From e770ab6d858bf8594edb012b1df6b899efb37e94 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Mon, 14 Jun 2021 10:15:35 -0400 Subject: appimage: automatically detect profile --- README | 1 + src/firejail/appimage.c | 27 +++++++++++++++++++++++++++ src/firejail/firejail.h | 3 ++- src/firejail/main.c | 15 +++++++++++++-- 4 files changed, 43 insertions(+), 3 deletions(-) diff --git a/README b/README index 7310d22da..b8c0aef44 100644 --- a/README +++ b/README @@ -500,6 +500,7 @@ Jean-Philippe Eisenbarth (https://github.com/jpeisenbarth) - fixed spotify.profile Jeff Squyres (https://github.com/jsquyres) - various manpage fixes + - cmdline.c: optionally quote the resulting command line Jericho (https://github.com/attritionorg) - spelling Jesse Smith (https://github.com/slicer69) diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 6b9fed765..d194eeafb 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c @@ -30,6 +30,7 @@ static char *devloop = NULL; // device file static long unsigned size = 0; // offset into appimage file +#define MAXBUF 4096 #ifdef LOOP_CTL_GET_FREE // test for older kernels; this definition is found in /usr/include/linux/loop.h static void err_loop(void) { @@ -38,6 +39,32 @@ static void err_loop(void) { } #endif +// return 1 if found +int appimage_find_profile(const char *archive) { + assert(archive); + assert(strlen(archive)); + + // try to match the name of the archive with the list of programs in /usr/lib/firejail/firecfg.config + FILE *fp = fopen(LIBDIR "/firejail/firecfg.config", "r"); + if (!fp) { + fprintf(stderr, "Error: cannot find %s, firejail is not correctly installed\n", LIBDIR "/firejail/firecfg.config"); + exit(1); + } + char buf[MAXBUF]; + while (fgets(buf, MAXBUF, fp)) { + if (*buf == '#') + continue; + char *ptr = strchr(buf, '\n'); + if (ptr) + *ptr = '\0'; + if (strcasestr(archive, buf)) + return profile_find_firejail(buf, 1); + } + return 0; + +} + + void appimage_set(const char *appimage) { assert(appimage); assert(devloop == NULL); // don't call this twice! diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index c442a97bf..622be4d97 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -5,7 +5,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; eithe r version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, @@ -815,6 +815,7 @@ int checkcfg(int val); void print_compiletime_support(void); // appimage.c +int appimage_find_profile(const char *archive); void appimage_set(const char *appimage_path); void appimage_mount(void); void appimage_clear(void); diff --git a/src/firejail/main.c b/src/firejail/main.c index 12ac01de7..c6dda268d 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -2819,6 +2819,11 @@ int main(int argc, char **argv, char **envp) { // build the sandbox command if (prog_index == -1 && cfg.shell) { assert(cfg.command_line == NULL); // runs cfg.shell + if (arg_appimage) { + fprintf(stderr, "Error: no appimage archive specified\n"); + exit(1); + } + cfg.window_title = cfg.shell; cfg.command_name = cfg.shell; } @@ -2844,7 +2849,13 @@ int main(int argc, char **argv, char **envp) { // load the profile if (!arg_noprofile && !custom_profile) { - custom_profile = profile_find_firejail(cfg.command_name, 1); + if (arg_appimage) { + custom_profile = appimage_find_profile(cfg.command_name); + // disable shell=* for appimages + arg_shell_none = 0; + } + else + custom_profile = profile_find_firejail(cfg.command_name, 1); } // use default.profile as the default @@ -2858,7 +2869,7 @@ int main(int argc, char **argv, char **envp) { custom_profile = profile_find_firejail(profile_name, 1); if (!custom_profile) { - fprintf(stderr, "Error: no default.profile installed\n"); + fprintf(stderr, "Error: no %s installed\n", profile_name); exit(1); } -- cgit v1.2.3-54-g00ecf