diff options
author | KOLANICH <kolan_n@mail.ru> | 2016-12-18 03:23:21 +0300 |
---|---|---|
committer | KOLANICH <kolan_n@mail.ru> | 2016-12-18 03:23:21 +0300 |
commit | 8e75011239e95eb718e7f5baf800b33423aa39ba (patch) | |
tree | 5591aaa22e7f543c38a9662033886162965aac08 | |
parent | profile updates (diff) | |
download | firejail-8e75011239e95eb718e7f5baf800b33423aa39ba.tar.gz firejail-8e75011239e95eb718e7f5baf800b33423aa39ba.tar.zst firejail-8e75011239e95eb718e7f5baf800b33423aa39ba.zip |
Added symlink fixer. It fixes the profiles in order to give access to symlinked binaries (for example if sh -> dash and dash is not in private-bin, you can't use sh)
-rw-r--r-- | etc/fix_private-bin_for_symlinked_sh.py | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/etc/fix_private-bin_for_symlinked_sh.py b/etc/fix_private-bin_for_symlinked_sh.py new file mode 100644 index 000000000..705e46e46 --- /dev/null +++ b/etc/fix_private-bin_for_symlinked_sh.py | |||
@@ -0,0 +1,68 @@ | |||
1 | #!/usr/bin/python3 | ||
2 | |||
3 | import sys, os, glob, re | ||
4 | |||
5 | privRx=re.compile("^(?:#\s*)?private-bin") | ||
6 | |||
7 | def fixSymlinkedBins(files, replMap): | ||
8 | rxs=dict() | ||
9 | for (old,new) in replMap.items(): | ||
10 | rxs[old]=re.compile("\\b"+old+"\\b") | ||
11 | rxs[new]=re.compile("\\b"+new+"\\b") | ||
12 | print(rxs) | ||
13 | |||
14 | for filename in files: | ||
15 | lines=None | ||
16 | with open(filename,"r") as file: | ||
17 | lines=file.readlines() | ||
18 | |||
19 | shouldUpdate=False | ||
20 | for (i,line) in enumerate(lines): | ||
21 | if privRx.search(line): | ||
22 | for (old,new) in replMap.items(): | ||
23 | if rxs[old].search(line) and not rxs[new].search(line): | ||
24 | lines[i]=rxs[old].sub(old+","+new, line) | ||
25 | shouldUpdate=True | ||
26 | print(lines[i]) | ||
27 | |||
28 | if shouldUpdate: | ||
29 | with open(filename,"w") as file: | ||
30 | file.writelines(lines) | ||
31 | pass | ||
32 | |||
33 | def createListOfBinaries(files): | ||
34 | s=set() | ||
35 | for filename in files: | ||
36 | lines=None | ||
37 | with open(filename,"r") as file: | ||
38 | for line in file: | ||
39 | if privRx.search(line): | ||
40 | bins=line.split(",") | ||
41 | bins[0]=bins[0].split(" ")[-1] | ||
42 | bins = [n.strip() for n in bins] | ||
43 | s=s|set(bins) | ||
44 | return s | ||
45 | |||
46 | def createSymlinkTable(binDirs, binariesSet): | ||
47 | m=dict() | ||
48 | for sh in binariesSet: | ||
49 | for bD in binDirs: | ||
50 | p=bD+os.path.sep+sh | ||
51 | if os.path.exists(p): | ||
52 | if os.path.islink(p): | ||
53 | m[sh]=os.readlink(p) | ||
54 | else: | ||
55 | pass | ||
56 | break | ||
57 | return m | ||
58 | |||
59 | |||
60 | sh="sh" | ||
61 | binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"] | ||
62 | profilesPath="." | ||
63 | files=glob.glob(profilesPath+os.path.sep+"*.profile") | ||
64 | |||
65 | bins=createListOfBinaries(files) | ||
66 | stbl=createSymlinkTable(binDirs,bins) | ||
67 | print(stbl) | ||
68 | fixSymlinkedBins(files,{a[0]:a[1] for a in stbl.items() if a[0].find("/") < 0 and a[1].find("/")<0}) | ||