diff --git a/RELNOTES b/RELNOTES index 7755ae3a6..064553f98 100644 --- a/RELNOTES +++ b/RELNOTES @@ -13,6 +13,7 @@ firejail (0.9.45) baseline; urgency=low * feature: private /opt directory (--private-opt, profile support) * feature: private /srv directory (--private-srv, profile support) * feature: spoof machine-id + * feature: config support for firejail prompt in terminal * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire, * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, diff --git a/etc/firejail.config b/etc/firejail.config index 2ea767f37..824e3f503 100644 --- a/etc/firejail.config +++ b/etc/firejail.config @@ -17,6 +17,9 @@ # Enable or disable file transfer support, default enabled. # file-transfer yes +# Enable Firejail green prompt in terminal, default disabled +# firejail-prompt no + # Force use of nonewprivs. This mitigates the possibility of # a user abusing firejail's features to trick a privileged (suid # or file capabilities) process into loading code or configuration diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 6565f488a..098e8e967 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c @@ -43,6 +43,7 @@ int checkcfg(int val) { cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default cfg_val[CFG_FORCE_NONEWPRIVS] = 0; // disabled by default cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0; // disabled by default + cfg_val[CFG_FIREJAIL_PROMPT] = 0; // disabled by default // open configuration file char *fname; @@ -126,6 +127,15 @@ int checkcfg(int val) { else goto errout; } + // prompt + else if (strncmp(ptr, "firejail-prompt ", 16) == 0) { + if (strcmp(ptr + 16, "yes") == 0) + cfg_val[CFG_FIREJAIL_PROMPT] = 1; + else if (strcmp(ptr + 16, "no") == 0) + cfg_val[CFG_FIREJAIL_PROMPT] = 0; + else + goto errout; + } // nonewprivs else if (strncmp(ptr, "force-nonewprivs ", 17) == 0) { if (strcmp(ptr + 17, "yes") == 0) diff --git a/src/firejail/env.c b/src/firejail/env.c index a02c67ae1..783f019a6 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c @@ -129,13 +129,21 @@ void env_defaults(void) { errExit("setenv"); // set prompt color to green - char *prompt = getenv("FIREJAIL_PROMPT"); - if (prompt && strcmp(prompt, "yes") == 0) { + int set_prompt = 0; + if (checkcfg(CFG_FIREJAIL_PROMPT)) + set_prompt = 1; + else { // check FIREJAIL_PROMPT="yes" environment variable + char *prompt = getenv("FIREJAIL_PROMPT"); + if (prompt && strcmp(prompt, "yes") == 0) + set_prompt = 1; + } + + if (set_prompt) { //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) errExit("setenv"); } - + // set the window title if (!arg_quiet) printf("\033]0;firejail %s\007", cfg.window_title); diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 368e0d88d..8fede5a69 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -661,6 +661,7 @@ enum { CFG_CHROOT_DESKTOP, CFG_PRIVATE_HOME, CFG_PRIVATE_BIN_NO_LOCAL, + CFG_FIREJAIL_PROMPT, CFG_MAX // this should always be the last entry }; extern char *xephyr_screen;