From 2acc910daf73c284965ca96bc70b4eb980c865cf Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 8 Nov 2018 10:49:44 -0500 Subject: profile parser testing --- src/firejail/firejail.h | 3 +-- src/firejail/profile.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index d996e1dac..46aea4bd4 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -461,8 +461,7 @@ void fs_mnt(const int enforce); // profile.c // find and read the profile specified by name from dir directory -int profile_find(const char *name, const char *dir, int add_ext); -int profile_find_firejail(const char *name, int add_ext); +//int profile_find_firejail(const char *name, int add_ext); // read a profile file void profile_read(const char *fname); // check profile line; if line == 0, this was generated from a command line option diff --git a/src/firejail/profile.c b/src/firejail/profile.c index a85c8f815..5f5d94ddf 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -25,7 +25,8 @@ extern char *xephyr_screen; #define MAX_READ 8192 // line buffer for profile files // find and read the profile specified by name from dir directory -int profile_find(const char *name, const char *dir, int add_ext) { +// return 1 if a profile was found +static int profile_find(const char *name, const char *dir, int add_ext) { EUID_ASSERT(); assert(name); assert(dir); @@ -64,6 +65,7 @@ int profile_find(const char *name, const char *dir, int add_ext) { } // search and read the profile specified by name from firejail directories +// return 1 if a profile was found int profile_find_firejail(const char *name, int add_ext) { // look for a profile in ~/.config/firejail directory char *usercfgdir; @@ -1438,7 +1440,13 @@ void profile_read(const char *fname) { ptr2++; // profile path contains no / chars, do a search if (*ptr2 == '\0') { - profile_find_firejail(newprofile, 0); + int rv = profile_find_firejail(newprofile, 0); // returns 1 if a profile was found in sysconfig directory + if (!rv) { + // maybe this is a file in the local working directory? + // it will stop the sandbox if not! + // Note: if the file ends in .local it will not stop the program + profile_read(newprofile); + } } else { profile_read(newprofile); -- cgit v1.2.3-54-g00ecf