From e9e41128ee63a9cb0b5da9f96299a9954fd0d72c Mon Sep 17 00:00:00 2001
From: startx2017 <vradu.startx@yandex.com>
Date: Thu, 23 Mar 2017 08:27:01 -0400
Subject: enable/disable join support in /etc/firejail/firejail.config

---
 src/firejail/checkcfg.c |  9 +++++++++
 src/firejail/firejail.h |  1 +
 src/firejail/main.c     | 34 +++++++++++++++++++---------------
 3 files changed, 29 insertions(+), 15 deletions(-)

(limited to 'src')

diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 476ecbe10..67bcd996a 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -92,6 +92,15 @@ int checkcfg(int val) {
 				else
 					goto errout;
 			}
+			// join
+			else if (strncmp(ptr, "join ", 5) == 0) {
+				if (strcmp(ptr + 5, "yes") == 0)
+					cfg_val[CFG_JOIN] = 1;
+				else if (strcmp(ptr + 5, "no") == 0)
+					cfg_val[CFG_JOIN] = 0;
+				else
+					goto errout;
+			}
 			// x11
 			else if (strncmp(ptr, "x11 ", 4) == 0) {
 				if (strcmp(ptr + 4, "yes") == 0)
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index f85560588..dbb6c4d16 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -686,6 +686,7 @@ enum {
 	CFG_FOLLOW_SYMLINK_PRIVATE_BIN,
 	CFG_DISABLE_MNT,
 	CFG_CACHE_TMPFS,
+	CFG_JOIN,
 	CFG_MAX // this should always be the last entry
 };
 extern char *xephyr_screen;
diff --git a/src/firejail/main.c b/src/firejail/main.c
index db9a9c8cb..3dcc5c62d 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -615,23 +615,27 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
 	}
 #endif
 	else if (strncmp(argv[i], "--join=", 7) == 0) {
-		logargs(argc, argv);
-
-		if (arg_shell_none) {
-			if (argc <= (i+1)) {
-				fprintf(stderr, "Error: --shell=none set, but no command specified\n");
-				exit(1);
+		if (checkcfg(CFG_JOIN) || getuid() == 0) {
+			logargs(argc, argv);
+	
+			if (arg_shell_none) {
+				if (argc <= (i+1)) {
+					fprintf(stderr, "Error: --shell=none set, but no command specified\n");
+					exit(1);
+				}
+				cfg.original_program_index = i + 1;
 			}
-			cfg.original_program_index = i + 1;
+	
+			if (!cfg.shell && !arg_shell_none)
+				cfg.shell = guess_shell();
+	
+			// join sandbox by pid or by name
+			pid_t pid = read_pid(argv[i] + 7);
+			join(pid, argc, argv, i + 1);
+			exit(0);
 		}
-
-		if (!cfg.shell && !arg_shell_none)
-			cfg.shell = guess_shell();
-
-		// join sandbox by pid or by name
-		pid_t pid = read_pid(argv[i] + 7);
-		join(pid, argc, argv, i + 1);
-		exit(0);
+		else
+			exit_err_feature("join");
 
 	}
 	else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
-- 
cgit v1.2.3-70-g09d2