diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firecfg/main.c | 45 | ||||
-rw-r--r-- | src/man/firecfg.1.in | 57 |
2 files changed, 97 insertions, 5 deletions
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 35fa850f1..604b12633 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -143,6 +143,40 @@ static void clean(void) { | |||
143 | printf("\n"); | 143 | printf("\n"); |
144 | } | 144 | } |
145 | 145 | ||
146 | #define ignorelist_maxlen 2048 | ||
147 | static const char *ignorelist[ignorelist_maxlen]; | ||
148 | static int ignorelist_len = 0; | ||
149 | |||
150 | static int append_ignorelist(const char *const str) { | ||
151 | assert(str); | ||
152 | if (ignorelist_len >= ignorelist_maxlen) { | ||
153 | fprintf(stderr, "Warning: Ignore list is full (%d/%d), skipping %s\n", | ||
154 | ignorelist_len, ignorelist_maxlen, str); | ||
155 | return 0; | ||
156 | } | ||
157 | |||
158 | printf(" ignoring '%s'\n", str); | ||
159 | const char *const dup = strdup(str); | ||
160 | if (!dup) | ||
161 | errExit("strdup"); | ||
162 | |||
163 | ignorelist[ignorelist_len] = dup; | ||
164 | ignorelist_len++; | ||
165 | |||
166 | return 1; | ||
167 | } | ||
168 | |||
169 | static int in_ignorelist(const char *const str) { | ||
170 | assert(str); | ||
171 | int i; | ||
172 | for (i = 0; i < ignorelist_len; i++) { | ||
173 | if (strcmp(str, ignorelist[i]) == 0) | ||
174 | return 1; | ||
175 | } | ||
176 | |||
177 | return 0; | ||
178 | } | ||
179 | |||
146 | static void set_file(const char *name, const char *firejail_exec) { | 180 | static void set_file(const char *name, const char *firejail_exec) { |
147 | if (which(name) == 0) | 181 | if (which(name) == 0) |
148 | return; | 182 | return; |
@@ -206,8 +240,17 @@ static void set_links_firecfg(const char *cfgfile) { | |||
206 | if (*start == '\0') | 240 | if (*start == '\0') |
207 | continue; | 241 | continue; |
208 | 242 | ||
243 | // handle ignore command | ||
244 | if (*start == '!') { | ||
245 | append_ignorelist(start + 1); | ||
246 | continue; | ||
247 | } | ||
248 | |||
209 | // set link | 249 | // set link |
210 | set_file(start, FIREJAIL_EXEC); | 250 | if (!in_ignorelist(start)) |
251 | set_file(start, FIREJAIL_EXEC); | ||
252 | else | ||
253 | printf(" %s ignored\n", start); | ||
211 | } | 254 | } |
212 | 255 | ||
213 | fclose(fp); | 256 | fclose(fp); |
diff --git a/src/man/firecfg.1.in b/src/man/firecfg.1.in index a85fbc5da..e43a573de 100644 --- a/src/man/firecfg.1.in +++ b/src/man/firecfg.1.in | |||
@@ -29,9 +29,13 @@ Note: The examples use \fBsudo\fR, but \fBdoas\fR is also supported. | |||
29 | To set it up, run "sudo firecfg" after installing Firejail software. | 29 | To set it up, run "sudo firecfg" after installing Firejail software. |
30 | The same command should also be run after | 30 | The same command should also be run after |
31 | installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin | 31 | installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin |
32 | will be created. For a full list of programs supported by default run "cat /etc/firejail/firecfg.config". | 32 | will be created. |
33 | 33 | .PP | |
34 | For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR. | 34 | To configure the list of programs used by firecfg when creating symlinks, see |
35 | \fBFILES\fR and \fBSYNTAX\fR. | ||
36 | .PP | ||
37 | For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in | ||
38 | \fBman 1 firejail\fR. | ||
35 | .SH DEFAULT ACTIONS | 39 | .SH DEFAULT ACTIONS |
36 | The following actions are implemented by default by running sudo firecfg: | 40 | The following actions are implemented by default by running sudo firecfg: |
37 | 41 | ||
@@ -135,8 +139,53 @@ $ sudo firecfg --clean | |||
135 | /usr/local/bin/vlc removed | 139 | /usr/local/bin/vlc removed |
136 | .br | 140 | .br |
137 | [...] | 141 | [...] |
142 | .SH FILES | ||
143 | .PP | ||
144 | Configuration files are searched for and parsed in the following paths: | ||
145 | .PP | ||
146 | .RS | ||
147 | 1. /etc/firejail/firecfg.d/*.conf (in alphabetical order) | ||
148 | .br | ||
149 | 2. /etc/firejail/firecfg.config | ||
150 | .RE | ||
151 | .PP | ||
152 | The programs that are supported by default are listed in | ||
153 | /etc/firejail/firecfg.config. | ||
154 | It is recommended to leave it as is and put all customizations inside | ||
155 | /etc/firejail/firecfg.d/. | ||
156 | .PP | ||
157 | Profile files are also searched in the user configuration directory: | ||
158 | .PP | ||
159 | .RS | ||
160 | 3. ~/.config/firejail/*.profile | ||
161 | .RE | ||
162 | .PP | ||
163 | For every \fBPROGRAM.profile\fR file found, firecfg attempts to create a | ||
164 | symlink for "PROGRAM", as if "PROGRAM" was listed in a configuration file. | ||
165 | .SH SYNTAX | ||
166 | Configuration file syntax: | ||
167 | .PP | ||
168 | A line that starts with \fB#\fR is considered a comment. | ||
169 | .br | ||
170 | A line that starts with \fB!PROGRAM\fR means to ignore "PROGRAM" when creating | ||
171 | symlinks. | ||
172 | .br | ||
173 | A line that starts with anything else is considered to be the name of an | ||
174 | executable and firecfg will attempt to create a symlink for it. | ||
175 | .PP | ||
176 | For example, to prevent firecfg from creating symlinks for "firefox" and | ||
177 | "patch" while attempting to create a symlink for "myprog", the following lines | ||
178 | could be added to /etc/firejail/firecfg.d/10-my.conf: | ||
179 | .PP | ||
180 | .RS | ||
181 | !firefox | ||
182 | .br | ||
183 | !patch | ||
184 | .br | ||
138 | 185 | ||
139 | 186 | .br | |
187 | myprog | ||
188 | .RE | ||
140 | .SH LICENSE | 189 | .SH LICENSE |
141 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. | 190 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
142 | .PP | 191 | .PP |