From 0cc0a5807289501bb25a1df8c69aca20dd224988 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 25 Sep 2016 08:50:09 -0400 Subject: --allusers --- README | 3 +++ src/firejail/firejail.h | 1 + src/firejail/main.c | 5 +++++ src/firejail/restrict_users.c | 3 +++ src/firejail/usage.c | 1 + src/man/firejail.txt | 9 +++++++++ 6 files changed, 22 insertions(+) diff --git a/README b/README index 94d3b5ed6..9b981d805 100644 --- a/README +++ b/README @@ -74,6 +74,9 @@ Fred-Barclay (https://github.com/Fred-Barclay) - added eom profile - added gnome-chess profile - added DOSBox profile + - evince profile enhancement +graywolf (https://github.com/graywolf) + - spelling fix Dara Adib (https://github.com/daradib) - ssh profile fix Tomasz Jan Góralczyk (https://github.com/tjg) diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index e3bf5e187..e76f54ec3 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -318,6 +318,7 @@ extern char *arg_audit_prog; // audit extern int arg_apparmor; // apparmor extern int arg_allow_debuggers; // allow debuggers extern int arg_x11_block; // block X11 +extern int arg_allusers; // all user home directories visible extern int login_shell; extern int parent_to_child_fds[2]; diff --git a/src/firejail/main.c b/src/firejail/main.c index 03ffab788..1f2ee9573 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -106,8 +106,11 @@ char *arg_audit_prog = NULL; // audit int arg_apparmor = 0; // apparmor int arg_allow_debuggers = 0; // allow debuggers int arg_x11_block = 0; // block X11 +int arg_allusers = 0; // all user home directories visible + int login_shell = 0; + int parent_to_child_fds[2]; int child_to_parent_fds[2]; @@ -1296,6 +1299,8 @@ int main(int argc, char **argv) { //************************************* // filesystem //************************************* + else if (strcmp(argv[i], "--allusers") == 0) + arg_allusers = 1; #ifdef HAVE_BIND else if (strncmp(argv[i], "--bind=", 7) == 0) { if (checkcfg(CFG_BIND)) { diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c index cb999a4a6..9e0c789aa 100644 --- a/src/firejail/restrict_users.c +++ b/src/firejail/restrict_users.c @@ -335,6 +335,9 @@ errout: } void restrict_users(void) { + if (arg_allusers) + return; + // only in user mode if (getuid()) { if (strncmp(cfg.homedir, "/home/", 6) == 0) { diff --git a/src/firejail/usage.c b/src/firejail/usage.c index c08ec18a0..3425b050e 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -35,6 +35,7 @@ void usage(void) { printf("Options:\n\n"); printf(" -- - signal the end of options and disables further option processing.\n\n"); printf(" --allow-debuggers - allow tools such as strace and gdb inside the sandbox.\n\n"); + printf(" --allusers - all user home directories are visible inside the sandbox.\n\n"); printf(" --apparmor - enable AppArmor confinement\n\n"); printf(" --appimage - sandbox an AppImage application\n\n"); printf(" --audit - audit the sandbox, see Audit section for more details\n\n"); diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 88c884801..71624afc2 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -84,6 +84,15 @@ Example: .br $ firejail --allow-debuggers --profile=/etc/firejail/firefox.profile strace -f firefox .TP +\fB\-\-allusers +All user home directories are visible inside the sandbox. By default, only current user home directory is visible. +.br + +.br +Example: +.br +$ firejail --allusers +.TP \fB\-\-apparmor Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below. .TP -- cgit v1.2.3-54-g00ecf