From 7f4a77a3197e45e815dae471e45987ec87872e96 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sat, 12 Mar 2016 12:49:35 -0500 Subject: cfg x11 --- src/firejail/checkcfg.c | 12 +++++++++++- src/firejail/firejail.h | 3 ++- src/firejail/main.c | 10 ++++++++-- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 9ac08b1a6..f868a699a 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c @@ -58,7 +58,8 @@ int checkcfg(int val) { char *ptr = line_remove_spaces(buf); if (!ptr) continue; - + + // file transfer if (strncmp(ptr, "file-transfer ", 14) == 0) { if (strcmp(ptr + 14, "yes") == 0) cfg_val[CFG_FILE_TRANSFER] = 1; @@ -67,6 +68,15 @@ int checkcfg(int val) { else goto errout; } + // x11 + else if (strncmp(ptr, "x11 ", 4) == 0) { + if (strcmp(ptr + 4, "yes") == 0) + cfg_val[CFG_X11] = 1; + else if (strcmp(ptr + 4, "no") == 0) + cfg_val[CFG_X11] = 0; + else + goto errout; + } else goto errout; free(ptr); diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index bf0937f35..d15d5a686 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -539,7 +539,8 @@ void sandboxfs(int op, pid_t pid, const char *patqh); // checkcfg.c #define CFG_FILE_TRANSFER 0 -#define CFG_MAX 1 // this should always be the last entry +#define CFG_X11 1 +#define CFG_MAX 2 // this should always be the last entry int checkcfg(int val); #endif diff --git a/src/firejail/main.c b/src/firejail/main.c index 0a02d0918..64e6e2d98 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -278,8 +278,14 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { } #ifdef HAVE_X11 else if (strcmp(argv[i], "--x11") == 0) { - x11_start(argc, argv); - exit(0); + if (checkcfg(CFG_X11)) { + x11_start(argc, argv); + exit(0); + } + else { + fprintf(stderr, "Error: this feature is disabled in Firejail configuration file\n"); + exit(1); + } } #endif #ifdef HAVE_NETWORK -- cgit v1.2.3-70-g09d2