diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/firejail/output.c | 22 | ||||
-rw-r--r-- | src/firejail/usage.c | 5 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
4 files changed, 25 insertions, 8 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 31857ee57..407902676 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1022,7 +1022,7 @@ int main(int argc, char **argv) { | |||
1022 | } | 1022 | } |
1023 | else { | 1023 | else { |
1024 | // check --output option and execute it; | 1024 | // check --output option and execute it; |
1025 | check_output(argc, argv); // the function will not return if --output option was found | 1025 | check_output(argc, argv); // the function will not return if --output or --output-stderr option was found |
1026 | } | 1026 | } |
1027 | 1027 | ||
1028 | 1028 | ||
diff --git a/src/firejail/output.c b/src/firejail/output.c index 9fb4ad6b1..abdfa4d3b 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c | |||
@@ -27,12 +27,18 @@ void check_output(int argc, char **argv) { | |||
27 | 27 | ||
28 | int i; | 28 | int i; |
29 | int outindex = 0; | 29 | int outindex = 0; |
30 | 30 | int enable_stderr = 0; | |
31 | |||
31 | for (i = 1; i < argc; i++) { | 32 | for (i = 1; i < argc; i++) { |
32 | if (strncmp(argv[i], "--output=", 9) == 0) { | 33 | if (strncmp(argv[i], "--output=", 9) == 0) { |
33 | outindex = i; | 34 | outindex = i; |
34 | break; | 35 | break; |
35 | } | 36 | } |
37 | if (strncmp(argv[i], "--output-stderr=", 16) == 0) { | ||
38 | outindex = i; | ||
39 | enable_stderr = 1; | ||
40 | break; | ||
41 | } | ||
36 | } | 42 | } |
37 | if (!outindex) | 43 | if (!outindex) |
38 | return; | 44 | return; |
@@ -40,9 +46,9 @@ void check_output(int argc, char **argv) { | |||
40 | 46 | ||
41 | // check filename | 47 | // check filename |
42 | drop_privs(0); | 48 | drop_privs(0); |
43 | char *outfile = NULL; | 49 | char *outfile = argv[outindex]; |
44 | invalid_filename(argv[outindex] + 9); | 50 | outfile += (enable_stderr)? 16:9; |
45 | outfile = argv[outindex] + 9; | 51 | invalid_filename(outfile); |
46 | 52 | ||
47 | // do not accept directories, links, and files with ".." | 53 | // do not accept directories, links, and files with ".." |
48 | if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile)) { | 54 | if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile)) { |
@@ -80,9 +86,15 @@ void check_output(int argc, char **argv) { | |||
80 | for (i = 0; i < argc; i++) { | 86 | for (i = 0; i < argc; i++) { |
81 | if (strncmp(argv[i], "--output=", 9) == 0) | 87 | if (strncmp(argv[i], "--output=", 9) == 0) |
82 | continue; | 88 | continue; |
89 | if (strncmp(argv[i], "--output-stderr=", 16) == 0) | ||
90 | continue; | ||
83 | ptr += sprintf(ptr, "%s ", argv[i]); | 91 | ptr += sprintf(ptr, "%s ", argv[i]); |
84 | } | 92 | } |
85 | sprintf(ptr, "2>&1 | %s/firejail/ftee %s", LIBDIR, outfile); | 93 | |
94 | if (enable_stderr) | ||
95 | sprintf(ptr, "2>&1 | %s/firejail/ftee %s", LIBDIR, outfile); | ||
96 | else | ||
97 | sprintf(ptr, " | %s/firejail/ftee %s", LIBDIR, outfile); | ||
86 | 98 | ||
87 | // run command | 99 | // run command |
88 | char *a[4]; | 100 | char *a[4]; |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 71bb6f24e..b9ab00eae 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -134,11 +134,12 @@ void usage(void) { | |||
134 | printf(" --novideo - disable video devices.\n"); | 134 | printf(" --novideo - disable video devices.\n"); |
135 | printf(" --nowhitelist=filename - disable whitelist for file or directory .\n"); | 135 | printf(" --nowhitelist=filename - disable whitelist for file or directory .\n"); |
136 | printf(" --output=logfile - stdout logging and log rotation.\n"); | 136 | printf(" --output=logfile - stdout logging and log rotation.\n"); |
137 | printf(" --output-stderr=logfile - stdout and stderr logging and log rotation.\n"); | ||
137 | printf(" --overlay - mount a filesystem overlay on top of the current filesystem.\n"); | 138 | printf(" --overlay - mount a filesystem overlay on top of the current filesystem.\n"); |
138 | printf(" --overlay-named=name - mount a filesystem overlay on top of the current\n"); | 139 | printf(" --overlay-named=name - mount a filesystem overlay on top of the current\n"); |
139 | printf("\tfilesystem, and store it in name directory.\n"); | 140 | printf("\tfilesystem, and store it in name directory.\n"); |
140 | printf(" --overlay-tmpfs - mount a temporary filesystem overlay on top of the current\n"); | 141 | printf(" --overlay-tmpfs - mount a temporary filesystem overlay on top of the\n"); |
141 | printf("\tfilesystem.\n"); | 142 | printf("\tcurrent filesystem.\n"); |
142 | printf(" --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n"); | 143 | printf(" --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n"); |
143 | printf(" --private - temporary home directory.\n"); | 144 | printf(" --private - temporary home directory.\n"); |
144 | printf(" --private=directory - use directory as user home.\n"); | 145 | printf(" --private=directory - use directory as user home.\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e7b427e7e..2c8dca09a 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1139,6 +1139,10 @@ $ ls -l sandboxlog* | |||
1139 | -rw-r--r-- 1 netblue netblue 511488 Jun 2 07:48 sandboxlog.5 | 1139 | -rw-r--r-- 1 netblue netblue 511488 Jun 2 07:48 sandboxlog.5 |
1140 | 1140 | ||
1141 | .TP | 1141 | .TP |
1142 | \fB\-\-output-stderr=logfile | ||
1143 | Similar to \-\-output, but stderr is also stored. | ||
1144 | |||
1145 | .TP | ||
1142 | \fB\-\-overlay | 1146 | \fB\-\-overlay |
1143 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, | 1147 | Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, |
1144 | the system directories are mounted read-write. All filesystem modifications go into the overlay. | 1148 | the system directories are mounted read-write. All filesystem modifications go into the overlay. |