From 4292f8ab6fcb53d4036e0b2c2cd55debf2a50298 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Fri, 7 Dec 2018 16:08:10 +0100 Subject: add HAS_NODBUS conditional, ${RUNUSER} makro --- src/firejail/macros.c | 9 +++++++++ src/firejail/profile.c | 1 + src/man/firejail-profile.txt | 2 +- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/firejail/macros.c b/src/firejail/macros.c index 59b5db3d8..7e08ab340 100644 --- a/src/firejail/macros.c +++ b/src/firejail/macros.c @@ -229,6 +229,13 @@ char *expand_macros(const char *path) { EUID_ROOT(); return new_name; } + else if (strncmp(path, "${RUNUSER}", 10) == 0) { + if (asprintf(&new_name, "/run/user/%u%s", getuid(), path + 10) == -1) + errExit("asprintf"); + if(called_as_root) + EUID_ROOT(); + return new_name; + } else { char *directory = resolve_macro(path); if (directory) { @@ -260,6 +267,8 @@ void invalid_filename(const char *fname, int globbing) { ptr = fname + 7; else if (strncmp(ptr, "${PATH}", 7) == 0) ptr = fname + 7; + else if (strncmp(ptr, "${RUNUSER}", 10) == 0) + ptr = fname + 10; else { int id = macro_id(fname); if (id != -1) diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 5f5d94ddf..a6d619f38 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -141,6 +141,7 @@ int profile_check_conditional(char *ptr, int lineno, const char *fname) { bool value; // true if set } conditionals[] = { {"HAS_APPIMAGE", strlen("HAS_APPIMAGE"), arg_appimage!=0}, + {"HAS_NODBUS", strlen("HAS_NODBUS"), arg_nodbus!=0}, {"BROWSER_DISABLE_U2F", strlen("BROWSER_DISABLE_U2F"), checkcfg(CFG_BROWSER_DISABLE_U2F)!=0}, NULL }, *cond = conditionals; diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 4e22796c9..dde815d05 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -94,7 +94,7 @@ Example: "?HAS_APPIMAGE: whitelist ${HOME}/special/appimage/dir" This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line. -Currently the only conditionals supported are HAS_APPIMAGE and BROWSER_DISABLE_U2F. +Currently the only conditionals supported are HAS_APPIMAGE, HAS_NODBUS and BROWSER_DISABLE_U2F. The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. -- cgit v1.2.3-54-g00ecf