From 925ebc69e9529e25e944aa06c9ccff543b82b2b4 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sun, 17 Jan 2016 12:57:35 -0500
Subject: symlink invocation

---
 README.md                  | 31 ++++++++++++++++
 RELNOTES                   |  1 +
 src/firejail/firejail.h    |  3 ++
 src/firejail/main.c        |  4 ++
 src/firejail/run_symlink.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 130 insertions(+)
 create mode 100644 src/firejail/run_symlink.c

diff --git a/README.md b/README.md
index 62925b5f5..812ad4008 100644
--- a/README.md
+++ b/README.md
@@ -34,6 +34,37 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/
 
 # Current development version: 0.9.37
 
+## Symlink invocation
+
+This is a small thing, but very convenient. Make a symbolic link (ln -s) to /usr/bin/firejail under
+the name of the program you want to run, and put the link in the first $PATH position (for
+example in /usr/local/bin). Example:
+`````
+$ which -a transmission-gtk 
+/usr/bin/transmission-gtk
+
+$ sudo ln -s /usr/bin/firejail /usr/local/bin/transmission-gtk
+
+$ which -a transmission-gtk 
+/usr/local/bin/transmission-gtk
+/usr/bin/transmission-gtk
+`````
+We have in this moment two entries in $PATH for transmission. The first one is a symlink to firejail.
+The second one is the real program. Starting transmission in this moment, invokes "firejail transmission-gtk"
+`````
+$ transmission-gtk
+Redirecting symlink to /usr/bin/transmission-gtk
+Reading profile /etc/firejail/transmission-gtk.profile
+Reading profile /etc/firejail/disable-mgmt.inc
+Reading profile /etc/firejail/disable-secret.inc
+Reading profile /etc/firejail/disable-common.inc
+Reading profile /etc/firejail/disable-devel.inc
+Parent pid 19343, child pid 19344
+Blacklist violations are logged to syslog
+Child process initialized
+`````
+
+
 ## IPv6 support:
 `````
       --ip6=address
diff --git a/RELNOTES b/RELNOTES
index 78fcd7de3..7d290e0f5 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -5,6 +5,7 @@ firejail (0.9.37) baseline; urgency=low
   * --ip6 option - IPv6 support
   * added KMail profile
   * --join command enhancement (--join-network, --join-filesystem)
+  * symlink invocation
 -- netblue30 <netblue30@yahoo.com>
 
 firejail (0.9.36) baseline; urgency=low
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 1de38c43a..ba8a9dc48 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -500,5 +500,8 @@ void fs_logger_change_owner(void);
 void fs_logger_print_log_name(const char *name);
 void fs_logger_print_log(pid_t pid);
 
+// run_symlink.c
+void run_symlink(int argc, char **argv);
+
 #endif
 
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 58d735010..43d2f0fa2 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -459,6 +459,10 @@ int main(int argc, char **argv) {
 	int highest_errno = errno_highest_nr();
 #endif
 
+	// check argv[0] symlink wrapper
+	run_symlink(argc, argv);
+
+
 	// check if we already have a sandbox running
 	int rv = check_kernel_procs();
 	if (rv == 0) {
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c
new file mode 100644
index 000000000..5f8d131ae
--- /dev/null
+++ b/src/firejail/run_symlink.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2014-2016 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#include "firejail.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+void run_symlink(int argc, char **argv) {
+	char *program = strrchr(argv[0], '/');
+	if (program)
+		program += 1;
+	else
+		program = argv[0];
+	if (strcmp(program, "firejail") == 0)
+		return;
+
+	// find the real program
+	// probably the first entry returend by "which -a" is a symlink - use the second entry!
+	char *p = getenv("PATH");
+	if (!p) {
+		fprintf(stderr, "Error: PATH environment variable not set\n");
+		exit(1);
+	}
+	
+	char *path = strdup(p);
+	if (!path)
+		errExit("strdup");
+	
+	// look in path for our program
+	char *tok = strtok(path, ":");
+	int found = 0;
+	while (tok) {
+		char *name;
+		if (asprintf(&name, "%s/%s", tok, program) == -1)
+			errExit("asprintf");
+
+		struct stat s;
+		if (stat(name, &s) == 0) {
+			if (!is_link(name)) {
+				program = strdup(name);
+				found = 1;
+				break;
+			}
+		}
+		
+		free(name);
+		tok = strtok(NULL, ":");
+	}	
+	if (!found) {
+		fprintf(stderr, "Error: cannot find the program in the path\n");
+		exit(1);
+	}
+		
+
+	// start the argv[0] program in a new sandbox
+	char *firejail;
+	if (asprintf(&firejail, "%s/bin/firejail", PREFIX) == -1)
+		errExit("asprintf");
+
+	printf("Redirecting symlink to %s\n", firejail, program);
+
+	// run command
+	char *a[3 + argc];
+	a[0] = firejail;
+	a[1] = program;
+	int i;
+	for (i = 0; i < (argc - 1); i++)
+		a[i + 2] = argv[i + 1];
+	a[i + 2] = NULL;
+	execvp(a[0], a); 
+
+	perror("execvp");
+	exit(1);
+}
-- 
cgit v1.2.3-70-g09d2