From f1478ee98c4b27854be9758b68418d5908e836db Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 1 Oct 2020 11:10:24 -0400 Subject: [PATCH] don't execute include disable-shell.inc for appimages (#3530) --- src/firejail/main.c | 5 +++++ src/firejail/profile.c | 14 +++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/firejail/main.c b/src/firejail/main.c index da842e17b88..5cc2d4123c0 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1047,6 +1047,11 @@ int main(int argc, char **argv, char **envp) { EUID_USER(); + // for appimages we need to remove "include disable-shell.inc from the profile + // a --profile command can show up before --appimage + if (check_arg(argc, argv, "--appimage", 1)) + arg_appimage = 1; + // process allow-debuggers if (check_arg(argc, argv, "--allow-debuggers", 1)) { // check kernel version diff --git a/src/firejail/profile.c b/src/firejail/profile.c index e010d968d70..ea8dfbbe050 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -1611,6 +1611,7 @@ void profile_add(char *str) { // read a profile file static int include_level = 0; void profile_read(const char *fname) { +printf("fname #%s#\n", fname); EUID_ASSERT(); // exit program if maximum include level was reached @@ -1636,7 +1637,7 @@ void profile_read(const char *fname) { exit(1); } - // allow debuggers + // --allow-debuggers - skip disable-devel.inc file if (arg_allow_debuggers) { char *tmp = strrchr(fname, '/'); if (tmp && *(tmp + 1) != '\0') { @@ -1645,6 +1646,17 @@ void profile_read(const char *fname) { return; } } + // --appimage - skip disable-shell.inc file + if (arg_appimage) { +printf("here %d\n", __LINE__); + char *tmp = strrchr(fname, '/'); + if (tmp && *(tmp + 1) != '\0') { + tmp++; + if (strcmp(tmp, "disable-shell.inc") == 0) + return; + } + } +printf("here %d\n", __LINE__); // open profile file: FILE *fp = fopen(fname, "r");