appimage: automatically detect profile

README

@@ -500,6 +500,7 @@ Jean-Philippe Eisenbarth (https://github.com/jpeisenbarth)
  - fixed spotify.profile
 Jeff Squyres (https://github.com/jsquyres)
  - various manpage fixes
+ - cmdline.c: optionally quote the resulting command line
 Jericho (https://github.com/attritionorg)
  - spelling
 Jesse Smith (https://github.com/slicer69)

src/firejail/appimage.c

@@ -30,6 +30,7 @@
 
 static char *devloop = NULL; // device file
 static long unsigned size = 0; // offset into appimage file
+#define MAXBUF 4096
 
 #ifdef LOOP_CTL_GET_FREE // test for older kernels; this definition is found in /usr/include/linux/loop.h
 static void err_loop(void) {
@@ -38,6 +39,32 @@ static void err_loop(void) {
 }
 #endif
 
+// return 1 if found
+int appimage_find_profile(const char *archive) {
+ assert(archive);
+ assert(strlen(archive));
+
+ // try to match the name of the archive with the list of programs in /usr/lib/firejail/firecfg.config
+ FILE *fp = fopen(LIBDIR "/firejail/firecfg.config", "r");
+ if (!fp) {
+ fprintf(stderr, "Error: cannot find %s, firejail is not correctly installed\n", LIBDIR "/firejail/firecfg.config");
+ exit(1);
+ }
+ char buf[MAXBUF];
+ while (fgets(buf, MAXBUF, fp)) {
+ if (*buf == '#')
+ continue;
+ char *ptr = strchr(buf, '\n');
+ if (ptr)
+ *ptr = '\0';
+ if (strcasestr(archive, buf))
+ return profile_find_firejail(buf, 1);
+ }
+ return 0;
+
+}
+
+
 void appimage_set(const char *appimage) {
  assert(appimage);
  assert(devloop == NULL); // don't call this twice!

src/firejail/firejail.h

@@ -5,7 +5,7 @@
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; eithe r version 2 of the License, or
  * (at your option) any later version.
  *
  * This program is distributed in the hope that it will be useful,
@@ -815,6 +815,7 @@ int checkcfg(int val);
 void print_compiletime_support(void);
 
 // appimage.c
+int appimage_find_profile(const char *archive);
 void appimage_set(const char *appimage_path);
 void appimage_mount(void);
 void appimage_clear(void);

src/firejail/main.c

@@ -2819,6 +2819,11 @@ int main(int argc, char **argv, char **envp) {
  // build the sandbox command
  if (prog_index == -1 && cfg.shell) {
  assert(cfg.command_line == NULL); // runs cfg.shell
+ if (arg_appimage) {
+ fprintf(stderr, "Error: no appimage archive specified\n");
+ exit(1);
+ }
+
  cfg.window_title = cfg.shell;
  cfg.command_name = cfg.shell;
  }
@@ -2844,7 +2849,13 @@ int main(int argc, char **argv, char **envp) {
 
  // load the profile
  if (!arg_noprofile && !custom_profile) {
- custom_profile = profile_find_firejail(cfg.command_name, 1);
+ if (arg_appimage) {
+ custom_profile = appimage_find_profile(cfg.command_name);
+ // disable shell=* for appimages
+ arg_shell_none = 0;
+ }
+ else
+ custom_profile = profile_find_firejail(cfg.command_name, 1);
  }
 
  // use default.profile as the default
@@ -2858,7 +2869,7 @@ int main(int argc, char **argv, char **envp) {
  custom_profile = profile_find_firejail(profile_name, 1);
 
  if (!custom_profile) {
- fprintf(stderr, "Error: no default.profile installed\n");
+ fprintf(stderr, "Error: no %s installed\n", profile_name);
  exit(1);
  }