diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/checkcfg.c | 9 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/run_files.c | 23 | ||||
-rw-r--r-- | src/man/firejail.txt | 16 |
4 files changed, 32 insertions, 17 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index ab34b7903..0a3c5dd08 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -139,6 +139,15 @@ int checkcfg(int val) { | |||
139 | else | 139 | else |
140 | goto errout; | 140 | goto errout; |
141 | } | 141 | } |
142 | // name change | ||
143 | else if (strncmp(ptr, "name-change ", 12) == 0) { | ||
144 | if (strcmp(ptr + 12, "yes") == 0) | ||
145 | cfg_val[CFG_NAME_CHANGE] = 1; | ||
146 | else if (strcmp(ptr + 12, "no") == 0) | ||
147 | cfg_val[CFG_NAME_CHANGE] = 0; | ||
148 | else | ||
149 | goto errout; | ||
150 | } | ||
142 | // user namespace | 151 | // user namespace |
143 | else if (strncmp(ptr, "userns ", 7) == 0) { | 152 | else if (strncmp(ptr, "userns ", 7) == 0) { |
144 | if (strcmp(ptr + 7, "yes") == 0) | 153 | if (strcmp(ptr + 7, "yes") == 0) |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index b861bf1fa..13a10eefa 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -781,6 +781,7 @@ enum { | |||
781 | CFG_DBUS, | 781 | CFG_DBUS, |
782 | CFG_PRIVATE_CACHE, | 782 | CFG_PRIVATE_CACHE, |
783 | CFG_CGROUP, | 783 | CFG_CGROUP, |
784 | CFG_NAME_CHANGE, | ||
784 | CFG_MAX // this should always be the last entry | 785 | CFG_MAX // this should always be the last entry |
785 | }; | 786 | }; |
786 | extern char *xephyr_screen; | 787 | extern char *xephyr_screen; |
diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c index 361ad1414..d4cd6d748 100644 --- a/src/firejail/run_files.c +++ b/src/firejail/run_files.c | |||
@@ -76,28 +76,19 @@ void delete_run_files(pid_t pid) { | |||
76 | } | 76 | } |
77 | 77 | ||
78 | static char *newname(char *name) { | 78 | static char *newname(char *name) { |
79 | char *rv; | 79 | char *rv = name; |
80 | pid_t pid; | 80 | pid_t pid; |
81 | 81 | ||
82 | // try the name | 82 | if (checkcfg(CFG_NAME_CHANGE)) { |
83 | if (name2pid(name, &pid)) | 83 | // try the name |
84 | return name; | 84 | if (name2pid(name, &pid)) |
85 | return name; | ||
85 | 86 | ||
86 | // try name-1 to 9 | 87 | // return name-pid |
87 | int i; | 88 | if (asprintf(&rv, "%s-%d", name, getpid()) == -1) |
88 | for (i = 1; i < 10; i++) { | ||
89 | if (asprintf(&rv, "%s-%d", name, i) == -1) | ||
90 | errExit("asprintf"); | 89 | errExit("asprintf"); |
91 | if (name2pid(rv, &pid)) { | ||
92 | fwarning("Sandbox name changed to %s\n", rv); | ||
93 | return rv; | ||
94 | } | ||
95 | free(rv); | ||
96 | } | 90 | } |
97 | 91 | ||
98 | // return name-pid | ||
99 | if (asprintf(&rv, "%s-%d", name, getpid()) == -1) | ||
100 | errExit("asprintf"); | ||
101 | return rv; | 92 | return rv; |
102 | } | 93 | } |
103 | 94 | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 2d0bd26d0..16004193d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -770,12 +770,26 @@ $ firejail \-\-net=eth0 \-\-mtu=1492 | |||
770 | \fB\-\-name=name | 770 | \fB\-\-name=name |
771 | Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use | 771 | Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use |
772 | this name to identify a sandbox. | 772 | this name to identify a sandbox. |
773 | |||
774 | In case the name supplied by the user is already in use by another sandbox, Firejail will assign a | ||
775 | new name as "name-PID", where PID is the process ID of the sandbox. This functionality | ||
776 | can be disabled at run time in /etc/firejail/firejail.config file, by setting "name-change" flag to "no". | ||
773 | .br | 777 | .br |
774 | 778 | ||
775 | .br | 779 | .br |
776 | Example: | 780 | Example: |
777 | .br | 781 | .br |
778 | $ firejail \-\-name=mybrowser firefox | 782 | $ firejail \-\-name=browser firefox & |
783 | .br | ||
784 | $ firejail \-\-name=browser \-\-private \ | ||
785 | firefox \-\-no-remote & | ||
786 | .br | ||
787 | $ firejail --list | ||
788 | .br | ||
789 | 1198:netblue:browser:firejail --name=browser firefox | ||
790 | .br | ||
791 | 1312:netblue:browser-1312:firejail --name=browser --private firefox --no-remote | ||
792 | .br | ||
779 | 793 | ||
780 | .TP | 794 | .TP |
781 | \fB\-\-net=bridge_interface | 795 | \fB\-\-net=bridge_interface |