diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs.c | 8 | ||||
-rw-r--r-- | src/firejail/main.c | 3 | ||||
-rw-r--r-- | src/firejail/profile.c | 3 | ||||
-rw-r--r-- | src/man/firejail.txt | 9 |
5 files changed, 4 insertions, 20 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index e10a5d346..d853daa44 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -298,7 +298,6 @@ void clear_run_files(pid_t pid); | |||
298 | 298 | ||
299 | extern int arg_private; // mount private /home | 299 | extern int arg_private; // mount private /home |
300 | extern int arg_private_template; // private /home template | 300 | extern int arg_private_template; // private /home template |
301 | extern int arg_allow_private_blacklist; // blacklist things in private directories | ||
302 | extern int arg_debug; // print debug messages | 301 | extern int arg_debug; // print debug messages |
303 | extern int arg_debug_check_filename; // print debug messages for filename checking | 302 | extern int arg_debug_check_filename; // print debug messages for filename checking |
304 | extern int arg_debug_blacklists; // print debug messages for blacklists | 303 | extern int arg_debug_blacklists; // print debug messages for blacklists |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 0a6f40959..ed2c9a566 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -220,14 +220,6 @@ static void globbing(OPERATION op, const char *pattern, const char *noblacklist[ | |||
220 | } | 220 | } |
221 | } | 221 | } |
222 | 222 | ||
223 | // We don't usually need to blacklist things in private home directories | ||
224 | if (okay_to_blacklist | ||
225 | && cfg.homedir | ||
226 | && arg_private | ||
227 | && (!arg_allow_private_blacklist) | ||
228 | && (strncmp(path, cfg.homedir, strlen(cfg.homedir)) == 0)) | ||
229 | okay_to_blacklist = false; | ||
230 | |||
231 | if (okay_to_blacklist) | 223 | if (okay_to_blacklist) |
232 | disable_file(op, path); | 224 | disable_file(op, path); |
233 | else if (arg_debug) | 225 | else if (arg_debug) |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 584d0c293..126f98d9b 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1600,7 +1600,8 @@ int main(int argc, char **argv) { | |||
1600 | arg_machineid = 1; | 1600 | arg_machineid = 1; |
1601 | } | 1601 | } |
1602 | else if (strcmp(argv[i], "--allow-private-blacklist") == 0) { | 1602 | else if (strcmp(argv[i], "--allow-private-blacklist") == 0) { |
1603 | arg_allow_private_blacklist = 1; | 1603 | if (!arg_quiet) |
1604 | fprintf(stderr, "--allow-private-blacklist was deprecated\n"); | ||
1604 | } | 1605 | } |
1605 | else if (strcmp(argv[i], "--private") == 0) { | 1606 | else if (strcmp(argv[i], "--private") == 0) { |
1606 | arg_private = 1; | 1607 | arg_private = 1; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index a1c94579c..622306c22 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -242,7 +242,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
242 | return 0; | 242 | return 0; |
243 | } | 243 | } |
244 | else if (strcmp(ptr, "allow-private-blacklist") == 0) { | 244 | else if (strcmp(ptr, "allow-private-blacklist") == 0) { |
245 | arg_allow_private_blacklist = 1; | 245 | if (!arg_quiet) |
246 | fprintf(stderr, "--allow-private-blacklist was deprecated\n"); | ||
246 | return 0; | 247 | return 0; |
247 | } | 248 | } |
248 | else if (strcmp(ptr, "netfilter") == 0) { | 249 | else if (strcmp(ptr, "netfilter") == 0) { |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 7ba09ba8a..00481d4d3 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -87,15 +87,6 @@ Example: | |||
87 | .br | 87 | .br |
88 | $ firejail --allow-debuggers --profile=/etc/firejail/firefox.profile strace -f firefox | 88 | $ firejail --allow-debuggers --profile=/etc/firejail/firefox.profile strace -f firefox |
89 | .TP | 89 | .TP |
90 | \fB\-\-allow-private-blacklist | ||
91 | Allow blacklisting files in private home directory. By default these blacklists are disabled. | ||
92 | .br | ||
93 | |||
94 | .br | ||
95 | Example: | ||
96 | .br | ||
97 | $ firejail --allow-private-blacklist --private=~/priv-dir --blacklist=~/.mozilla | ||
98 | .TP | ||
99 | \fB\-\-allusers | 90 | \fB\-\-allusers |
100 | All directories under /home are visible inside the sandbox. By default, only current user home directory is visible. | 91 | All directories under /home are visible inside the sandbox. By default, only current user home directory is visible. |
101 | .br | 92 | .br |