diff options
author | netblue30 <netblue30@yahoo.com> | 2018-04-28 13:32:38 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2018-04-28 13:32:38 -0400 |
commit | b246c1f475dd0d795180471704b04abd87d828d7 (patch) | |
tree | a4abbd15a7d06a976e2292defa569696778bcdce | |
parent | Merge pull request #1914 from flacks/profiles/gajim (diff) | |
download | firejail-b246c1f475dd0d795180471704b04abd87d828d7.tar.gz firejail-b246c1f475dd0d795180471704b04abd87d828d7.tar.zst firejail-b246c1f475dd0d795180471704b04abd87d828d7.zip |
private-lib fixes
-rw-r--r-- | src/firejail/fs_bin.c | 8 | ||||
-rw-r--r-- | src/firejail/fs_lib.c | 14 | ||||
-rw-r--r-- | src/fldd/main.c | 6 |
3 files changed, 13 insertions, 15 deletions
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c index d4cdbbe0a..b0ad35299 100644 --- a/src/firejail/fs_bin.c +++ b/src/firejail/fs_bin.c | |||
@@ -25,6 +25,8 @@ | |||
25 | #include <unistd.h> | 25 | #include <unistd.h> |
26 | #include <glob.h> | 26 | #include <glob.h> |
27 | 27 | ||
28 | static int prog_cnt = 0; | ||
29 | |||
28 | static char *paths[] = { | 30 | static char *paths[] = { |
29 | "/usr/local/bin", | 31 | "/usr/local/bin", |
30 | "/usr/bin", | 32 | "/usr/bin", |
@@ -191,6 +193,7 @@ static void duplicate(char *fname, FILE *fplist) { | |||
191 | // solving problems such as /bin/sh -> /bin/dash | 193 | // solving problems such as /bin/sh -> /bin/dash |
192 | // copy the real file pointed by symlink | 194 | // copy the real file pointed by symlink |
193 | sbox_run(SBOX_ROOT| SBOX_SECCOMP, 3, PATH_FCOPY, actual_path, RUN_BIN_DIR); | 195 | sbox_run(SBOX_ROOT| SBOX_SECCOMP, 3, PATH_FCOPY, actual_path, RUN_BIN_DIR); |
196 | prog_cnt++; | ||
194 | char *f = strrchr(actual_path, '/'); | 197 | char *f = strrchr(actual_path, '/'); |
195 | if (f && *(++f) !='\0') | 198 | if (f && *(++f) !='\0') |
196 | report_duplication(f); | 199 | report_duplication(f); |
@@ -201,6 +204,7 @@ static void duplicate(char *fname, FILE *fplist) { | |||
201 | 204 | ||
202 | // copy a file or a symlink | 205 | // copy a file or a symlink |
203 | sbox_run(SBOX_ROOT| SBOX_SECCOMP, 3, PATH_FCOPY, full_path, RUN_BIN_DIR); | 206 | sbox_run(SBOX_ROOT| SBOX_SECCOMP, 3, PATH_FCOPY, full_path, RUN_BIN_DIR); |
207 | prog_cnt++; | ||
204 | free(full_path); | 208 | free(full_path); |
205 | report_duplication(fname); | 209 | report_duplication(fname); |
206 | } | 210 | } |
@@ -256,6 +260,9 @@ void fs_private_bin_list(void) { | |||
256 | char *private_list = cfg.bin_private_keep; | 260 | char *private_list = cfg.bin_private_keep; |
257 | assert(private_list); | 261 | assert(private_list); |
258 | 262 | ||
263 | // start timetrace | ||
264 | timetrace_start(); | ||
265 | |||
259 | // create /run/firejail/mnt/bin directory | 266 | // create /run/firejail/mnt/bin directory |
260 | mkdir_attr(RUN_BIN_DIR, 0755, 0, 0); | 267 | mkdir_attr(RUN_BIN_DIR, 0755, 0, 0); |
261 | 268 | ||
@@ -298,4 +305,5 @@ void fs_private_bin_list(void) { | |||
298 | } | 305 | } |
299 | i++; | 306 | i++; |
300 | } | 307 | } |
308 | fmessage("%d %s installed in %0.2f ms\n", prog_cnt, (prog_cnt == 1)? "program": "programs", timetrace_end()); | ||
301 | } | 309 | } |
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index 8a105be97..7892ab491 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -377,20 +377,12 @@ void fs_private_lib(void) { | |||
377 | printf("*** Installing system libraries\n"); | 377 | printf("*** Installing system libraries\n"); |
378 | fslib_install_system(); | 378 | fslib_install_system(); |
379 | 379 | ||
380 | fmessage("Installed %d libraries and %d directories\n", lib_cnt, dir_cnt); | 380 | fmessage("Installed %d %s and %d %s\n", lib_cnt, (lib_cnt == 1)? "library": "libraries", |
381 | dir_cnt, (dir_cnt == 1)? "directory": "directories"); | ||
381 | 382 | ||
382 | // bring in firejail directory for --trace options | 383 | // bring in firejail directory for --trace and seccomp post exec |
383 | fslib_copy_dir(LIBDIR "/firejail"); | 384 | fslib_copy_dir(LIBDIR "/firejail"); |
384 | 385 | ||
385 | // ... and for sandbox in sandbox functionality | ||
386 | fslib_copy_libs(LIBDIR "/firejail/faudit"); | ||
387 | fslib_copy_libs(LIBDIR "/firejail/fbuilder"); | ||
388 | fslib_copy_libs(LIBDIR "/firejail/fcopy"); | ||
389 | fslib_copy_libs(LIBDIR "/firejail/fldd"); | ||
390 | fslib_copy_libs(LIBDIR "/firejail/fnet"); | ||
391 | fslib_copy_libs(LIBDIR "/firejail/fnetfilter"); | ||
392 | fslib_copy_libs(LIBDIR "/firejail/fseccomp"); | ||
393 | fslib_copy_libs(LIBDIR "/firejail/ftee"); | ||
394 | // mount lib filesystem | 386 | // mount lib filesystem |
395 | mount_directories(); | 387 | mount_directories(); |
396 | } | 388 | } |
diff --git a/src/fldd/main.c b/src/fldd/main.c index be4500d2a..4658e82fb 100644 --- a/src/fldd/main.c +++ b/src/fldd/main.c | |||
@@ -340,10 +340,8 @@ printf("\n"); | |||
340 | else { | 340 | else { |
341 | if (is_lib_64(argv[1])) | 341 | if (is_lib_64(argv[1])) |
342 | parse_elf(argv[1]); | 342 | parse_elf(argv[1]); |
343 | else { | 343 | else |
344 | fprintf(stderr, "Error fldd: %s is not a 64bit program/library\n", argv[1]); | 344 | fprintf(stderr, "Warning fldd: %s is not a 64bit program/library\n", argv[1]); |
345 | exit(1); | ||
346 | } | ||
347 | } | 345 | } |
348 | 346 | ||
349 | 347 | ||