From 19a9166bd3f8ac58acc5b3cbe04d72d79d82c881 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 1 Aug 2016 09:55:12 -0400 Subject: added quiet profile command --- RELNOTES | 1 + etc/cpio.profile | 2 +- etc/file.profile | 1 + etc/gtar.profile | 2 ++ etc/gzip.profile | 2 ++ etc/less.profile | 2 ++ etc/strings.profile | 2 ++ etc/tar.profile | 1 + etc/unrar.profile | 1 + etc/unzip.profile | 1 + etc/uudeview.profile | 2 ++ etc/xz.profile | 1 + etc/xzdec.profile | 2 ++ src/firejail/main.c | 35 ----------------------------------- src/firejail/profile.c | 14 ++++++++++++-- src/man/firejail-profile.txt | 8 +++++++- 16 files changed, 38 insertions(+), 39 deletions(-) diff --git a/RELNOTES b/RELNOTES index a4fc92671..3bdd21caa 100644 --- a/RELNOTES +++ b/RELNOTES @@ -9,6 +9,7 @@ firejail (0.9.42~rc2) baseline; urgency=low * Ubuntu snap support * include /dev/snd in --private-dev * added mkfile profile command + * added quiet profile command * recursive mkdir * seccomp filter updated * compile time and run time support to disable whitelists diff --git a/etc/cpio.profile b/etc/cpio.profile index b4d232496..5772c7368 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile @@ -1,7 +1,7 @@ # cpio profile # /sbin and /usr/sbin are visible inside the sandbox # /boot is not visible and /var is heavily modified - +quiet noblacklist /sbin noblacklist /usr/sbin include /etc/firejail/disable-common.inc diff --git a/etc/file.profile b/etc/file.profile index 1569b42c7..c2d7b0b0f 100644 --- a/etc/file.profile +++ b/etc/file.profile @@ -1,4 +1,5 @@ # file profile +quiet ignore noroot include /etc/firejail/default.profile diff --git a/etc/gtar.profile b/etc/gtar.profile index 5dbc550f6..2f675cd9d 100644 --- a/etc/gtar.profile +++ b/etc/gtar.profile @@ -1 +1,3 @@ +# gtar profile +quiet include /etc/firejail/tar.profile diff --git a/etc/gzip.profile b/etc/gzip.profile index cc19e7608..ce4aa3c4b 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile @@ -1,4 +1,6 @@ # gzip profile +quiet +ignore noroot include /etc/firejail/default.profile tracelog net none diff --git a/etc/less.profile b/etc/less.profile index 0c43111d7..802e4196d 100644 --- a/etc/less.profile +++ b/etc/less.profile @@ -1,4 +1,6 @@ # less profile +quiet +ignore noroot include /etc/firejail/default.profile tracelog net none diff --git a/etc/strings.profile b/etc/strings.profile index 881edf4ad..6ebe81d09 100644 --- a/etc/strings.profile +++ b/etc/strings.profile @@ -1,4 +1,6 @@ # strings profile +quiet +ignore noroot include /etc/firejail/default.profile tracelog net none diff --git a/etc/tar.profile b/etc/tar.profile index 769a3cd4e..6daa7396a 100644 --- a/etc/tar.profile +++ b/etc/tar.profile @@ -1,4 +1,5 @@ # tar profile +quiet ignore noroot include /etc/firejail/default.profile diff --git a/etc/unrar.profile b/etc/unrar.profile index 74079e7b9..e941a8f2a 100644 --- a/etc/unrar.profile +++ b/etc/unrar.profile @@ -1,4 +1,5 @@ # unrar profile +quiet ignore noroot include /etc/firejail/default.profile diff --git a/etc/unzip.profile b/etc/unzip.profile index 502839b98..ab69e932e 100644 --- a/etc/unzip.profile +++ b/etc/unzip.profile @@ -1,4 +1,5 @@ # unzip profile +quiet ignore noroot include /etc/firejail/default.profile diff --git a/etc/uudeview.profile b/etc/uudeview.profile index 8218ac959..f6fe0abf1 100644 --- a/etc/uudeview.profile +++ b/etc/uudeview.profile @@ -1,5 +1,7 @@ # uudeview profile # the default profile will disable root user, enable seccomp filter etc. +quiet +ignore noroot include /etc/firejail/default.profile tracelog diff --git a/etc/xz.profile b/etc/xz.profile index 709585acd..5b29f7338 100644 --- a/etc/xz.profile +++ b/etc/xz.profile @@ -1,2 +1,3 @@ # xz profile +quiet include /etc/firejail/cpio.profile diff --git a/etc/xzdec.profile b/etc/xzdec.profile index ddf2061bf..3692160e6 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile @@ -1,4 +1,6 @@ # xzdec profile +quiet +ignore noroot include /etc/firejail/default.profile tracelog net none diff --git a/src/firejail/main.c b/src/firejail/main.c index de1dcc044..8bb438ba4 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -697,21 +697,6 @@ static void delete_x11_file(pid_t pid) { static void detect_quiet(int argc, char **argv) { int i; - char *progs[] = { - "cpio", - "file", - "gtar", - "gzip", - "less", - "strings", - "tar", - "unrar", - "unzip", - "uudeview", - "xz", - "xzdec", - NULL - }; // detect --quiet for (i = 1; i < argc; i++) { @@ -726,26 +711,6 @@ static void detect_quiet(int argc, char **argv) { if (strncmp(argv[i], "--", 2) != 0) break; } - - // argv[i] is the program name if --quiet was not already detected - if (arg_quiet || i == argc) - return; - - // extract the name of the program without the leading path - char *ptr = strrchr(argv[i], '/'); - char *name = (ptr)? (ptr + 1): argv[i]; - if (*name == '\0') - return; - - // look for the program in the list - int j = 0; - while (progs[j] != NULL) { - if (strcmp(name, progs[j]) == 0) { - arg_quiet = 1; - return; - } - j++; - } } //******************************************* diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 46ef0921d..8c2970639 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -817,8 +817,7 @@ void profile_read(const char *fname) { exit(1); } - if (!arg_quiet) - fprintf(stderr, "Reading profile %s\n", fname); + int msg_printed = 0; // read the file line by line char buf[MAX_READ + 1]; @@ -836,6 +835,17 @@ void profile_read(const char *fname) { continue; } + // process quiet + if (strcmp(ptr, "quiet") == 0) { + arg_quiet = 1; + continue; + } + if (!msg_printed) { + if (!arg_quiet) + fprintf(stderr, "Reading profile %s\n", fname); + msg_printed = 1; + } + // process include if (strncmp(ptr, "include ", 8) == 0) { include_level++; diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 7e33a6b45..b6908dd00 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -93,11 +93,17 @@ If the file name matches file_name, the file will not be blacklisted in any blac Example: "noblacklist ${HOME}/.mozilla" .TP -\fBignore command +\fBignore Ignore command. Example: "ignore seccomp" +.TP +\fBquiet +Disable Firejail's output. This should be the first uncommented command in the profile file. + +Example: "quiet" + .SH Filesystem These profile entries define a chroot filesystem built on top of the existing host filesystem. Each line describes a file element that is removed from -- cgit v1.2.3-70-g09d2