From ecaf0cb4edcc9f216af7c0bfd238db6b2516c799 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 9 Jun 2016 12:39:21 -0400 Subject: x11 work --- etc/firejail.config | 7 +++++++ src/firejail/checkcfg.c | 21 ++++++++++++++++++++- src/firejail/firejail.h | 6 ++++-- src/firejail/x11.c | 12 +++++++++--- 4 files changed, 40 insertions(+), 6 deletions(-) diff --git a/etc/firejail.config b/etc/firejail.config index 8795b0aae..eaff4de8f 100644 --- a/etc/firejail.config +++ b/etc/firejail.config @@ -45,3 +45,10 @@ # xephyr-screen 800x600 # xephyr-screen 1024x768 # xephyr-screen 1280x1024 + +# Firejail window title in Xephry, default enabled. +# xephyr-window-title yes + +# Xephyr command extra parameters. None by default, and the declaration is commented out. +# xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev +# xephyr-extra-params -grayscale diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index bf85436c3..a69c2831e 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c @@ -25,6 +25,7 @@ static int initialized = 0; static int cfg_val[CFG_MAX]; char *xephyr_screen = "800x600"; +char *xephyr_extra_params = ""; int checkcfg(int val) { EUID_ASSERT(); @@ -165,9 +166,27 @@ int checkcfg(int val) { if (asprintf(&xephyr_screen, "%dx%d", n1, n2) == -1) errExit("asprintf"); } + + // xephyr window title + else if (strncmp(ptr, "xephyr-window-title ", 20) == 0) { + if (strcmp(ptr + 20, "yes") == 0) + cfg_val[CFG_XEPHYR_WINDOW_TITLE] = 1; + else if (strcmp(ptr + 20, "no") == 0) + cfg_val[CFG_XEPHYR_WINDOW_TITLE] = 0; + else + goto errout; + } + + // Xephyr command extra parameters + else if (strncmp(ptr, "xephyr-extra-params ", 19) == 0) { + xephyr_extra_params = strdup(ptr + 19); + if (!xephyr_extra_params) + errExit("strdup"); + } + else goto errout; - + free(ptr); } diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 026273aa3..6d64ce4cd 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -550,7 +550,6 @@ int x11_display(void); void x11_start(int argc, char **argv); void x11_start_xpra(int argc, char **argv); void x11_start_xephyr(int argc, char **argv); -extern char *xephyr_screen; // ls.c #define SANDBOX_FS_LS 0 @@ -569,7 +568,10 @@ void sandboxfs(int op, pid_t pid, const char *patqh); #define CFG_RESTRICTED_NETWORK 7 #define CFG_FORCE_NONEWPRIVS 8 #define CFG_WHITELIST 9 -#define CFG_MAX 10 // this should always be the last entry +#define CFG_XEPHYR_WINDOW_TITLE 10 +#define CFG_MAX 11 // this should always be the last entry +extern char *xephyr_screen; +extern char *xephyr_extra_params; int checkcfg(int val); // fs_rdwr.c diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 300078872..c742ff567 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c @@ -187,9 +187,15 @@ void x11_start_xephyr(int argc, char **argv) { // start xephyr char *cmd1; - if (asprintf(&cmd1, "Xephyr -ac -br -title \"firejail x11 sandbox\" -noreset -screen %s :%d", xephyr_screen, display) == -1) - errExit("asprintf"); - + if (checkcfg(CFG_XEPHYR_WINDOW_TITLE)) { + if (asprintf(&cmd1, "Xephyr -ac -br -title \"firejail x11 sandbox\" %s -noreset -screen %s :%d", xephyr_extra_params, xephyr_screen, display) == -1) + errExit("asprintf"); + } + else { + if (asprintf(&cmd1, "Xephyr -ac -br %s -noreset -screen %s :%d", xephyr_extra_params, xephyr_screen, display) == -1) + errExit("asprintf"); + } + int len = 50; // DISPLAY... for (i = 0; i < argc; i++) { len += strlen(argv[i]) + 1; // + ' ' -- cgit v1.2.3-54-g00ecf