diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/profile.c | 23 | ||||
| -rw-r--r-- | src/man/firejail-profile.txt | 4 |
2 files changed, 18 insertions, 9 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 751347b29..c7c8fd9fa 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -1367,7 +1367,7 @@ void profile_read(const char *fname) { | |||
| 1367 | if (ptr && strlen(ptr) == 6) | 1367 | if (ptr && strlen(ptr) == 6) |
| 1368 | return; | 1368 | return; |
| 1369 | 1369 | ||
| 1370 | fprintf(stderr, "Error: cannot access profile file\n"); | 1370 | fprintf(stderr, "Error: cannot access profile file: %s\n", fname); |
| 1371 | exit(1); | 1371 | exit(1); |
| 1372 | } | 1372 | } |
| 1373 | 1373 | ||
| @@ -1429,17 +1429,22 @@ void profile_read(const char *fname) { | |||
| 1429 | if (strncmp(ptr, "include ", 8) == 0) { | 1429 | if (strncmp(ptr, "include ", 8) == 0) { |
| 1430 | include_level++; | 1430 | include_level++; |
| 1431 | 1431 | ||
| 1432 | // extract profile filename and new skip params | 1432 | // expand macros in front of the include profile file |
| 1433 | char *newprofile = ptr + 8; // profile name | 1433 | char *newprofile = expand_macros(ptr + 8); |
| 1434 | 1434 | ||
| 1435 | // expand ${HOME}/ in front of the new profile file | 1435 | char *ptr2 = newprofile; |
| 1436 | char *newprofile2 = expand_macros(newprofile); | 1436 | while (*ptr2 != '/' && *ptr2 != '\0') |
| 1437 | ptr2++; | ||
| 1438 | // profile path contains no / chars, do a search | ||
| 1439 | if (*ptr2 == '\0') { | ||
| 1440 | profile_find_firejail(newprofile, 0); | ||
| 1441 | } | ||
| 1442 | else { | ||
| 1443 | profile_read(newprofile); | ||
| 1444 | } | ||
| 1437 | 1445 | ||
| 1438 | // recursivity | ||
| 1439 | profile_read((newprofile2)? newprofile2:newprofile); | ||
| 1440 | include_level--; | 1446 | include_level--; |
| 1441 | if (newprofile2) | 1447 | free(newprofile); |
| 1442 | free(newprofile2); | ||
| 1443 | free(ptr); | 1448 | free(ptr); |
| 1444 | continue; | 1449 | continue; |
| 1445 | } | 1450 | } |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index ca7b52a51..17423cac1 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -113,6 +113,10 @@ Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" | |||
| 113 | 113 | ||
| 114 | Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file. | 114 | Example: "include ${CFG}/firefox.profile" will load "/etc/firejail/firefox.profile" file. |
| 115 | 115 | ||
| 116 | The file name may also be just the name without the leading directory components. In this case, first the user config directory (${HOME}/.config/firejail) is searched for the file name and if not found then the system configuration directory is search for the file name. Note: Unlike the \-\-profile option which takes a profile name without the '.profile' suffix, include must be given the full file name. | ||
| 117 | |||
| 118 | Example: "include firefox.profile" will load "${HOME}/.config/firejail/firefox.profile" file and if it does not exist "${CFG}/firefox.profile" will be loaded. | ||
| 119 | |||
| 116 | System configuration files in ${CFG} are overwritten during software installation. | 120 | System configuration files in ${CFG} are overwritten during software installation. |
| 117 | Persistent configuration at system level is handled in ".local" files. For every | 121 | Persistent configuration at system level is handled in ".local" files. For every |
| 118 | profile file in ${CFG} directory, the user can create a corresponding .local file | 122 | profile file in ${CFG} directory, the user can create a corresponding .local file |