From 9686c5413fc5acccafed76775bb86c9d4c1d354d Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 30 Mar 2018 09:24:25 -0400
Subject: enable/disable dbus handling in /etc/firejail/firejail.config

---
 etc/firejail.config     | 3 +++
 src/firejail/checkcfg.c | 9 +++++++++
 src/firejail/dbus.c     | 5 +++++
 src/firejail/firejail.h | 1 +
 4 files changed, 18 insertions(+)

diff --git a/etc/firejail.config b/etc/firejail.config
index ade3e3c84..0cd4dca3a 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -23,6 +23,9 @@
 # and it will harden the rest of the chroot tree.
 # chroot-desktop yes
 
+# Enable or disable dbus handling by --nodbus flag, default enabled.
+# dbus yes
+
 # Disable /mnt, /media, /run/mount and /run/media access. By default access
 # to these directories is enabled.
 # disable-mnt no
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 0d77c199b..20845270e 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -85,6 +85,15 @@ int checkcfg(int val) {
 				else
 					goto errout;
 			}
+			// dbus
+			else if (strncmp(ptr, "dbus ", 5) == 0) {
+				if (strcmp(ptr + 5, "yes") == 0)
+					cfg_val[CFG_DBUS] = 1;
+				else if (strcmp(ptr + 5, "no") == 0)
+					cfg_val[CFG_DBUS] = 0;
+				else
+					goto errout;
+			}
 			// join
 			else if (strncmp(ptr, "join ", 5) == 0) {
 				if (strcmp(ptr + 5, "yes") == 0)
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
index eee3e2a35..6c122c6d0 100644
--- a/src/firejail/dbus.c
+++ b/src/firejail/dbus.c
@@ -20,6 +20,11 @@
 #include "firejail.h"
 
 void dbus_session_disable(void) {
+	if (!checkcfg(CFG_DBUS)) {
+		fwarning("D-Bus handling is disabled in Firejail configuration file\n");
+		return;
+	}
+
 	char *path;
 	if (asprintf(&path, "/run/user/%d/bus", getuid()) == -1)
 		errExit("asprintf");
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 6141d6223..fdb5745cb 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -744,6 +744,7 @@ enum {
 	CFG_XPRA_ATTACH,
 	CFG_PRIVATE_LIB,
 	CFG_APPARMOR,
+	CFG_DBUS,
 	CFG_MAX // this should always be the last entry
 };
 extern char *xephyr_screen;
-- 
cgit v1.2.3-54-g00ecf