don't execute include disable-shell.inc for appimages (#3530)

netblue30 · Oct 1, 2020 · f1478ee · f1478ee
1 parent ce73c62
commit f1478ee
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/src/firejail/main.c b/src/firejail/main.c
@@ -1047,6 +1047,11 @@ int main(int argc, char **argv, char **envp) {
 	EUID_USER();
 
 
+	// for appimages we need to remove "include disable-shell.inc from the profile
+	// a --profile command can show up before --appimage
+	if (check_arg(argc, argv, "--appimage", 1))
+		arg_appimage = 1;
+
 	// process allow-debuggers
 	if (check_arg(argc, argv, "--allow-debuggers", 1)) {
 		// check kernel version

diff --git a/src/firejail/profile.c b/src/firejail/profile.c
@@ -1611,6 +1611,7 @@ void profile_add(char *str) {
 // read a profile file
 static int include_level = 0;
 void profile_read(const char *fname) {
+printf("fname #%s#\n", fname);
 	EUID_ASSERT();
 
 	// exit program if maximum include level was reached
@@ -1636,7 +1637,7 @@ void profile_read(const char *fname) {
 		exit(1);
 	}
 
-	// allow debuggers
+	// --allow-debuggers - skip disable-devel.inc file
 	if (arg_allow_debuggers) {
 		char *tmp = strrchr(fname, '/');
 		if (tmp && *(tmp + 1) != '\0') {
@@ -1645,6 +1646,17 @@ void profile_read(const char *fname) {
 				return;
 		}
 	}
+	// --appimage - skip disable-shell.inc file
+	if (arg_appimage) {
+printf("here %d\n", __LINE__);
+		char *tmp = strrchr(fname, '/');
+		if (tmp && *(tmp + 1) != '\0') {
+			tmp++;
+			if (strcmp(tmp, "disable-shell.inc") == 0)
+				return;
+		}
+	}
+printf("here %d\n", __LINE__);
 
 	// open profile file:
 	FILE *fp = fopen(fname, "r");