mainline merge: add switch to disable/enable private-cache

2026-05-15 14:16:14 -06:00 · 2018-09-26 09:37:27 -04:00 · 2018-09-26 09:37:27 -04:00 · 2b500cf6ec
commit 2b500cf6ec
parent b706669ff6
6 changed files with 23 additions and 2 deletions
--- a/etc/firejail.config
+++ b/etc/firejail.config
@ -47,6 +47,9 @@
 # Enable or disable networking features, default enabled.
 # network yes

+# Enable or disable private-cache feature, default enabled
+# private-cache yes
+
 # Enable --quiet as default every time the sandbox is started. Default disabled.
 # quiet-by-default no

--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@ -155,6 +155,15 @@ int checkcfg(int val) {
 				else
 					goto errout;
 			}
+			// private cache directory
+			else if (strncmp(ptr, "private-cache ", 14) == 0) {
+				if (strcmp(ptr + 14, "yes") == 0)
+					cfg_val[CFG_PRIVATE_CACHE] = 1;
+				else if (strcmp(ptr + 14, "no") == 0)
+					cfg_val[CFG_PRIVATE_CACHE] = 0;
+				else
+					goto errout;
+			}
 			// quiet by default
 			else if (strncmp(ptr, "quiet-by-default ", 17) == 0) {
 				if (strcmp(ptr + 17, "yes") == 0)
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@ -660,6 +660,7 @@ enum {
 	CFG_FORCE_NONEWPRIVS,
 	CFG_JOIN,
 	CFG_NETWORK,
+	CFG_PRIVATE_CACHE,
 	CFG_RESTRICTED_NETWORK,
 	CFG_SECCOMP,
 	CFG_USERNS,
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@ -845,6 +845,8 @@ void fs_private_cache(void) {
 		return;
 	}

+	if (arg_debug)
+		printf("Mounting tmpfs on %s\n", cache);
 	// get a file descriptor for ~/.cache, fails if there is any symlink
 	int fd = safe_fd(cache, O_PATH|O_DIRECTORY|O_NOFOLLOW|O_CLOEXEC);
 	if (fd == -1)
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@ -1114,7 +1114,10 @@ int main(int argc, char **argv) {
 			arg_private_tmp = 1;
 		}
 		else if (strcmp(argv[i], "--private-cache") == 0) {
-			arg_private_cache = 1;
+			if (checkcfg(CFG_PRIVATE_CACHE))
+				arg_private_cache = 1;
+			else
+				exit_err_feature("private-cache");
 		}

 		//*************************************
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@ -196,7 +196,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 		return 0;
 	}
 	else if (strcmp(ptr, "private-cache") == 0) {
-		arg_private_cache = 1;
+		if (checkcfg(CFG_PRIVATE_CACHE))
+			arg_private_cache = 1;
+		else
+			warning_feature_disabled("private-cache");
 		return 0;
 	}
 	else if (strcmp(ptr, "private-dev") == 0) {