From 37a7c334596521181dcc471401a90bbee5b52d0d Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 13 Aug 2017 09:46:53 -0400 Subject: modif: --output split in two commands, --output and --output-stderr; fix for #1458 --- src/firejail/main.c | 2 +- src/firejail/output.c | 22 +++++++++++++++++----- src/firejail/usage.c | 5 +++-- src/man/firejail.txt | 4 ++++ 4 files changed, 25 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/firejail/main.c b/src/firejail/main.c index 31857ee57..407902676 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1022,7 +1022,7 @@ int main(int argc, char **argv) { } else { // check --output option and execute it; - check_output(argc, argv); // the function will not return if --output option was found + check_output(argc, argv); // the function will not return if --output or --output-stderr option was found } diff --git a/src/firejail/output.c b/src/firejail/output.c index 9fb4ad6b1..abdfa4d3b 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c @@ -27,12 +27,18 @@ void check_output(int argc, char **argv) { int i; int outindex = 0; - + int enable_stderr = 0; + for (i = 1; i < argc; i++) { if (strncmp(argv[i], "--output=", 9) == 0) { outindex = i; break; } + if (strncmp(argv[i], "--output-stderr=", 16) == 0) { + outindex = i; + enable_stderr = 1; + break; + } } if (!outindex) return; @@ -40,9 +46,9 @@ void check_output(int argc, char **argv) { // check filename drop_privs(0); - char *outfile = NULL; - invalid_filename(argv[outindex] + 9); - outfile = argv[outindex] + 9; + char *outfile = argv[outindex]; + outfile += (enable_stderr)? 16:9; + invalid_filename(outfile); // do not accept directories, links, and files with ".." if (strstr(outfile, "..") || is_link(outfile) || is_dir(outfile)) { @@ -80,9 +86,15 @@ void check_output(int argc, char **argv) { for (i = 0; i < argc; i++) { if (strncmp(argv[i], "--output=", 9) == 0) continue; + if (strncmp(argv[i], "--output-stderr=", 16) == 0) + continue; ptr += sprintf(ptr, "%s ", argv[i]); } - sprintf(ptr, "2>&1 | %s/firejail/ftee %s", LIBDIR, outfile); + + if (enable_stderr) + sprintf(ptr, "2>&1 | %s/firejail/ftee %s", LIBDIR, outfile); + else + sprintf(ptr, " | %s/firejail/ftee %s", LIBDIR, outfile); // run command char *a[4]; diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 71bb6f24e..b9ab00eae 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -134,11 +134,12 @@ void usage(void) { printf(" --novideo - disable video devices.\n"); printf(" --nowhitelist=filename - disable whitelist for file or directory .\n"); printf(" --output=logfile - stdout logging and log rotation.\n"); + printf(" --output-stderr=logfile - stdout and stderr logging and log rotation.\n"); printf(" --overlay - mount a filesystem overlay on top of the current filesystem.\n"); printf(" --overlay-named=name - mount a filesystem overlay on top of the current\n"); printf("\tfilesystem, and store it in name directory.\n"); - printf(" --overlay-tmpfs - mount a temporary filesystem overlay on top of the current\n"); - printf("\tfilesystem.\n"); + printf(" --overlay-tmpfs - mount a temporary filesystem overlay on top of the\n"); + printf("\tcurrent filesystem.\n"); printf(" --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n"); printf(" --private - temporary home directory.\n"); printf(" --private=directory - use directory as user home.\n"); diff --git a/src/man/firejail.txt b/src/man/firejail.txt index e7b427e7e..2c8dca09a 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1138,6 +1138,10 @@ $ ls -l sandboxlog* .br -rw-r--r-- 1 netblue netblue 511488 Jun 2 07:48 sandboxlog.5 +.TP +\fB\-\-output-stderr=logfile +Similar to \-\-output, but stderr is also stored. + .TP \fB\-\-overlay Mount a filesystem overlay on top of the current filesystem. Unlike the regular filesystem container, -- cgit v1.2.3-54-g00ecf