diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/common.mk.in | 3 | ||||
-rw-r--r-- | src/firecfg/desktop_files.c | 9 | ||||
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rw-r--r-- | src/firejail/profile.c | 4 |
4 files changed, 17 insertions, 1 deletions
diff --git a/src/common.mk.in b/src/common.mk.in index c55c26f42..38c05bc69 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
@@ -28,6 +28,7 @@ HAVE_USERTMPFS=@HAVE_USERTMPFS@ | |||
28 | HAVE_OUTPUT=@HAVE_OUTPUT@ | 28 | HAVE_OUTPUT=@HAVE_OUTPUT@ |
29 | HAVE_LTS=@HAVE_LTS@ | 29 | HAVE_LTS=@HAVE_LTS@ |
30 | HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@ | 30 | HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@ |
31 | HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@ | ||
31 | 32 | ||
32 | H_FILE_LIST = $(sort $(wildcard *.h)) | 33 | H_FILE_LIST = $(sort $(wildcard *.h)) |
33 | C_FILE_LIST = $(sort $(wildcard *.c)) | 34 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -37,7 +38,7 @@ BINOBJS = $(foreach file, $(OBJS), $file) | |||
37 | CFLAGS = @CFLAGS@ | 38 | CFLAGS = @CFLAGS@ |
38 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | 39 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) |
39 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' -DVARDIR='"/var/lib/firejail"' | 40 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' -DVARDIR='"/var/lib/firejail"' |
40 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) | 41 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) $(HAVE_ONLY_SYSCFG_PROFILES) |
41 | CFLAGS += $(MANFLAGS) | 42 | CFLAGS += $(MANFLAGS) |
42 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security | 43 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security |
43 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now | 44 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now |
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index d434cb95e..408662907 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c | |||
@@ -24,11 +24,16 @@ | |||
24 | static int check_profile(const char *name, const char *homedir) { | 24 | static int check_profile(const char *name, const char *homedir) { |
25 | // build profile name | 25 | // build profile name |
26 | char *profname1; | 26 | char *profname1; |
27 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
27 | char *profname2; | 28 | char *profname2; |
29 | #endif | ||
28 | if (asprintf(&profname1, "%s/%s.profile", SYSCONFDIR, name) == -1) | 30 | if (asprintf(&profname1, "%s/%s.profile", SYSCONFDIR, name) == -1) |
29 | errExit("asprintf"); | 31 | errExit("asprintf"); |
32 | |||
33 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
30 | if (asprintf(&profname2, "%s/.config/firejail/%s.profile", homedir, name) == -1) | 34 | if (asprintf(&profname2, "%s/.config/firejail/%s.profile", homedir, name) == -1) |
31 | errExit("asprintf"); | 35 | errExit("asprintf"); |
36 | #endif | ||
32 | 37 | ||
33 | int rv = 0; | 38 | int rv = 0; |
34 | if (access(profname1, R_OK) == 0) { | 39 | if (access(profname1, R_OK) == 0) { |
@@ -36,14 +41,18 @@ static int check_profile(const char *name, const char *homedir) { | |||
36 | printf("found %s\n", profname1); | 41 | printf("found %s\n", profname1); |
37 | rv = 1; | 42 | rv = 1; |
38 | } | 43 | } |
44 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
39 | else if (access(profname2, R_OK) == 0) { | 45 | else if (access(profname2, R_OK) == 0) { |
40 | if (arg_debug) | 46 | if (arg_debug) |
41 | printf("found %s\n", profname2); | 47 | printf("found %s\n", profname2); |
42 | rv = 1; | 48 | rv = 1; |
43 | } | 49 | } |
50 | #endif | ||
44 | 51 | ||
45 | free(profname1); | 52 | free(profname1); |
53 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
46 | free(profname2); | 54 | free(profname2); |
55 | #endif | ||
47 | return rv; | 56 | return rv; |
48 | } | 57 | } |
49 | 58 | ||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 04ea715cd..c03cd7a12 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -825,11 +825,13 @@ void fs_proc_sys_dev_boot(void) { | |||
825 | // disable firejail configuration in ~/.config/firejail | 825 | // disable firejail configuration in ~/.config/firejail |
826 | void disable_config(void) { | 826 | void disable_config(void) { |
827 | EUID_USER(); | 827 | EUID_USER(); |
828 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
828 | char *fname; | 829 | char *fname; |
829 | if (asprintf(&fname, "%s/.config/firejail", cfg.homedir) == -1) | 830 | if (asprintf(&fname, "%s/.config/firejail", cfg.homedir) == -1) |
830 | errExit("asprintf"); | 831 | errExit("asprintf"); |
831 | disable_file(BLACKLIST_FILE, fname); | 832 | disable_file(BLACKLIST_FILE, fname); |
832 | free(fname); | 833 | free(fname); |
834 | #endif | ||
833 | 835 | ||
834 | // disable run time information | 836 | // disable run time information |
835 | disable_file(BLACKLIST_FILE, RUN_FIREJAIL_NETWORK_DIR); | 837 | disable_file(BLACKLIST_FILE, RUN_FIREJAIL_NETWORK_DIR); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 794668dc6..0e1829559 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -72,6 +72,7 @@ static int profile_find(const char *name, const char *dir, int add_ext) { | |||
72 | // search and read the profile specified by name from firejail directories | 72 | // search and read the profile specified by name from firejail directories |
73 | // return 1 if a profile was found | 73 | // return 1 if a profile was found |
74 | int profile_find_firejail(const char *name, int add_ext) { | 74 | int profile_find_firejail(const char *name, int add_ext) { |
75 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
75 | // look for a profile in ~/.config/firejail directory | 76 | // look for a profile in ~/.config/firejail directory |
76 | char *usercfgdir; | 77 | char *usercfgdir; |
77 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | 78 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) |
@@ -84,6 +85,9 @@ int profile_find_firejail(const char *name, int add_ext) { | |||
84 | rv = profile_find(name, SYSCONFDIR, add_ext); | 85 | rv = profile_find(name, SYSCONFDIR, add_ext); |
85 | 86 | ||
86 | return rv; | 87 | return rv; |
88 | #else | ||
89 | return profile_find(name, SYSCONFDIR, add_ext); | ||
90 | #endif | ||
87 | } | 91 | } |
88 | 92 | ||
89 | //*************************************************** | 93 | //*************************************************** |