From f473c959d2549ec0799bc6a7b7609c10b7f7e758 Mon Sep 17 00:00:00 2001 From: smitsohu Date: Wed, 19 Aug 2020 00:55:47 +0200 Subject: cat option --- src/firejail/main.c | 31 +++++++++++++++++++++++++++++++ src/firejail/usage.c | 3 +++ src/man/firejail.txt | 18 +++++++++++++++--- 3 files changed, 49 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/firejail/main.c b/src/firejail/main.c index 79e39b669..afd9af91d 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -811,6 +811,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { } // list directory contents + if (!arg_debug) + arg_quiet = 1; pid_t pid = require_pid(argv[i] + 5); sandboxfs(SANDBOX_FS_LS, pid, path, NULL); exit(0); @@ -818,6 +820,35 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { else exit_err_feature("file transfer"); } + else if (strncmp(argv[i], "--cat=", 6) == 0) { + if (checkcfg(CFG_FILE_TRANSFER)) { + logargs(argc, argv); + if (arg_private_cwd) { + fprintf(stderr, "Error: --cat and --private-cwd options are mutually exclusive\n"); + exit(1); + } + + if ((i + 2) != argc) { + fprintf(stderr, "Error: invalid --cat option, path expected\n"); + exit(1); + } + char *path = argv[i + 1]; + invalid_filename(path, 0); // no globbing + if (strstr(path, "..")) { + fprintf(stderr, "Error: invalid file name %s\n", path); + exit(1); + } + + // write file contents to stdout + if (!arg_debug) + arg_quiet = 1; + pid_t pid = require_pid(argv[i] + 6); + sandboxfs(SANDBOX_FS_CAT, pid, path, NULL); + exit(0); + } + else + exit_err_feature("file transfer"); + } #endif else if (strncmp(argv[i], "--join=", 7) == 0) { if (checkcfg(CFG_JOIN) || getuid() == 0) { diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 4ab464289..be6715df4 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -47,6 +47,9 @@ static char *usage_str = " --caps.drop=capability,capability - blacklist capabilities filter.\n" " --caps.keep=capability,capability - whitelist capabilities filter.\n" " --caps.print=name|pid - print the caps filter.\n" +#ifdef HAVE_FILE_TRANSFER + " --cat=name|pid filename - print content of file from sandbox container.\n" +#endif " --cgroup=tasks-file - place the sandbox in the specified control group.\n" #ifdef HAVE_CHROOT " --chroot=dirname - chroot into directory.\n" diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 69cd4a7bc..f5f092bd9 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -272,6 +272,10 @@ $ firejail \-\-list .br $ firejail \-\-caps.print=3272 +.TP +\fB\-\-cat=name|pid filename +Print content of file from sandbox container, see FILE TRANSFER section for more details. + .TP \fB\-\-cgroup=tasks-file Place the sandbox in the specified control group. tasks-file is the full path of cgroup tasks file. @@ -344,7 +348,7 @@ $ firejail --dbus-system=filter --dbus-system.log --dbus-log=dbus.txt .TP \fB\-\-dbus-system=filter|none -Set system DBus sandboxing policy. +Set system DBus sandboxing policy. .br .br @@ -3028,6 +3032,10 @@ $ firejail --read-only=~/dir[1-4] These features allow the user to inspect the filesystem container of an existing sandbox and transfer files between the container and the host filesystem. +.TP +\fB\-\-cat=name|pid filename +Write content of a container file to standard out. + .TP \fB\-\-get=name|pid filename Retrieve the container file and store it on the host in the current working directory. @@ -3072,6 +3080,10 @@ $ firejail \-\-get=mybrowser ~/Downloads/xpra-clipboard.png $ firejail \-\-put=mybrowser xpra-clipboard.png ~/Downloads/xpra-clipboard.png .br +.br +$ firejail \-\-cat=mybrowser ~/.bashrc +.br + .SH MONITORING Option \-\-list prints a list of all sandboxes. The format for each process entry is as follows: @@ -3259,7 +3271,7 @@ Homepage: https://firejail.wordpress.com \&\flfirejail-profile\fR\|(5), \&\flfirejail-login\fR\|(5), \&\flfirejail-users\fR\|(5), -.UR https://github.com/netblue30/firejail/wiki +.UR https://github.com/netblue30/firejail/wiki .UE , -.UR https://github.com/netblue30/firejail +.UR https://github.com/netblue30/firejail .UE -- cgit v1.2.3-54-g00ecf