diff options
Diffstat (limited to 'src/firejail/profile.c')
| -rw-r--r-- | src/firejail/profile.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 244370b98..0f6d49868 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -65,7 +65,7 @@ int profile_find(const char *name, const char *dir) { | |||
| 65 | // check profile line; if line == 0, this was generated from a command line option | 65 | // check profile line; if line == 0, this was generated from a command line option |
| 66 | // return 1 if the command is to be added to the linked list of profile commands | 66 | // return 1 if the command is to be added to the linked list of profile commands |
| 67 | // return 0 if the command was already executed inside the function | 67 | // return 0 if the command was already executed inside the function |
| 68 | int profile_check_line(char *ptr, int lineno) { | 68 | int profile_check_line(char *ptr, int lineno, const char *fname) { |
| 69 | // check ignore list | 69 | // check ignore list |
| 70 | int i; | 70 | int i; |
| 71 | for (i = 0; i < MAX_PROFILE_IGNORE; i++) { | 71 | for (i = 0; i < MAX_PROFILE_IGNORE; i++) { |
| @@ -99,8 +99,17 @@ int profile_check_line(char *ptr, int lineno) { | |||
| 99 | return 0; | 99 | return 0; |
| 100 | } | 100 | } |
| 101 | 101 | ||
| 102 | // sandbox name | ||
| 103 | if (strncmp(ptr, "name ", 5) == 0) { | ||
| 104 | cfg.name = ptr + 5; | ||
| 105 | if (strlen(cfg.name) == 0) { | ||
| 106 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
| 107 | exit(1); | ||
| 108 | } | ||
| 109 | return 0; | ||
| 110 | } | ||
| 102 | // seccomp, caps, private, user namespace | 111 | // seccomp, caps, private, user namespace |
| 103 | if (strcmp(ptr, "noroot") == 0) { | 112 | else if (strcmp(ptr, "noroot") == 0) { |
| 104 | check_user_namespace(); | 113 | check_user_namespace(); |
| 105 | return 0; | 114 | return 0; |
| 106 | } | 115 | } |
| @@ -395,6 +404,8 @@ int profile_check_line(char *ptr, int lineno) { | |||
| 395 | else { | 404 | else { |
| 396 | if (lineno == 0) | 405 | if (lineno == 0) |
| 397 | fprintf(stderr, "Error: \"%s\" as a command line option is invalid\n", ptr); | 406 | fprintf(stderr, "Error: \"%s\" as a command line option is invalid\n", ptr); |
| 407 | else if (fname != NULL) | ||
| 408 | fprintf(stderr, "Error: line %d in %s is invalid\n", lineno, fname); | ||
| 398 | else | 409 | else |
| 399 | fprintf(stderr, "Error: line %d in the custom profile is invalid\n", lineno); | 410 | fprintf(stderr, "Error: line %d in the custom profile is invalid\n", lineno); |
| 400 | exit(1); | 411 | exit(1); |
| @@ -405,6 +416,8 @@ int profile_check_line(char *ptr, int lineno) { | |||
| 405 | if (strstr(ptr, "..")) { | 416 | if (strstr(ptr, "..")) { |
| 406 | if (lineno == 0) | 417 | if (lineno == 0) |
| 407 | fprintf(stderr, "Error: \"%s\" is an invalid filename\n", ptr); | 418 | fprintf(stderr, "Error: \"%s\" is an invalid filename\n", ptr); |
| 419 | else if (fname != NULL) | ||
| 420 | fprintf(stderr, "Error: line %d in %s is invalid\n", lineno, fname); | ||
| 408 | else | 421 | else |
| 409 | fprintf(stderr, "Error: line %d in the custom profile is invalid\n", lineno); | 422 | fprintf(stderr, "Error: line %d in the custom profile is invalid\n", lineno); |
| 410 | exit(1); | 423 | exit(1); |
| @@ -492,7 +505,7 @@ void profile_read(const char *fname) { | |||
| 492 | } | 505 | } |
| 493 | 506 | ||
| 494 | // verify syntax, exit in case of error | 507 | // verify syntax, exit in case of error |
| 495 | if (profile_check_line(ptr, lineno)) | 508 | if (profile_check_line(ptr, lineno, fname)) |
| 496 | profile_add(ptr); | 509 | profile_add(ptr); |
| 497 | } | 510 | } |
| 498 | fclose(fp); | 511 | fclose(fp); |