diff options
author | netblue30 <netblue30@protonmail.com> | 2021-10-09 12:53:14 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-09 12:53:14 +0000 |
commit | 2828b64e21c7834c2ee8051d22b57260f09c7bf8 (patch) | |
tree | c8c3825ba19045853d4ab15d82143c613b67cc11 | |
parent | Merge pull request #4587 from kmk3/fix-vscodium (diff) | |
parent | Revert "allow/deny fbuilder" (diff) | |
download | firejail-2828b64e21c7834c2ee8051d22b57260f09c7bf8.tar.gz firejail-2828b64e21c7834c2ee8051d22b57260f09c7bf8.tar.zst firejail-2828b64e21c7834c2ee8051d22b57260f09c7bf8.zip |
Merge pull request #4593 from kmk3/revert-allow-deny-fbuilder
Revert "allow/deny fbuilder"
-rw-r--r-- | src/fbuilder/build_fs.c | 8 | ||||
-rw-r--r-- | src/fbuilder/build_home.c | 4 | ||||
-rw-r--r-- | src/fbuilder/build_profile.c | 2 | ||||
-rwxr-xr-x | test/utils/build.exp | 2 |
4 files changed, 8 insertions, 8 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 019c3ac5a..8700e0ba1 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -182,12 +182,12 @@ static void var_callback(char *ptr) { | |||
182 | void build_var(const char *fname, FILE *fp) { | 182 | void build_var(const char *fname, FILE *fp) { |
183 | assert(fname); | 183 | assert(fname); |
184 | 184 | ||
185 | var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "allow /var/"); | 185 | var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "whitelist /var/"); |
186 | process_files(fname, "/var", var_callback); | 186 | process_files(fname, "/var", var_callback); |
187 | 187 | ||
188 | // always whitelist /var | 188 | // always whitelist /var |
189 | if (var_out) | 189 | if (var_out) |
190 | filedb_print(var_out, "allow /var/", fp); | 190 | filedb_print(var_out, "whitelist /var/", fp); |
191 | fprintf(fp, "include whitelist-var-common.inc\n"); | 191 | fprintf(fp, "include whitelist-var-common.inc\n"); |
192 | } | 192 | } |
193 | 193 | ||
@@ -222,12 +222,12 @@ static void share_callback(char *ptr) { | |||
222 | void build_share(const char *fname, FILE *fp) { | 222 | void build_share(const char *fname, FILE *fp) { |
223 | assert(fname); | 223 | assert(fname); |
224 | 224 | ||
225 | share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "allow /usr/share/"); | 225 | share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "whitelist /usr/share/"); |
226 | process_files(fname, "/usr/share", share_callback); | 226 | process_files(fname, "/usr/share", share_callback); |
227 | 227 | ||
228 | // always whitelist /usr/share | 228 | // always whitelist /usr/share |
229 | if (share_out) | 229 | if (share_out) |
230 | filedb_print(share_out, "allow /usr/share/", fp); | 230 | filedb_print(share_out, "whitelist /usr/share/", fp); |
231 | fprintf(fp, "include whitelist-usr-share-common.inc\n"); | 231 | fprintf(fp, "include whitelist-usr-share-common.inc\n"); |
232 | } | 232 | } |
233 | 233 | ||
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c index c85474779..0fe0ffef6 100644 --- a/src/fbuilder/build_home.c +++ b/src/fbuilder/build_home.c | |||
@@ -140,7 +140,7 @@ void build_home(const char *fname, FILE *fp) { | |||
140 | assert(fname); | 140 | assert(fname); |
141 | 141 | ||
142 | // load whitelist common | 142 | // load whitelist common |
143 | db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "allow ${HOME}/"); | 143 | db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "whitelist ${HOME}/"); |
144 | 144 | ||
145 | // find user home directory | 145 | // find user home directory |
146 | struct passwd *pw = getpwuid(getuid()); | 146 | struct passwd *pw = getpwuid(getuid()); |
@@ -168,7 +168,7 @@ void build_home(const char *fname, FILE *fp) { | |||
168 | 168 | ||
169 | // print the out list if any | 169 | // print the out list if any |
170 | if (db_out) { | 170 | if (db_out) { |
171 | filedb_print(db_out, "allow ${HOME}/", fp); | 171 | filedb_print(db_out, "whitelist ${HOME}/", fp); |
172 | fprintf(fp, "include whitelist-common.inc\n"); | 172 | fprintf(fp, "include whitelist-common.inc\n"); |
173 | } | 173 | } |
174 | else | 174 | else |
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 0b9a99739..c945d7253 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -92,7 +92,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
92 | 92 | ||
93 | if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { | 93 | if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { |
94 | if (fp == stdout) | 94 | if (fp == stdout) |
95 | printf("--- Built profile beings after this line ---\n"); | 95 | printf("--- Built profile begins after this line ---\n"); |
96 | fprintf(fp, "# Save this file as \"application.profile\" (change \"application\" with the\n"); | 96 | fprintf(fp, "# Save this file as \"application.profile\" (change \"application\" with the\n"); |
97 | fprintf(fp, "# program name) in ~/.config/firejail directory. Firejail will find it\n"); | 97 | fprintf(fp, "# program name) in ~/.config/firejail directory. Firejail will find it\n"); |
98 | fprintf(fp, "# automatically every time you sandbox your application.\n#\n"); | 98 | fprintf(fp, "# automatically every time you sandbox your application.\n#\n"); |
diff --git a/test/utils/build.exp b/test/utils/build.exp index 104ac037c..b9733c137 100755 --- a/test/utils/build.exp +++ b/test/utils/build.exp | |||
@@ -13,7 +13,7 @@ after 100 | |||
13 | send -- "firejail --build cat ~/_firejail-test-file\r" | 13 | send -- "firejail --build cat ~/_firejail-test-file\r" |
14 | expect { | 14 | expect { |
15 | timeout {puts "TESTING ERROR 0\n";exit} | 15 | timeout {puts "TESTING ERROR 0\n";exit} |
16 | "allow $\{HOME\}/_firejail-test-file" | 16 | "whitelist $\{HOME\}/_firejail-test-file" |
17 | } | 17 | } |
18 | expect { | 18 | expect { |
19 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |