From d2bd561a697458faf39657bceceb6bf1cb300ce4 Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sat, 22 Nov 2025 09:07:10 +0000
Subject: [PATCH] bugfix: check for --quiet/--debug earlier during init (#6969)

Parse them as early as possible (after dropping permissions, etc), as
`checkcfg()` checks for `arg_debug` (for example).

Relates to #6878 #6951.

Kind of relates to #6579.
---
 src/firejail/main.c | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/src/firejail/main.c b/src/firejail/main.c
index ad022d4d9..479151855 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1075,20 +1075,33 @@ int main(int argc, char **argv, char **envp) {
 	// check standard streams before opening any file
 	fix_std_streams();
 
-	// initialize values from firejail.config (needed for arg/env checks)
-	checkcfg(0);
-
 	// argument count should be larger than 0
 	if (argc == 0 || !argv || strlen(argv[0]) == 0) {
 		fprintf(stderr, "Error: argv is invalid\n");
 		exit(1);
-	} else if (argc >= arg_max_count) {
+	}
+
+	// process --quiet
+	const char *env_quiet = env_get("FIREJAIL_QUIET");
+	if (check_arg(argc, argv, "--quiet", 1) || (env_quiet && strcmp(env_quiet, "yes") == 0))
+		arg_quiet = 1;
+
+	// process --debug
+	if (check_arg(argc, argv, "--debug", 1)) {
+		arg_debug = 1;
+		arg_quiet = 0;
+	}
+
+	// initialize values from firejail.config (needed for arg/env checks)
+	checkcfg(0);
+
+	// sanity check for arguments
+	if (argc >= arg_max_count) {
 		fprintf(stderr, "Error: too many arguments: argc (%d) >= arg-max-count (%d)\n",
 		        argc, arg_max_count);
 		exit(1);
 	}
 
-	// sanity check for arguments
 	for (i = 0; i < argc; i++) {
 		if (strlen(argv[i]) >= arg_max_len) {
 			fprintf(stderr, "Error: too long argument: argv[%d] len (%zu) >= arg-max-len (%lu): '%s'\n",
@@ -1111,17 +1124,6 @@ int main(int argc, char **argv, char **envp) {
 	// Reapply a minimal set of environment variables
 	env_apply_whitelist();
 
-	// process --quiet
-	const char *env_quiet = env_get("FIREJAIL_QUIET");
-	if (check_arg(argc, argv, "--quiet", 1) || (env_quiet && strcmp(env_quiet, "yes") == 0))
-		arg_quiet = 1;
-
-	// process --debug
-	if (check_arg(argc, argv, "--debug", 1)) {
-		arg_debug = 1;
-		arg_quiet = 0;
-	}
-
 	// check if the user is allowed to use firejail
 	init_cfg(argc, argv);