Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support more schemes and other commands #2

Open
rusty-snake opened this issue Jan 6, 2023 · 3 comments
Open

Support more schemes and other commands #2

rusty-snake opened this issue Jan 6, 2023 · 3 comments
Labels
enhancement New feature or request

Comments

@rusty-snake
Copy link
Owner 

# schemeapps.conf
# ===============
#
# This file contains a mapping of schemes to command-line for fireurl::open.
#
# Format
# ------
#
# * Leading and trailing whitespace characters are ignored.
# * Empty lines are ignored.
# * Lines starting with a "#" are comments (and ignored).
# * Everything else is expected to be an mapping of an scheme to a command line
#   in the form of `<scheme>: <command-line>`.
# * The command-line can contain a "%u" that will be substituted with the uri.
#   If the "%u" is missing it is implicitly added at the end.
# * The command-line is split at every whitespace character.
#   No quoting. No escaping.
# * If there is more than one mapping for a scheme the behavior is undefined.
# * If there is more than one "%u" in the command-line the behavior is undefined.
# * The format may change in the future.

http: firefox
https: firefox %u
@rusty-snake rusty-snake added the enhancement New feature or request label Jan 6, 2023
@rusty-snake
Copy link
Owner Author 

for line in schemeapps_conf {
    let line = line.trim();
    if line.is_empty() || line.starts_with('#') {
        continue;
    }
    
    let (scheme, cmd) = if let Some(scheme_cmd) = line.split_once(':') {
        scheme_cmd
    } else {
        eprintln!("ERROR: Invalid line in schemeapps.conf: {line}");
        continue;
    };
    let mut cmd = cmd.split_whitespace()
        ...
}

@topimiettinen
Copy link

How about using a regexp or fnmatch patterns and also explicit allow/deny:

allow http:https://*.example.com/* firefox %u
deny *

For more flexibility (for example, if client authentication is considered in the future), the syntax could be

allow url=https://*.example.com/* cmd='firefox %u' client='mutt'
allow url=https:* client='firefox*'
deny url=http:*
# default deny
deny

@rusty-snake
Copy link
Owner Author

  • regexp/fnmatch/glob: Require some dependencies. If we to integrate fireurl into firejail's build system this is much more complicated (ATM it would be two calls to rustc). However if everything we need is a zero/one-or-more placeholder this can be implemented easily in fireurl.
  • Restricts for specific clients make sense. But global restrictions do not seem very useful to me.
  • One file for everything? Maybe it would be easier/better to have one file mapping schemes to commands and one defining policies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@topimiettinen @rusty-snake