Add new condition ALLOW_TRAY

2026-05-16 14:16:16 -06:00 · 2021-09-04 19:08:32 +02:00 · 2021-09-04 19:08:32 +02:00 · c86cae2d08
commit c86cae2d08
parent 263e3fe723
6 changed files with 13 additions and 2 deletions
--- a/contrib/vim/syntax/firejail.vim
+++ b/contrib/vim/syntax/firejail.vim
@ -72,7 +72,7 @@ syn match fjCommandNoCond /quiet$/ contained

 " Conditionals grabbed from: src/firejail/profile.c
 " Generate list with: awk -- 'BEGIN {process=0;} /^Cond conditionals\[\] = \{$/ {process=1;} /\t*\{"[^"]+".*/ { if (process) {print gensub(/^\t*\{"([^"]+)".*$/, "\\1", 1);} } /^\t\{ NULL, NULL \}$/ {process=0;}' src/firejail/profile.c | sort -u | tr $'\n' '|'
-syn match fjConditional /\v\?(BROWSER_ALLOW_DRM|BROWSER_DISABLE_U2F|HAS_APPIMAGE|HAS_NET|HAS_NODBUS|HAS_NOSOUND|HAS_X11) ?:/ nextgroup=fjCommand skipwhite contained
+syn match fjConditional /\v\?(ALLOW_TRAY|BROWSER_ALLOW_DRM|BROWSER_DISABLE_U2F|HAS_APPIMAGE|HAS_NET|HAS_NODBUS|HAS_NOSOUND|HAS_X11) ?:/ nextgroup=fjCommand skipwhite contained

 " A line is either a command, a conditional or a comment
 syn match fjStatement /^/ nextgroup=fjCommand,fjCommandNoCond,fjConditional,fjComment
--- a/etc/firejail.config
+++ b/etc/firejail.config
@ -2,6 +2,9 @@
 # keyword-argument pairs, one per line. Most features are enabled by default.
 # Use 'yes' or 'no' as configuration values.

+# Allow programs to display a tray icon
+# allow-tray no
+
 # Enable AppArmor functionality, default enabled.
 # apparmor yes

--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@ -58,6 +58,7 @@ int checkcfg(int val) {
 		cfg_val[CFG_XPRA_ATTACH] = 0;
 		cfg_val[CFG_SECCOMP_ERROR_ACTION] = -1;
 		cfg_val[CFG_BROWSER_ALLOW_DRM] = 0;
+		cfg_val[CFG_ALLOW_TRAY] = 0;

 		// open configuration file
 		const char *fname = SYSCONFDIR "/firejail.config";
@ -122,6 +123,7 @@ int checkcfg(int val) {
 			PARSE_YESNO(CFG_XPRA_ATTACH, "xpra-attach")
 			PARSE_YESNO(CFG_BROWSER_DISABLE_U2F, "browser-disable-u2f")
 			PARSE_YESNO(CFG_BROWSER_ALLOW_DRM, "browser-allow-drm")
+			PARSE_YESNO(CFG_ALLOW_TRAY, "allow-tray")
 #undef PARSE_YESNO

 			// netfilter
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@ -801,6 +801,7 @@ enum {
 	CFG_NAME_CHANGE,
 	CFG_SECCOMP_ERROR_ACTION,
 	// CFG_FILE_COPY_LIMIT - file copy limit handled using setenv/getenv
+	CFG_ALLOW_TRAY,
 	CFG_MAX // this should always be the last entry
 };
 extern char *xephyr_screen;
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@ -175,6 +175,10 @@ static int check_allow_drm(void) {
 	return checkcfg(CFG_BROWSER_ALLOW_DRM) != 0;
 }

+static int check_allow_tray(void) {
+	return checkcfg(CFG_ALLOW_TRAY) != 0;
+}
+
 Cond conditionals[] = {
 	{"HAS_APPIMAGE", check_appimage},
 	{"HAS_NET", check_netoptions},
@ -184,6 +188,7 @@ Cond conditionals[] = {
 	{"HAS_X11", check_x11},
 	{"BROWSER_DISABLE_U2F", check_disable_u2f},
 	{"BROWSER_ALLOW_DRM", check_allow_drm},
+	{"ALLOW_TRAY", check_allow_tray},
 	{ NULL, NULL }
 };

--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@ -174,7 +174,7 @@ Example: "?HAS_APPIMAGE: allow ${HOME}/special/appimage/dir"

 This example will load the profile line only if the \-\-appimage option has been specified on the command line.

-Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM
+Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals ALLOW_TRAY, BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM
 can be enabled or disabled globally in Firejail's configuration file.

 The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines.