Add new condition ALLOW_TRAY

contrib/vim/syntax/firejail.vim

@@ -72,7 +72,7 @@ syn match fjCommandNoCond /quiet$/ contained
 
 " Conditionals grabbed from: src/firejail/profile.c
 " Generate list with: awk -- 'BEGIN {process=0;} /^Cond conditionals\[\] = \{$/ {process=1;} /\t*\{"[^"]+".*/ { if (process) {print gensub(/^\t*\{"([^"]+)".*$/, "\\1", 1);} } /^\t\{ NULL, NULL \}$/ {process=0;}' src/firejail/profile.c | sort -u | tr $'\n' '|'
-syn match fjConditional /\v\?(BROWSER_ALLOW_DRM|BROWSER_DISABLE_U2F|HAS_APPIMAGE|HAS_NET|HAS_NODBUS|HAS_NOSOUND|HAS_X11) ?:/ nextgroup=fjCommand skipwhite contained
+syn match fjConditional /\v\?(ALLOW_TRAY|BROWSER_ALLOW_DRM|BROWSER_DISABLE_U2F|HAS_APPIMAGE|HAS_NET|HAS_NODBUS|HAS_NOSOUND|HAS_X11) ?:/ nextgroup=fjCommand skipwhite contained
 
 " A line is either a command, a conditional or a comment
 syn match fjStatement /^/ nextgroup=fjCommand,fjCommandNoCond,fjConditional,fjComment

etc/firejail.config

@@ -2,6 +2,9 @@
 # keyword-argument pairs, one per line. Most features are enabled by default.
 # Use 'yes' or 'no' as configuration values.
 
+# Allow programs to display a tray icon
+# allow-tray no
+
 # Enable AppArmor functionality, default enabled.
 # apparmor yes
 

src/firejail/checkcfg.c

@@ -58,6 +58,7 @@ int checkcfg(int val) {
 		cfg_val[CFG_XPRA_ATTACH] = 0;
 		cfg_val[CFG_SECCOMP_ERROR_ACTION] = -1;
 		cfg_val[CFG_BROWSER_ALLOW_DRM] = 0;
+		cfg_val[CFG_ALLOW_TRAY] = 0;
 
 		// open configuration file
 		const char *fname = SYSCONFDIR "/firejail.config";
@@ -122,6 +123,7 @@ int checkcfg(int val) {
 			PARSE_YESNO(CFG_XPRA_ATTACH, "xpra-attach")
 			PARSE_YESNO(CFG_BROWSER_DISABLE_U2F, "browser-disable-u2f")
 			PARSE_YESNO(CFG_BROWSER_ALLOW_DRM, "browser-allow-drm")
+			PARSE_YESNO(CFG_ALLOW_TRAY, "allow-tray")
 #undef PARSE_YESNO
 
 			// netfilter

src/firejail/firejail.h

@@ -801,6 +801,7 @@ enum {
 	CFG_NAME_CHANGE,
 	CFG_SECCOMP_ERROR_ACTION,
 	// CFG_FILE_COPY_LIMIT - file copy limit handled using setenv/getenv
+	CFG_ALLOW_TRAY,
 	CFG_MAX // this should always be the last entry
 };
 extern char *xephyr_screen;

src/firejail/profile.c

@@ -175,6 +175,10 @@ static int check_allow_drm(void) {
 	return checkcfg(CFG_BROWSER_ALLOW_DRM) != 0;
 }
 
+static int check_allow_tray(void) {
+	return checkcfg(CFG_ALLOW_TRAY) != 0;
+}
+
 Cond conditionals[] = {
 	{"HAS_APPIMAGE", check_appimage},
 	{"HAS_NET", check_netoptions},
@@ -184,6 +188,7 @@ Cond conditionals[] = {
 	{"HAS_X11", check_x11},
 	{"BROWSER_DISABLE_U2F", check_disable_u2f},
 	{"BROWSER_ALLOW_DRM", check_allow_drm},
+	{"ALLOW_TRAY", check_allow_tray},
 	{ NULL, NULL }
 };
 

src/man/firejail-profile.txt

@@ -174,7 +174,7 @@ Example: "?HAS_APPIMAGE: allow ${HOME}/special/appimage/dir"
 
 This example will load the profile line only if the \-\-appimage option has been specified on the command line.
 
-Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM
+Currently the only conditionals supported this way are HAS_APPIMAGE, HAS_NET, HAS_NODBUS, HAS_NOSOUND, HAS_PRIVATE and HAS_X11. The conditionals ALLOW_TRAY, BROWSER_DISABLE_U2F and BROWSER_ALLOW_DRM
 can be enabled or disabled globally in Firejail's configuration file.
 
 The profile line may be any profile line that you would normally use in a profile \fBexcept\fR for "quiet" and "include" lines.