diff options
author | netblue30 <netblue30@yahoo.com> | 2016-01-30 08:01:50 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-01-30 08:01:50 -0500 |
commit | f67698e31d04cd9c046f0779955eec1ed29710e3 (patch) | |
tree | 4741c17750f7e1fd4102606b0331af6a6b03255f | |
parent | release 0.9.38-rc1 testing (diff) | |
parent | Typos (diff) | |
download | firejail-f67698e31d04cd9c046f0779955eec1ed29710e3.tar.gz firejail-f67698e31d04cd9c046f0779955eec1ed29710e3.tar.zst firejail-f67698e31d04cd9c046f0779955eec1ed29710e3.zip |
Merge pull request #272 from mcarpenter/typos
Typos
-rw-r--r-- | src/firejail/arp.c | 8 | ||||
-rw-r--r-- | src/firejail/bandwidth.c | 4 | ||||
-rw-r--r-- | src/firejail/cgroup.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_var.c | 4 | ||||
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/firejail/netfilter.c | 2 | ||||
-rw-r--r-- | src/firejail/profile.c | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 2 | ||||
-rw-r--r-- | src/firejail/seccomp.c | 2 | ||||
-rw-r--r-- | src/firejail/seccomp.h | 6 | ||||
-rw-r--r-- | src/firejail/usage.c | 6 | ||||
-rw-r--r-- | src/firemon/cpu.c | 2 | ||||
-rw-r--r-- | src/firemon/firemon.c | 2 | ||||
-rw-r--r-- | src/libtracelog/libtracelog.c | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
15 files changed, 25 insertions, 25 deletions
diff --git a/src/firejail/arp.c b/src/firejail/arp.c index b25c2692e..fb5e426b0 100644 --- a/src/firejail/arp.c +++ b/src/firejail/arp.c | |||
@@ -87,7 +87,7 @@ int arp_check(const char *dev, uint32_t destaddr, uint32_t srcaddr) { | |||
87 | memcpy(hdr.sender_ip, (uint8_t *)&srcaddr, 4); | 87 | memcpy(hdr.sender_ip, (uint8_t *)&srcaddr, 4); |
88 | memcpy(hdr.target_ip, (uint8_t *)&destaddr, 4); | 88 | memcpy(hdr.target_ip, (uint8_t *)&destaddr, 4); |
89 | 89 | ||
90 | // buiild ethernet frame | 90 | // build ethernet frame |
91 | uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc | 91 | uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc |
92 | memset(frame, 0, sizeof(frame)); | 92 | memset(frame, 0, sizeof(frame)); |
93 | frame[0] = frame[1] = frame[2] = frame[3] = frame[4] = frame[5] = 0xff; | 93 | frame[0] = frame[1] = frame[2] = frame[3] = frame[4] = frame[5] = 0xff; |
@@ -130,7 +130,7 @@ int arp_check(const char *dev, uint32_t destaddr, uint32_t srcaddr) { | |||
130 | return -1; | 130 | return -1; |
131 | } | 131 | } |
132 | 132 | ||
133 | // parse the incomming packet | 133 | // parse the incoming packet |
134 | if ((unsigned int) len < 14 + sizeof(ArpHdr)) | 134 | if ((unsigned int) len < 14 + sizeof(ArpHdr)) |
135 | continue; | 135 | continue; |
136 | if (frame[12] != (ETH_P_ARP / 256) || frame[13] != (ETH_P_ARP % 256)) | 136 | if (frame[12] != (ETH_P_ARP / 256) || frame[13] != (ETH_P_ARP % 256)) |
@@ -384,7 +384,7 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) { | |||
384 | uint32_t dst = htonl(dest); | 384 | uint32_t dst = htonl(dest); |
385 | memcpy(hdr.target_ip, (uint8_t *)&dst, 4); | 385 | memcpy(hdr.target_ip, (uint8_t *)&dst, 4); |
386 | 386 | ||
387 | // buiild ethernet frame | 387 | // build ethernet frame |
388 | uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc | 388 | uint8_t frame[ETH_FRAME_LEN]; // includes eht header, vlan, and crc |
389 | memset(frame, 0, sizeof(frame)); | 389 | memset(frame, 0, sizeof(frame)); |
390 | frame[0] = frame[1] = frame[2] = frame[3] = frame[4] = frame[5] = 0xff; | 390 | frame[0] = frame[1] = frame[2] = frame[3] = frame[4] = frame[5] = 0xff; |
@@ -409,7 +409,7 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) { | |||
409 | perror("recvfrom"); | 409 | perror("recvfrom"); |
410 | } | 410 | } |
411 | 411 | ||
412 | // parse the incomming packet | 412 | // parse the incoming packet |
413 | if ((unsigned int) len < 14 + sizeof(ArpHdr)) | 413 | if ((unsigned int) len < 14 + sizeof(ArpHdr)) |
414 | continue; | 414 | continue; |
415 | 415 | ||
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index cb3631ab7..c372dd455 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -271,7 +271,7 @@ void shm_write_bandwidth_file(pid_t pid) { | |||
271 | return; | 271 | return; |
272 | 272 | ||
273 | errout: | 273 | errout: |
