fix #2820 - adjustable file copy limit; export FIREJAIL_DEBUG into sbox

RELNOTES

@@ -1,5 +1,6 @@
 firejail (0.9.61) baseline; urgency=low
   * work in progress
+  * added file-copy-limit in /etc/firejail/firejail.config
   * profile templates
   * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
   * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder

etc/firejail.config

@@ -35,6 +35,11 @@
 # cannot be overridden by --noblacklist or --ignore.
 # disable-mnt no
 
+# Set the limit for file copy in several --private-* options. The size is set
+# in megabytes. By default we allow up to 500MB.
+# Note: the files are copied in RAM.
+# file-copy-limit 500
+
 # Enable or disable file transfer support, default enabled.
 # file-transfer yes
 

src/fcopy/main.c

@@ -25,9 +25,11 @@
 #include <pwd.h>
 
 int arg_quiet = 0;
+int arg_debug = 0;
 static int arg_follow_link = 0;
 
-#define COPY_LIMIT (500 * 1024 *1024)
+static int copy_limit = 500 * 1024 *1024; // 500 MB
+#define COPY_LIMIT (
 static int size_limit_reached = 0;
 static unsigned file_cnt = 0;
 static unsigned size_cnt = 0;
@@ -184,8 +186,8 @@ static int fs_copydir(const char *infname, const struct stat *st, int ftype, str
 	mode_t mode = s.st_mode;
 
 	// recalculate size
-	if ((s.st_size + size_cnt) > COPY_LIMIT) {
-		fprintf(stderr, "Error fcopy: size limit of %dMB reached\n", (COPY_LIMIT / 1024) / 1024);
+	if ((s.st_size + size_cnt) > copy_limit) {
+		fprintf(stderr, "Error fcopy: size limit of %dMB reached\n", (copy_limit / 1024) / 1024);
 		size_limit_reached = 1;
 		free(outfname);
 		return 0;
@@ -330,6 +332,9 @@ int main(int argc, char **argv) {
 	char *quiet = getenv("FIREJAIL_QUIET");
 	if (quiet && strcmp(quiet, "yes") == 0)
 		arg_quiet = 1;
+	char *debug = getenv("FIREJAIL_DEBUG");
+	if (debug && strcmp(debug, "yes") == 0)
+		arg_debug = 1;
 
 	char *src;
 	char *dest;
@@ -384,6 +389,14 @@ int main(int argc, char **argv) {
 		exit(1);
 	}
 
+	// extract copy limit size from env variable, if any
+	char *cl = getenv("FIREJAIL_FILE_COPY_LIMIT");
+	if (cl) {
+		copy_limit = atoi(cl) * 1024 * 1024;
+		if (arg_debug)
+			printf("file copy limit %d bytes\n", copy_limit);
+	}
+
 	// copy files
 	if ((arg_follow_link ? stat : lstat)(src, &s) == -1) {
 		fprintf(stderr, "Error fcopy: src %s: %s\n", src, strerror(errno));

src/firejail/checkcfg.c

@@ -207,6 +207,12 @@ int checkcfg(int val) {
 					goto errout;
 				cfg_val[CFG_ARP_PROBES] = arp_probes;
 			}
+
+			// file copy limit
+			else if (strncmp(ptr, "file-copy-limit ", 16) == 0) {
+				if (setenv("FIREJAIL_FILE_COPY_LIMIT", ptr + 16, 1) == -1)
+					errExit("setenv");
+			}
 			else
 				goto errout;
 

src/firejail/firejail.h

@@ -720,6 +720,7 @@ enum {
 	CFG_PRIVATE_CACHE,
 	CFG_CGROUP,
 	CFG_NAME_CHANGE,
+	// CFG_FILE_COPY_LIMIT - file copy limit handled using setenv/getenv
 	CFG_MAX // this should always be the last entry
 };
 extern char *xephyr_screen;

src/firejail/sbox.c

@@ -129,8 +129,24 @@ int sbox_run(unsigned filter, int num, ...) {
 	if (child < 0)
 		errExit("fork");
 	if (child == 0) {
-		// clean the new process
+		// preserve firejail-specific env vars
+		char *cl = getenv("FIREJAIL_FILE_COPY_LIMIT");
+		if (cl) {
+			// duplicate the value, who knows what's going to happen with it in clearenv!
+			cl = strdup(cl);
+			if (!cl)
+				errExit("strdup");
+		}
 		clearenv();
+		if (cl) {
+			if (setenv("FIREJAIL_FILE_COPY_LIMIT", cl, 1) == -1)
+				errExit("setenv");
+			free(cl);
+		}
+		if (arg_quiet) // --quiet is passed as an environment variable
+			setenv("FIREJAIL_QUIET", "yes", 1);
+		if (arg_debug) // --debug is passed as an environment variable
+			setenv("FIREJAIL_DEBUG", "yes", 1);
 
 		if (filter & SBOX_STDIN_FROM_FILE) {
 			int fd;
@@ -196,12 +212,6 @@ int sbox_run(unsigned filter, int num, ...) {
 		else if (filter & SBOX_USER)
 			drop_privs(1);
 
-		clearenv();
-
-		// --quiet is passed as an environment variable
-		if (arg_quiet)
-			setenv("FIREJAIL_QUIET", "yes", 1);
-
 		if (arg[0])	// get rid of scan-build warning
 			execvp(arg[0], arg);
 		else