diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 8 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/main.c | 20 | ||||
-rw-r--r-- | src/firejail/profile.c | 18 |
4 files changed, 32 insertions, 15 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 50a96fc7a..7f371b299 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -324,6 +324,14 @@ int checkcfg(int val) { | |||
324 | else | 324 | else |
325 | goto errout; | 325 | goto errout; |
326 | } | 326 | } |
327 | else if (strncmp(ptr, "private-lib ", 12) == 0) { | ||
328 | if (strcmp(ptr + 12, "yes") == 0) | ||
329 | cfg_val[CFG_PRIVATE_LIB] = 1; | ||
330 | else if (strcmp(ptr + 12, "no") == 0) | ||
331 | cfg_val[CFG_PRIVATE_LIB] = 0; | ||
332 | else | ||
333 | goto errout; | ||
334 | } | ||
327 | else if (strncmp(ptr, "chroot-desktop ", 15) == 0) { | 335 | else if (strncmp(ptr, "chroot-desktop ", 15) == 0) { |
328 | if (strcmp(ptr + 15, "yes") == 0) | 336 | if (strcmp(ptr + 15, "yes") == 0) |
329 | cfg_val[CFG_CHROOT_DESKTOP] = 1; | 337 | cfg_val[CFG_CHROOT_DESKTOP] = 1; |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 19edb40a0..8e47a72d5 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -708,6 +708,7 @@ enum { | |||
708 | CFG_JOIN, | 708 | CFG_JOIN, |
709 | CFG_ARP_PROBES, | 709 | CFG_ARP_PROBES, |
710 | CFG_XPRA_ATTACH, | 710 | CFG_XPRA_ATTACH, |
711 | CFG_PRIVATE_LIB, | ||
711 | CFG_MAX // this should always be the last entry | 712 | CFG_MAX // this should always be the last entry |
712 | }; | 713 | }; |
713 | extern char *xephyr_screen; | 714 | extern char *xephyr_screen; |
diff --git a/src/firejail/main.c b/src/firejail/main.c index ff57a5693..9cff080a0 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1631,15 +1631,19 @@ int main(int argc, char **argv) { | |||
1631 | arg_private_bin = 1; | 1631 | arg_private_bin = 1; |
1632 | } | 1632 | } |
1633 | else if (strncmp(argv[i], "--private-lib", 13) == 0) { | 1633 | else if (strncmp(argv[i], "--private-lib", 13) == 0) { |
1634 | // extract private lib list (if any) | 1634 | if (checkcfg(CFG_PRIVATE_LIB)) { |
1635 | if (argv[i][13] == '=') { | 1635 | // extract private lib list (if any) |
1636 | if (cfg.lib_private_keep) { | 1636 | if (argv[i][13] == '=') { |
1637 | if (argv[i][14] != '\0' && asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, argv[i] + 14) < 0) | 1637 | if (cfg.lib_private_keep) { |
1638 | errExit("asprintf"); | 1638 | if (argv[i][14] != '\0' && asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, argv[i] + 14) < 0) |
1639 | } else | 1639 | errExit("asprintf"); |
1640 | cfg.lib_private_keep = argv[i] + 14; | 1640 | } else |
1641 | cfg.lib_private_keep = argv[i] + 14; | ||
1642 | } | ||
1643 | arg_private_lib = 1; | ||
1641 | } | 1644 | } |
1642 | arg_private_lib = 1; | 1645 | else |
1646 | exit_err_feature("private-lib"); | ||
1643 | } | 1647 | } |
1644 | else if (strcmp(argv[i], "--private-tmp") == 0) { | 1648 | else if (strcmp(argv[i], "--private-tmp") == 0) { |
1645 | arg_private_tmp = 1; | 1649 | arg_private_tmp = 1; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 972f5932d..708251b0b 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -862,15 +862,19 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
862 | 862 | ||
863 | // private /lib list of files | 863 | // private /lib list of files |
864 | if (strncmp(ptr, "private-lib", 11) == 0) { | 864 | if (strncmp(ptr, "private-lib", 11) == 0) { |
865 | if (ptr[11] == ' ') { | 865 | if (checkcfg(CFG_PRIVATE_LIB)) { |
866 | if (cfg.lib_private_keep) { | 866 | if (ptr[11] == ' ') { |
867 | if (ptr[12] != '\0' && asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, ptr + 12) < 0) | 867 | if (cfg.lib_private_keep) { |
868 | errExit("asprintf"); | 868 | if (ptr[12] != '\0' && asprintf(&cfg.lib_private_keep, "%s,%s", cfg.lib_private_keep, ptr + 12) < 0) |
869 | } else { | 869 | errExit("asprintf"); |
870 | cfg.lib_private_keep = ptr + 12; | 870 | } else { |
871 | cfg.lib_private_keep = ptr + 12; | ||
872 | } | ||
871 | } | 873 | } |
874 | arg_private_lib = 1; | ||
872 | } | 875 | } |
873 | arg_private_lib = 1; | 876 | else |
877 | warning_feature_disabled("private-lib"); | ||
874 | return 0; | 878 | return 0; |
875 | } | 879 | } |
876 | 880 | ||