274 | fprintf(stderr, "Error: cannot write bandwidht file %s\n", fname); | 274 | fprintf(stderr, "Error: cannot write bandwidth file %s\n", fname); |
275 | exit(1); | 275 | exit(1); |
276 | } | 276 | } |
277 | 277 | ||
@@ -413,7 +413,7 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in | |||
413 | errExit("asprintf"); | 413 | errExit("asprintf"); |
414 | FILE *fp = fopen(fname, "r"); | 414 | FILE *fp = fopen(fname, "r"); |
415 | if (!fp) { | 415 | if (!fp) { |
416 | fprintf(stderr, "Error: cannot read netowk map filel %s\n", fname); | 416 | fprintf(stderr, "Error: cannot read network map file %s\n", fname); |
417 | exit(1); | 417 | exit(1); |
418 | } | 418 | } |
419 | 419 | ||
diff --git a/src/firejail/cgroup.c b/src/firejail/cgroup.c index 8b8f7e970..040a1f934 100644 --- a/src/firejail/cgroup.c +++ b/src/firejail/cgroup.c | |||
@@ -64,7 +64,7 @@ void load_cgroup(const char *fname) { | |||
64 | return; | 64 | return; |
65 | } | 65 | } |
66 | errout: | 66 | errout: |
67 | fprintf(stderr, "Warrning: cannot load control group\n"); | 67 | fprintf(stderr, "Warning: cannot load control group\n"); |
68 | if (fp) | 68 | if (fp) |
69 | fclose(fp); | 69 | fclose(fp); |
70 | } | 70 | } |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index fe11bd5b5..8ecd159e8 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
@@ -110,7 +110,7 @@ static void build_dirs(void) { | |||
110 | void fs_var_log(void) { | 110 | void fs_var_log(void) { |
111 | build_list("/var/log"); | 111 | build_list("/var/log"); |
112 | 112 | ||
113 | // create /var/log if it does't exit | 113 | // create /var/log if it doesn't exit |
114 | if (is_dir("/var/log")) { | 114 | if (is_dir("/var/log")) { |
115 | // extract group id for /var/log/wtmp | 115 | // extract group id for /var/log/wtmp |
116 | struct stat s; | 116 | struct stat s; |
@@ -184,7 +184,7 @@ void fs_var_lib(void) { | |||
184 | printf("Mounting tmpfs on /var/lib/nginx\n"); | 184 | printf("Mounting tmpfs on /var/lib/nginx\n"); |
185 | if (mount("tmpfs", "/var/lib/nginx", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 185 | if (mount("tmpfs", "/var/lib/nginx", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
186 | errExit("mounting /var/lib/nginx"); | 186 | errExit("mounting /var/lib/nginx"); |
187 | fs_logger("mount tmpfs on /var/lib/nignx"); | 187 | fs_logger("mount tmpfs on /var/lib/nginx"); |
188 | } | 188 | } |
189 | 189 | ||
190 | // net-snmp multiserver | 190 | // net-snmp multiserver |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 21e6e4975..684d03c05 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -108,7 +108,7 @@ static void myexit(int rv) { | |||
108 | printf("\nparent is shutting down, bye...\n"); | 108 | printf("\nparent is shutting down, bye...\n"); |
109 | 109 | ||
110 | // delete sandbox files in shared memory | 110 | // delete sandbox files in shared memory |
111 | bandwidth_shm_del_file(sandbox_pid); // bandwidht file | 111 | bandwidth_shm_del_file(sandbox_pid); // bandwidth file |
112 | network_shm_del_file(sandbox_pid); // network map file | 112 | network_shm_del_file(sandbox_pid); // network map file |
113 | 113 | ||
114 | exit(rv); | 114 | exit(rv); |
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c index 68a4207e5..a1c1b9c16 100644 --- a/src/firejail/netfilter.c +++ b/src/firejail/netfilter.c | |||
@@ -30,7 +30,7 @@ static char *client_filter = | |||
30 | ":FORWARD DROP [0:0]\n" | 30 | ":FORWARD DROP [0:0]\n" |
31 | ":OUTPUT ACCEPT [0:0]\n" | 31 | ":OUTPUT ACCEPT [0:0]\n" |
32 | "-A INPUT -i lo -j ACCEPT\n" | 32 | "-A INPUT -i lo -j ACCEPT\n" |
33 | "# echo replay is handled by -m state RELEATED/ESTABLISHED below\n" | 33 | "# echo replay is handled by -m state RELATED/ESTABLISHED below\n" |
34 | "#-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT\n" | 34 | "#-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT\n" |
35 | "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" | 35 | "-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n" |
36 | "-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT\n" | 36 | "-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT\n" |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 76adbb934..bbdeafd60 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -345,7 +345,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
