diff options
author | smitsohu <smitsohu@gmail.com> | 2022-03-13 21:17:32 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2022-03-13 21:17:32 +0100 |
commit | 5db89638a57e6eb8819b8b61d21780562e64d377 (patch) | |
tree | a40d72e1efc463c7a0b07d2988d8a6283d996429 | |
parent | fbuilder: consider unix sockets (diff) | |
download | firejail-5db89638a57e6eb8819b8b61d21780562e64d377.tar.gz firejail-5db89638a57e6eb8819b8b61d21780562e64d377.tar.zst firejail-5db89638a57e6eb8819b8b61d21780562e64d377.zip |
fbuilder: unify callback functions
-rw-r--r-- | src/fbuilder/build_fs.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index f7cf840c2..9038e1953 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -132,9 +132,20 @@ static void etc_callback(char *ptr) { | |||
132 | if (strncmp(ptr, "/etc/firejail", 13) == 0) | 132 | if (strncmp(ptr, "/etc/firejail", 13) == 0) |
133 | return; | 133 | return; |
134 | 134 | ||
135 | // extract the directory: | ||
136 | assert(strncmp(ptr, "/etc", 4) == 0); | ||
137 | char *p1 = ptr + 4; | ||
138 | if (*p1 != '/') | ||
139 | return; | ||
140 | p1++; | ||
141 | |||
142 | if (*p1 == '/') // double '/' | ||
143 | p1++; | ||
144 | if (*p1 == '\0') | ||
145 | return; | ||
146 | |||
135 | // add only top files and directories | 147 | // add only top files and directories |
136 | ptr += 5; // skip "/etc/" | 148 | char *end = strchr(p1, '/'); |
137 | char *end = strchr(ptr, '/'); | ||
138 | if (end) | 149 | if (end) |
139 | *end = '\0'; | 150 | *end = '\0'; |
140 | etc_out = filedb_add(etc_out, ptr); | 151 | etc_out = filedb_add(etc_out, ptr); |
@@ -178,6 +189,11 @@ static char *var_skip[] = { | |||
178 | static FileDB *var_out = NULL; | 189 | static FileDB *var_out = NULL; |
179 | static FileDB *var_skip = NULL; | 190 | static FileDB *var_skip = NULL; |
180 | static void var_callback(char *ptr) { | 191 | static void var_callback(char *ptr) { |
192 | // skip /var/lib/flatpak, /var/lib/snapd directory | ||
193 | if (strncmp(ptr, "/var/lib/flatpak", 16) == 0 || | ||
194 | strncmp(ptr, "/var/lib/snapd", 14) == 0) | ||
195 | return; | ||
196 | |||
181 | // extract the directory: | 197 | // extract the directory: |
182 | assert(strncmp(ptr, "/var", 4) == 0); | 198 | assert(strncmp(ptr, "/var", 4) == 0); |
183 | char *p1 = ptr + 4; | 199 | char *p1 = ptr + 4; |
@@ -198,8 +214,6 @@ void build_var(const char *fname, FILE *fp) { | |||
198 | assert(fname); | 214 | assert(fname); |
199 | 215 | ||
200 | var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "whitelist /var/"); | 216 | var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "whitelist /var/"); |
201 | var_skip = filedb_add(var_skip, "lib/flatpak"); | ||
202 | var_skip = filedb_add(var_skip, "lib/snapd"); | ||
203 | process_files(fname, "/var", var_callback); | 217 | process_files(fname, "/var", var_callback); |
204 | 218 | ||
205 | // always whitelist /var | 219 | // always whitelist /var |