 31 | assert(dir); | 32 | assert(dir); |
| @@ -64,6 +65,7 @@ int profile_find(const char *name, const char *dir, int add_ext) { | |||
| 64 | } | 65 | } |
| 65 | 66 | ||
| 66 | // search and read the profile specified by name from firejail directories | 67 | // search and read the profile specified by name from firejail directories |
| 68 | // return 1 if a profile was found | ||
| 67 | int profile_find_firejail(const char *name, int add_ext) { | 69 | int profile_find_firejail(const char *name, int add_ext) { |
| 68 | // look for a profile in ~/.config/firejail directory | 70 | // look for a profile in ~/.config/firejail directory |
| 69 | char *usercfgdir; | 71 | char *usercfgdir; |
| @@ -139,6 +141,7 @@ int profile_check_conditional(char *ptr, int lineno, const char *fname) { | |||
| 139 | bool value; // true if set | 141 | bool value; // true if set |
| 140 | } conditionals[] = { | 142 | } conditionals[] = { |
| 141 | {"HAS_APPIMAGE", strlen("HAS_APPIMAGE"), arg_appimage!=0}, | 143 | {"HAS_APPIMAGE", strlen("HAS_APPIMAGE"), arg_appimage!=0}, |
| 144 | {"BROWSER_DISABLE_U2F", strlen("BROWSER_DISABLE_U2F"), checkcfg(CFG_BROWSER_DISABLE_U2F)!=0}, | ||
| 142 | NULL | 145 | NULL |
| 143 | }, *cond = conditionals; | 146 | }, *cond = conditionals; |
| 144 | char *tmp = ptr, *msg = NULL; | 147 | char *tmp = ptr, *msg = NULL; |
| @@ -1437,7 +1440,13 @@ void profile_read(const char *fname) { | |||
| 1437 | ptr2++; | 1440 | ptr2++; |
| 1438 | // profile path contains no / chars, do a search | 1441 | // profile path contains no / chars, do a search |
| 1439 | if (*ptr2 == '\0') { | 1442 | if (*ptr2 == '\0') { |
| 1440 | profile_find_firejail(newprofile, 0); | 1443 | int rv = profile_find_firejail(newprofile, 0); // returns 1 if a profile was found in sysconfig directory |
| 1444 | if (!rv) { | ||
| 1445 | // maybe this is a file in the local working directory? | ||
| 1446 | // it will stop the sandbox if not! | ||
| 1447 | // Note: if the file ends in .local it will not stop the program | ||
| 1448 | profile_read(newprofile); | ||
| 1449 | } | ||
| 1441 | } | 1450 | } |
| 1442 | else { | 1451 | else { |
| 1443 | profile_read(newprofile); | 1452 | profile_read(newprofile); |