345 | char *dname1 = ptr + 5; | 345 | char *dname1 = ptr + 5; |
346 | char *dname2 = split_comma(dname1); // this inserts a '0 to separate the two dierctories | 346 | char *dname2 = split_comma(dname1); // this inserts a '0 to separate the two dierctories |
347 | if (dname2 == NULL) { | 347 | if (dname2 == NULL) { |
348 | fprintf(stderr, "Error: mising second directory for bind\n"); | 348 | fprintf(stderr, "Error: missing second directory for bind\n"); |
349 | exit(1); | 349 | exit(1); |
350 | } | 350 | } |
351 | 351 | ||
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index a7308dda6..a876f6b5f 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -173,7 +173,7 @@ static void monitor_application(pid_t app_pid) { | |||
173 | 173 | ||
174 | #if 0 | 174 | #if 0 |
175 | // todo: find a way to shut down interfaces before closing the namespace | 175 | // todo: find a way to shut down interfaces before closing the namespace |
176 | // the problem is we don't have enough privileges to shutdown interfaces in this momen | 176 | // the problem is we don't have enough privileges to shutdown interfaces in this moment |
177 | // shut down bridge/macvlan interfaces | 177 | // shut down bridge/macvlan interfaces |
178 | if (any_bridge_configured()) { | 178 | if (any_bridge_configured()) { |
179 | 179 | ||
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index c97741a86..7a015963b 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -432,7 +432,7 @@ int seccomp_filter_drop(int enforce_seccomp) { | |||
432 | #ifdef SYS_ioperm | 432 | #ifdef SYS_ioperm |
433 | filter_add_blacklist(SYS_ioperm, 0); | 433 | filter_add_blacklist(SYS_ioperm, 0); |
434 | #endif | 434 | #endif |
435 | #ifdef SYS_ni_syscall // new io permisions call on arm devices | 435 | #ifdef SYS_ni_syscall // new io permissions call on arm devices |
436 | filter_add_blacklist(SYS_ni_syscall, 0); | 436 | filter_add_blacklist(SYS_ni_syscall, 0); |
437 | #endif | 437 | #endif |
438 | #ifdef SYS_swapon | 438 | #ifdef SYS_swapon |
diff --git a/src/firejail/seccomp.h b/src/firejail/seccomp.h index 3c4f14469..555baa14f 100644 --- a/src/firejail/seccomp.h +++ b/src/firejail/seccomp.h | |||
@@ -31,9 +31,9 @@ | |||
31 | BLACKLIST(SYS_init_module), // kernel module handling | 31 | BLACKLIST(SYS_init_module), // kernel module handling |
32 | BLACKLIST(SYS_finit_module), | 32 | BLACKLIST(SYS_finit_module), |
33 | BLACKLIST(SYS_delete_module), | 33 | BLACKLIST(SYS_delete_module), |
34 | BLACKLIST(SYS_iopl), // io permisions | 34 | BLACKLIST(SYS_iopl), // io permissions |
35 | BLACKLIST(SYS_ioperm), | 35 | BLACKLIST(SYS_ioperm), |
36 | BLACKLIST(SYS_iopl), // io permisions | 36 | BLACKLIST(SYS_iopl), // io permissions |
37 | BLACKLIST(SYS_ni_syscall), | 37 | BLACKLIST(SYS_ni_syscall), |
38 | BLACKLIST(SYS_swapon), // swap on/off | 38 | BLACKLIST(SYS_swapon), // swap on/off |
39 | BLACKLIST(SYS_swapoff), | 39 | BLACKLIST(SYS_swapoff), |
@@ -141,4 +141,4 @@ struct seccomp_data { | |||
141 | #define KILL_PROCESS \ | 141 | #define KILL_PROCESS \ |
142 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) | 142 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_KILL) |
143 | 143 | ||
144 | #endif \ No newline at end of file | 144 | #endif |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 52b85f5ce..dcd6a388e 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -77,7 +77,7 @@ void usage(void) { | |||
77 | printf("\t--debug-caps - print all recognized capabilities in the current\n"); | 77 | printf("\t--debug-caps - print all recognized capabilities in the current\n"); |
78 | printf("\t\tFirejail software build and exit.\n\n"); | 78 | printf("\t\tFirejail software build and exit.\n\n"); |
79 | printf("\t--debug-check-filename - debug filename checking.\n\n"); | 79 | printf("\t--debug-check-filename - debug filename checking.\n\n"); |
80 | printf("\t--debug-errnos - print all recognized error numbres in the current\n"); | 80 | printf("\t--debug-errnos - print all recognized error numbers in the current\n"); |
