From 7c1ed2fb0525cb1f1dcb5e08bf52756b7ac863ed Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 30 Nov 2016 12:59:48 -0500 Subject: private-opt, private-srv --- src/firejail/join.c | 33 ++------------------------------- src/man/firejail-profile.txt | 12 +++++++++++- src/man/firejail.txt | 26 ++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 32 deletions(-) (limited to 'src') diff --git a/src/firejail/join.c b/src/firejail/join.c index 628002d35..bcf951f33 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c @@ -285,12 +285,6 @@ void join(pid_t pid, int argc, char **argv, int index) { seccomp_load(RUN_SECCOMP_CFG); #endif - // fix qt 4.8 - if (setenv("QT_X11_NO_MITSHM", "1", 1) < 0) - errExit("setenv"); - if (setenv("container", "firejail", 1) < 0) // LXC sets container=lxc, - errExit("setenv"); - // mount user namespace or drop privileges if (arg_noroot) { // not available for uid 0 if (arg_debug) @@ -307,14 +301,6 @@ void join(pid_t pid, int argc, char **argv, int index) { drop_privs(arg_nogroups); // nogroups not available for uid 0 - // set prompt color to green - char *prompt = getenv("FIREJAIL_PROMPT"); - if (prompt && strcmp(prompt, "yes") == 0) { - //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' - if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) - errExit("setenv"); - } - // set nice if (arg_nice) { errno = 0; @@ -326,24 +312,9 @@ void join(pid_t pid, int argc, char **argv, int index) { } } - // run cmdline trough shell + env_defaults(); if (cfg.command_line == NULL) { - // if the sandbox was started with --shell=none, it is possible we don't have a shell - // inside the sandbox - if (cfg.shell == NULL) { - cfg.shell = guess_shell(); - if (!cfg.shell) { - fprintf(stderr, "Error: no POSIX shell found, please use --shell command line option\n"); - exit(1); - } - } - - struct stat s; - if (stat(cfg.shell, &s) == -1) { - fprintf(stderr, "Error: %s shell not found inside the sandbox\n", cfg.shell); - exit(1); - } - + assert(cfg.shell); cfg.command_line = cfg.shell; cfg.window_title = cfg.shell; } diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index d6113218c..007374c75 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -181,7 +181,7 @@ closed. \fBprivate directory Use directory as user home. .TP -\f\private-home file,directory +\fBprivate-home file,directory Build a new user home in a temporary filesystem, and copy the files and directories in the list in the new home. All modifications are discarded when the sandbox is @@ -199,6 +199,16 @@ Build a new /etc in a temporary filesystem, and copy the files and directories in the list. All modifications are discarded when the sandbox is closed. .TP +\fBprivate-opt file,directory +Build a new /optin a temporary +filesystem, and copy the files and directories in the list. +All modifications are discarded when the sandbox is closed. +.TP +\fBprivate-srv file,directory +Build a new /srv in a temporary +filesystem, and copy the files and directories in the list. +All modifications are discarded when the sandbox is closed. +.TP \fBprivate-tmp Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix. .TP diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 8441f25d5..450f30c68 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1178,6 +1178,32 @@ $ firejail --private-etc=group,hostname,localtime, \\ .br nsswitch.conf,passwd,resolv.conf +.TP +\fB\-\-private-opt=file,directory +Build a new /opt in a temporary +filesystem, and copy the files and directories in the list. +If no listed file is found, /opt directory will be empty. +All modifications are discarded when the sandbox is closed. +.br + +.br +Example: +.br +$ firejail --private-opt=firefox /opt/firefox/firefox + +.TP +\fB\-\-private-srv=file,directory +Build a new /srv in a temporary +filesystem, and copy the files and directories in the list. +If no listed file is found, /srv directory will be empty. +All modifications are discarded when the sandbox is closed. +.br + +.br +Example: +.br +# firejail --private-srv=www /etc/init.d/apache2 start + .TP \fB\-\-private-tmp Mount an empty temporary filesystem on top of /tmp directory whitelisting /tmp/.X11-unix. -- cgit v1.2.3-70-g09d2