From f79d62c1ea8a951fc757346dc3015ee4b009e52b Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 1 Feb 2019 09:18:29 -0500 Subject: --name rework --- src/firejail/checkcfg.c | 9 +++++++++ src/firejail/firejail.h | 1 + src/firejail/run_files.c | 23 +++++++---------------- src/man/firejail.txt | 16 +++++++++++++++- 4 files changed, 32 insertions(+), 17 deletions(-) (limited to 'src') diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index ab34b7903..0a3c5dd08 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c @@ -139,6 +139,15 @@ int checkcfg(int val) { else goto errout; } + // name change + else if (strncmp(ptr, "name-change ", 12) == 0) { + if (strcmp(ptr + 12, "yes") == 0) + cfg_val[CFG_NAME_CHANGE] = 1; + else if (strcmp(ptr + 12, "no") == 0) + cfg_val[CFG_NAME_CHANGE] = 0; + else + goto errout; + } // user namespace else if (strncmp(ptr, "userns ", 7) == 0) { if (strcmp(ptr + 7, "yes") == 0) diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index b861bf1fa..13a10eefa 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -781,6 +781,7 @@ enum { CFG_DBUS, CFG_PRIVATE_CACHE, CFG_CGROUP, + CFG_NAME_CHANGE, CFG_MAX // this should always be the last entry }; extern char *xephyr_screen; diff --git a/src/firejail/run_files.c b/src/firejail/run_files.c index 361ad1414..d4cd6d748 100644 --- a/src/firejail/run_files.c +++ b/src/firejail/run_files.c @@ -76,28 +76,19 @@ void delete_run_files(pid_t pid) { } static char *newname(char *name) { - char *rv; + char *rv = name; pid_t pid; - // try the name - if (name2pid(name, &pid)) - return name; + if (checkcfg(CFG_NAME_CHANGE)) { + // try the name + if (name2pid(name, &pid)) + return name; - // try name-1 to 9 - int i; - for (i = 1; i < 10; i++) { - if (asprintf(&rv, "%s-%d", name, i) == -1) + // return name-pid + if (asprintf(&rv, "%s-%d", name, getpid()) == -1) errExit("asprintf"); - if (name2pid(rv, &pid)) { - fwarning("Sandbox name changed to %s\n", rv); - return rv; - } - free(rv); } - // return name-pid - if (asprintf(&rv, "%s-%d", name, getpid()) == -1) - errExit("asprintf"); return rv; } diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 2d0bd26d0..16004193d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -770,12 +770,26 @@ $ firejail \-\-net=eth0 \-\-mtu=1492 \fB\-\-name=name Set sandbox name. Several options, such as \-\-join and \-\-shutdown, can use this name to identify a sandbox. + +In case the name supplied by the user is already in use by another sandbox, Firejail will assign a +new name as "name-PID", where PID is the process ID of the sandbox. This functionality +can be disabled at run time in /etc/firejail/firejail.config file, by setting "name-change" flag to "no". .br .br Example: .br -$ firejail \-\-name=mybrowser firefox +$ firejail \-\-name=browser firefox & +.br +$ firejail \-\-name=browser \-\-private \ +firefox \-\-no-remote & +.br +$ firejail --list +.br +1198:netblue:browser:firejail --name=browser firefox +.br +1312:netblue:browser-1312:firejail --name=browser --private firefox --no-remote +.br .TP \fB\-\-net=bridge_interface -- cgit v1.2.3-70-g09d2