diff options
Diffstat (limited to 'src/firejail/sbox.c')
-rw-r--r-- | src/firejail/sbox.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 7dca9aa99..f387d25fa 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c | |||
@@ -129,8 +129,24 @@ int sbox_run(unsigned filter, int num, ...) { | |||
129 | if (child < 0) | 129 | if (child < 0) |
130 | errExit("fork"); | 130 | errExit("fork"); |
131 | if (child == 0) { | 131 | if (child == 0) { |
132 | // clean the new process | 132 | // preserve firejail-specific env vars |
133 | char *cl = getenv("FIREJAIL_FILE_COPY_LIMIT"); | ||
134 | if (cl) { | ||
135 | // duplicate the value, who knows what's going to happen with it in clearenv! | ||
136 | cl = strdup(cl); | ||
137 | if (!cl) | ||
138 | errExit("strdup"); | ||
139 | } | ||
133 | clearenv(); | 140 | clearenv(); |
141 | if (cl) { | ||
142 | if (setenv("FIREJAIL_FILE_COPY_LIMIT", cl, 1) == -1) | ||
143 | errExit("setenv"); | ||
144 | free(cl); | ||
145 | } | ||
146 | if (arg_quiet) // --quiet is passed as an environment variable | ||
147 | setenv("FIREJAIL_QUIET", "yes", 1); | ||
148 | if (arg_debug) // --debug is passed as an environment variable | ||
149 | setenv("FIREJAIL_DEBUG", "yes", 1); | ||
134 | 150 | ||
135 | if (filter & SBOX_STDIN_FROM_FILE) { | 151 | if (filter & SBOX_STDIN_FROM_FILE) { |
136 | int fd; | 152 | int fd; |
@@ -196,12 +212,6 @@ int sbox_run(unsigned filter, int num, ...) { | |||
196 | else if (filter & SBOX_USER) | 212 | else if (filter & SBOX_USER) |
197 | drop_privs(1); | 213 | drop_privs(1); |
198 | 214 | ||
199 | clearenv(); | ||
200 | |||
201 | // --quiet is passed as an environment variable | ||
202 | if (arg_quiet) | ||
203 | setenv("FIREJAIL_QUIET", "yes", 1); | ||
204 | |||
205 | if (arg[0]) // get rid of scan-build warning | 215 | if (arg[0]) // get rid of scan-build warning |
206 | execvp(arg[0], arg); | 216 | execvp(arg[0], arg); |
207 | else | 217 | else |