From c30a9031a735f43984051bca79f23a4732ce33b7 Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Wed, 3 Mar 2021 12:39:08 +0100 Subject: Add new condition ?HAS_PRIVATE: Idea from @vinc17fr https://github.com/netblue30/firejail/issues/4026#issuecomment-789178572 --- src/firejail/profile.c | 5 +++++ src/man/firejail-profile.txt | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/firejail/profile.c b/src/firejail/profile.c index f3266c23e..351b760df 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -157,6 +157,10 @@ static int check_nosound(void) { return arg_nosound != 0; } +static int check_private(void) { + return arg_private; +} + static int check_x11(void) { return (arg_x11_block || arg_x11_xorg || env_get("FIREJAIL_X11")); } @@ -174,6 +178,7 @@ Cond conditionals[] = { {"HAS_NET", check_netoptions}, {"HAS_NODBUS", check_nodbus}, {"HAS_NOSOUND", check_nosound}, + {"HAS_PRIVATE", check_private}, {"HAS_X11", check_x11}, {"BROWSER_DISABLE_U2F", check_disable_u2f}, {"BROWSER_ALLOW_DRM", check_allow_drm}, diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index b25fc9181..b0b390507 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -103,7 +103,7 @@ Example: "?HAS_APPIMAGE: whitelist ${HOME}/special/appimage/dir" This example will load the whitelist profile line only if the \-\-appimage option has been specified on the command line. -Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM +Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM can be enabled or disabled globally in Firejail's configuration file. The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines. -- cgit v1.2.3-70-g09d2