diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/common.mk.in | 3 | ||||
| -rw-r--r-- | src/firecfg/desktop_files.c | 9 | ||||
| -rw-r--r-- | src/firejail/fs.c | 2 | ||||
| -rw-r--r-- | src/firejail/profile.c | 4 |
4 files changed, 17 insertions, 1 deletions
diff --git a/src/common.mk.in b/src/common.mk.in index c55c26f42..38c05bc69 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
| @@ -28,6 +28,7 @@ HAVE_USERTMPFS=@HAVE_USERTMPFS@ | |||
| 28 | HAVE_OUTPUT=@HAVE_OUTPUT@ | 28 | HAVE_OUTPUT=@HAVE_OUTPUT@ |
| 29 | HAVE_LTS=@HAVE_LTS@ | 29 | HAVE_LTS=@HAVE_LTS@ |
| 30 | HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@ | 30 | HAVE_FORCE_NONEWPRIVS=@HAVE_FORCE_NONEWPRIVS@ |
| 31 | HAVE_ONLY_SYSCFG_PROFILES=@HAVE_ONLY_SYSCFG_PROFILES@ | ||
| 31 | 32 | ||
| 32 | H_FILE_LIST = $(sort $(wildcard *.h)) | 33 | H_FILE_LIST = $(sort $(wildcard *.h)) |
| 33 | C_FILE_LIST = $(sort $(wildcard *.c)) | 34 | C_FILE_LIST = $(sort $(wildcard *.c)) |
| @@ -37,7 +38,7 @@ BINOBJS = $(foreach file, $(OBJS), $file) | |||
| 37 | CFLAGS = @CFLAGS@ | 38 | CFLAGS = @CFLAGS@ |
| 38 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | 39 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) |
| 39 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' -DVARDIR='"/var/lib/firejail"' | 40 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' -DVARDIR='"/var/lib/firejail"' |
| 40 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) | 41 | MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) $(HAVE_ONLY_SYSCFG_PROFILES) |
| 41 | CFLAGS += $(MANFLAGS) | 42 | CFLAGS += $(MANFLAGS) |
| 42 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security | 43 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security |
| 43 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now | 44 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now |
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index d434cb95e..408662907 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c | |||
| @@ -24,11 +24,16 @@ | |||
| 24 | static int check_profile(const char *name, const char *homedir) { | 24 | static int check_profile(const char *name, const char *homedir) { |
| 25 | // build profile name | 25 | // build profile name |
| 26 | char *profname1; | 26 | char *profname1; |
| 27 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
| 27 | char *profname2; | 28 | char *profname2; |
| 29 | #endif | ||
| 28 | if (asprintf(&profname1, "%s/%s.profile", SYSCONFDIR, name) == -1) | 30 | if (asprintf(&profname1, "%s/%s.profile", SYSCONFDIR, name) == -1) |
| 29 | errExit("asprintf"); | 31 | errExit("asprintf"); |
| 32 | |||
| 33 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
| 30 | if (asprintf(&profname2, "%s/.config/firejail/%s.profile", homedir, name) == -1) | 34 | if (asprintf(&profname2, "%s/.config/firejail/%s.profile", homedir, name) == -1) |
| 31 | errExit("asprintf"); | 35 | errExit("asprintf"); |
| 36 | #endif | ||
| 32 | 37 | ||
| 33 | int rv = 0; | 38 | int rv = 0; |
| 34 | if (access(profname1, R_OK) == 0) { | 39 | if (access(profname1, R_OK) == 0) { |
| @@ -36,14 +41,18 @@ static int check_profile(const char *name, const char *homedir) { | |||
| 36 | printf("found %s\n", profname1); | 41 | printf("found %s\n", profname1); |
| 37 | rv = 1; | 42 | rv = 1; |
| 38 | } | 43 | } |
| 44 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
| 39 | else if (access(profname2, R_OK) == 0) { | 45 | else if (access(profname2, R_OK) == 0) { |
| 40 | if (arg_debug) | 46 | if (arg_debug) |
| 41 | printf("found %s\n", profname2); | 47 | printf("found %s\n", profname2); |
| 42 | rv = 1; | 48 | rv = 1; |
| 43 | } | 49 | } |
| 50 | #endif | ||
| 44 | 51 | ||
| 45 | free(profname1); | 52 | free(profname1); |
| 53 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
| 46 | free(profname2); | 54 | free(profname2); |
| 55 | #endif | ||
| 47 | return rv; | 56 | return rv; |
| 48 | } | 57 | } |
| 49 | 58 | ||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 04ea715cd..c03cd7a12 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -825,11 +825,13 @@ void fs_proc_sys_dev_boot(void) { | |||
| 825 | // disable firejail configuration in ~/.config/firejail | 825 | // disable firejail configuration in ~/.config/firejail |
| 826 | void disable_config(void) { | 826 | void disable_config(void) { |
| 827 | EUID_USER(); | 827 | EUID_USER(); |
| 828 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
| 828 | char *fname; | 829 | char *fname; |
| 829 | if (asprintf(&fname, "%s/.config/firejail", cfg.homedir) == -1) | 830 | if (asprintf(&fname, "%s/.config/firejail", cfg.homedir) == -1) |
| 830 | errExit("asprintf"); | 831 | errExit("asprintf"); |
| 831 | disable_file(BLACKLIST_FILE, fname); | 832 | disable_file(BLACKLIST_FILE, fname); |
| 832 | free(fname); | 833 | free(fname); |
| 834 | #endif | ||
| 833 | 835 | ||
| 834 | // disable run time information | 836 | // disable run time information |
| 835 | disable_file(BLACKLIST_FILE, RUN_FIREJAIL_NETWORK_DIR); | 837 | disable_file(BLACKLIST_FILE, RUN_FIREJAIL_NETWORK_DIR); |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 794668dc6..0e1829559 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -72,6 +72,7 @@ static int profile_find(const char *name, const char *dir, int add_ext) { | |||
| 72 | // search and read the profile specified by name from firejail directories | 72 | // search and read the profile specified by name from firejail directories |
| 73 | // return 1 if a profile was found | 73 | // return 1 if a profile was found |
| 74 | int profile_find_firejail(const char *name, int add_ext) { | 74 | int profile_find_firejail(const char *name, int add_ext) { |
| 75 | #ifndef HAVE_ONLY_SYSCFG_PROFILES | ||
| 75 | // look for a profile in ~/.config/firejail directory | 76 | // look for a profile in ~/.config/firejail directory |
| 76 | char *usercfgdir; | 77 | char *usercfgdir; |
| 77 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) | 78 | if (asprintf(&usercfgdir, "%s/.config/firejail", cfg.homedir) == -1) |
| @@ -84,6 +85,9 @@ int profile_find_firejail(const char *name, int add_ext) { | |||
| 84 | rv = profile_find(name, SYSCONFDIR, add_ext); | 85 | rv = profile_find(name, SYSCONFDIR, add_ext); |
| 85 | 86 | ||
| 86 | return rv; | 87 | return rv; |
| 88 | #else | ||
| 89 | return profile_find(name, SYSCONFDIR, add_ext); | ||
| 90 | #endif | ||
| 87 | } | 91 | } |
| 88 | 92 | ||
| 89 | //*************************************************** | 93 | //*************************************************** |