--keep-hostname part 1 (#7048)

contrib/syntax/lists/profile_commands_arg0.list

@@ -13,6 +13,7 @@ keep-config-pulse
 keep-dev-ntsync
 keep-dev-shm
 keep-dev-tpm
+keep-hostname
 keep-shell-rc
 keep-var-tmp
 landlock.enforce

src/firejail/firejail.h

@@ -375,6 +375,7 @@ extern int arg_netlock;	// netlocker
 extern int arg_restrict_namespaces;
 extern int arg_allow_bwrap;
 extern int arg_unhide_pid1;
+extern int arg_keep_hostname;
 
 typedef enum {
 	DBUS_POLICY_ALLOW,	// Allow unrestricted access to the bus

src/firejail/fs_hostname.c

@@ -26,6 +26,8 @@
 
 // build a random host name
 static char *random_hostname(void) {
+	assert(!arg_keep_hostname);
+	
 	char vowels[] = { 'a', 'e', 'i', 'o', 'u'};
 	char consonants[] = {'b', 'c', 'c', 'c', 'g', 'h', 'h', 'h', 'h', 'h',
 		'j', 'j', 'k', 'k', 'k', 'k', 'k', 'k', 'k', 'k', 'k', 'k', 'm', 'm', 'm', 'm', 'n', 'n', 'n', 'n', 'n',
@@ -53,6 +55,8 @@ static char *random_hostname(void) {
 }
 
 void fs_hostname(void) {
+	assert(!arg_keep_hostname);
+
 	if (!cfg.hostname)
 		cfg.hostname = random_hostname();
 	struct stat s;

src/firejail/main.c

@@ -171,6 +171,7 @@ int arg_netlock = 0;
 int arg_restrict_namespaces = 0;
 int arg_allow_bwrap = 0;
 int arg_unhide_pid1 = 0;
+int arg_keep_hostname = 0;
 
 int parent_to_child_fds[2];
 int child_to_parent_fds[2];
@@ -2118,6 +2119,10 @@ int main(int argc, char **argv, char **envp) {
 			}
 		}
 		else if (strncmp(argv[i], "--hostname=", 11) == 0) {
+			if (arg_keep_hostname) {
+				fprintf(stderr, "Error: hostname and keep-hostname are mutually exclusive\n");
+				exit(1);
+			}
 			cfg.hostname = argv[i] + 11;
 			if (strlen(cfg.hostname) == 0) {
 				fprintf(stderr, "Error: invalid hostname: cannot be empty\n");
@@ -2317,6 +2322,13 @@ int main(int argc, char **argv, char **envp) {
 #endif
 		else if (strcmp(argv[i], "--unhide-pid1") == 0)
 			arg_unhide_pid1 = 1;
+		else if (strcmp(argv[i], "--keep-hostname") == 0) {
+			if (cfg.hostname) {
+				fprintf(stderr, "Error: hostname and keep-hostname are mutually exclusive\n");
+				exit(1);
+			}
+			arg_keep_hostname = 1;
+		}
 
 		//*************************************
 		// network

src/firejail/profile.c

@@ -1205,6 +1205,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 
 	// hostname
 	if (strncmp(ptr, "hostname ", 9) == 0) {
+		if (arg_keep_hostname) {
+			fprintf(stderr, "Error: hostname and keep-hostname are mutually exclusive\n");
+			exit(1);
+		}
 		cfg.hostname = ptr + 9;
 		if (strlen(cfg.hostname) == 0) {
 			fprintf(stderr, "Error: invalid hostname: cannot be empty\n");
@@ -1216,6 +1220,14 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 		}
 		return 0;
 	}
+	if (strncmp(ptr, "keep-hostname", 13) == 0) {
+		if (cfg.hostname) {
+			fprintf(stderr, "Error: hostname and keep-hostname are mutually exclusive\n");
+			exit(1);
+		}
+		arg_keep_hostname = 1;
+		return 0;
+	}
 
 	// hosts-file
 	if (strncmp(ptr, "hosts-file ", 11) == 0) {

src/firejail/sandbox.c

@@ -681,6 +681,7 @@ int sandbox(void* sandbox_arg) {
 	// set hostname
 	//****************************
 	if (cfg.hostname) {
+		assert(arg_keep_hostname == 0);
 		if (sethostname(cfg.hostname, strlen(cfg.hostname)) < 0)
 			errExit("sethostname");
 	}
@@ -988,7 +989,8 @@ int sandbox(void* sandbox_arg) {
 	//****************************
 	// hosts and hostname
 	//****************************
-	fs_hostname();
+	if (!arg_keep_hostname)
+		fs_hostname();
 
 	//****************************
 	// /etc overrides from the network namespace