From 2dc81faa1395cbda3affb94f9d8d9cca76a1ab73 Mon Sep 17 00:00:00 2001 From: Simo Piiroinen Date: Tue, 24 Nov 2020 13:18:51 +0200 Subject: Add --mkdir and --mkfile command line options for firejail MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Profile files are defined as a means to "pass several command line arguments to firejail" but apparently for example mkdir and mkfile options are available in context of profile files, but can't be specified directly from command line. Add support for -mkdir and --mkfile options so that executing: firejail --mkdir=${HOME}/directory/path\ --whitelist=${HOME}/directory/path behaves similarly as having profile file content: mkdir ${HOME}/directory/path whitelist ${HOME}/directory/path Signed-off-by: Simo Piiroinen Signed-off-by: Tomi Leppänen --- src/firejail/main.c | 21 ++++++++++++++++++++- src/firejail/usage.c | 2 ++ 2 files changed, 22 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/firejail/main.c b/src/firejail/main.c index ef8166204..3c8667829 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1589,7 +1589,26 @@ int main(int argc, char **argv, char **envp) { profile_add(line); } #endif - + else if (strncmp(argv[i], "--mkdir=", 8) == 0) { + char *line; + if (asprintf(&line, "mkdir %s", argv[i] + 8) == -1) + errExit("asprintf"); + /* Note: Applied both immediately in profile_check_line() + * and later on via fs_blacklist(). + */ + profile_check_line(line, 0, NULL); + profile_add(line); + } + else if (strncmp(argv[i], "--mkfile=", 9) == 0) { + char *line; + if (asprintf(&line, "mkfile %s", argv[i] + 9) == -1) + errExit("asprintf"); + /* Note: Applied both immediately in profile_check_line() + * and later on via fs_blacklist(). + */ + profile_check_line(line, 0, NULL); + profile_add(line); + } else if (strncmp(argv[i], "--read-only=", 12) == 0) { char *line; if (asprintf(&line, "read-only %s", argv[i] + 12) == -1) diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 2c6bbf98f..1ac30299a 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -246,6 +246,8 @@ static char *usage_str = #ifdef HAVE_WHITELIST " --whitelist=filename - whitelist directory or file.\n" #endif + " --mkdir=dirname - create a directory.\n" + " --mkfile=filename - create a file.\n" " --writable-etc - /etc directory is mounted read-write.\n" " --writable-run-user - allow access to /run/user/$UID/systemd and\n" "\t/run/user/$UID/gnupg.\n" -- cgit v1.2.3-70-g09d2