diff --git a/RELNOTES b/RELNOTES index 2a2d9fbacd8..905c250962d 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1,6 +1,7 @@ firejail (0.9.67) baseline; urgency=low * work in progress * deprecated --disable-whitelist at compile time + * deprecated whitelist=yes/no in /etc/firejail/firejail.config -- netblue30 Mon, 28 Jun 2021 09:00:00 -0500 firejail (0.9.66) baseline; urgency=low diff --git a/etc/firejail.config b/etc/firejail.config index 43db494226c..2e355586b0a 100644 --- a/etc/firejail.config +++ b/etc/firejail.config @@ -123,9 +123,6 @@ # Enable or disable user namespace support, default enabled. # userns yes -# Enable or disable whitelisting support, default enabled. -# whitelist yes - # Disable whitelist top level directories, in addition to those # that are disabled out of the box. None by default; this is an example. # whitelist-disable-topdir /etc,/usr/etc diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 501804cbbfc..06e6f0ccb9a 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c @@ -106,7 +106,6 @@ int checkcfg(int val) { PARSE_YESNO(CFG_FIREJAIL_PROMPT, "firejail-prompt") PARSE_YESNO(CFG_FORCE_NONEWPRIVS, "force-nonewprivs") PARSE_YESNO(CFG_SECCOMP, "seccomp") - PARSE_YESNO(CFG_WHITELIST, "whitelist") PARSE_YESNO(CFG_NETWORK, "network") PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network") PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title") diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 9971d30b6dc..6c9d70c0b53 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -776,7 +776,6 @@ enum { CFG_NETWORK, CFG_RESTRICTED_NETWORK, CFG_FORCE_NONEWPRIVS, - CFG_WHITELIST, CFG_XEPHYR_WINDOW_TITLE, CFG_OVERLAYFS, CFG_PRIVATE_BIN, diff --git a/src/firejail/main.c b/src/firejail/main.c index b97b1f6adb6..f64994e0242 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1602,28 +1602,20 @@ int main(int argc, char **argv, char **envp) { // whitelist else if (strncmp(argv[i], "--whitelist=", 12) == 0) { - if (checkcfg(CFG_WHITELIST)) { - char *line; - if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1) - errExit("asprintf"); + char *line; + if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1) + errExit("asprintf"); - profile_check_line(line, 0, NULL); // will exit if something wrong - profile_add(line); - } - else - exit_err_feature("whitelist"); + profile_check_line(line, 0, NULL); // will exit if something wrong + profile_add(line); } else if (strncmp(argv[i], "--allow=", 8) == 0) { - if (checkcfg(CFG_WHITELIST)) { - char *line; - if (asprintf(&line, "whitelist %s", argv[i] + 8) == -1) - errExit("asprintf"); + char *line; + if (asprintf(&line, "whitelist %s", argv[i] + 8) == -1) + errExit("asprintf"); - profile_check_line(line, 0, NULL); // will exit if something wrong - profile_add(line); - } - else - exit_err_feature("whitelist"); + profile_check_line(line, 0, NULL); // will exit if something wrong + profile_add(line); } else if (strncmp(argv[i], "--nowhitelist=", 14) == 0) { char *line; diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 4301878095b..29bb5fbacfe 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -1589,18 +1589,8 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { else if (strncmp(ptr, "noblacklist ", 12) == 0) ptr += 12; else if (strncmp(ptr, "whitelist ", 10) == 0) { - if (checkcfg(CFG_WHITELIST)) { - arg_whitelist = 1; - ptr += 10; - } - else { - static int whitelist_warning_printed = 0; - if (!whitelist_warning_printed) { - warning_feature_disabled("whitelist"); - whitelist_warning_printed = 1; - } - return 0; - } + arg_whitelist = 1; + ptr += 10; } else if (strncmp(ptr, "nowhitelist ", 12) == 0) ptr += 12;