81 | printf("\t\tFirejail software build and exit.\n\n"); | 81 | printf("\t\tFirejail software build and exit.\n\n"); |
82 | printf("\t--debug-protocols - print all recognized protocols in the current\n"); | 82 | printf("\t--debug-protocols - print all recognized protocols in the current\n"); |
83 | printf("\t\tFirejail software build and exit.\n\n"); | 83 | printf("\t\tFirejail software build and exit.\n\n"); |
@@ -109,7 +109,7 @@ void usage(void) { | |||
109 | printf("\t--ignore=command - ignore command in profile files.\n\n"); | 109 | printf("\t--ignore=command - ignore command in profile files.\n\n"); |
110 | #ifdef HAVE_NETWORK | 110 | #ifdef HAVE_NETWORK |
111 | printf("\t--interface=name - move interface in a new network namespace. Up to\n"); | 111 | printf("\t--interface=name - move interface in a new network namespace. Up to\n"); |
112 | printf("\t\tfour --interface options can be sepcified.\n\n"); | 112 | printf("\t\tfour --interface options can be specified.\n\n"); |
113 | printf("\t--ip=address - set interface IP address.\n\n"); | 113 | printf("\t--ip=address - set interface IP address.\n\n"); |
114 | printf("\t--ip=none - no IP address and no default gateway address are configured\n"); | 114 | printf("\t--ip=none - no IP address and no default gateway address are configured\n"); |
115 | printf("\t\tin the new network namespace. Use this option in case you intend\n"); | 115 | printf("\t\tin the new network namespace. Use this option in case you intend\n"); |
@@ -227,7 +227,7 @@ void usage(void) { | |||
227 | printf("\t\tis closed.\n\n"); | 227 | printf("\t\tis closed.\n\n"); |
228 | 228 | ||
229 | printf("\t--private-dev - create a new /dev directory. Only dri, null, full, zero,\n"); | 229 | printf("\t--private-dev - create a new /dev directory. Only dri, null, full, zero,\n"); |
230 | printf("\t\ttty, pst, ptms, random, urandom, log and shm devices are\n"); | 230 | printf("\t\tty, pst, ptms, random, urandom, log and shm devices are\n"); |
231 | printf("\t\tavailable.\n\n"); | 231 | printf("\t\tavailable.\n\n"); |
232 | 232 | ||
233 | printf("\t--private-etc=file,directory - build a new /etc in a temporary\n"); | 233 | printf("\t--private-etc=file,directory - build a new /etc in a temporary\n"); |
diff --git a/src/firemon/cpu.c b/src/firemon/cpu.c index b31d9a467..06658f58c 100644 --- a/src/firemon/cpu.c +++ b/src/firemon/cpu.c | |||
@@ -1,5 +1,5 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2015 6etblue30 (netblue30@yahoo.com) | 2 | * Copyright (C) 2014-2015 netblue30 (netblue30@yahoo.com) |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
5 | * | 5 | * |
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 83cce5c32..679c5a3e9 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
@@ -74,7 +74,7 @@ void firemon_drop_privs(void) { | |||
74 | // sleep and wait for a key to be pressed | 74 | // sleep and wait for a key to be pressed |
75 | void firemon_sleep(int st) { | 75 | void firemon_sleep(int st) { |
76 | if (terminal_set == 0) { | 76 | if (terminal_set == 0) { |
77 | tcgetattr(0, &twait); // get current terminal attirbutes; 0 is the file descriptor for stdin | 77 | tcgetattr(0, &twait); // get current terminal attributes; 0 is the file descriptor for stdin |
78 | memcpy(&tlocal, &twait, sizeof(tlocal)); | 78 | memcpy(&tlocal, &twait, sizeof(tlocal)); |
79 | twait.c_lflag &= ~ICANON; // disable canonical mode | 79 | twait.c_lflag &= ~ICANON; // disable canonical mode |
80 | twait.c_lflag &= ~ECHO; // no echo | 80 | twait.c_lflag &= ~ECHO; // no echo |
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c index f8601c892..3ba47afdb 100644 --- a/src/libtracelog/libtracelog.c +++ b/src/libtracelog/libtracelog.c | |||
@@ -139,7 +139,7 @@ static char *storage_find(const char *str) { | |||
139 | 139 | ||
140 | 140 | ||
141 | // | 141 | // |
142 | // load blacklistst form /run/firejail/mnt/fslogger | 142 | // load blacklist form /run/firejail/mnt/fslogger |
143 | // | 143 | // |
144 | #define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger" | 144 | #define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger" |
145 | #define MAXBUF 4096 | 145 | #define MAXBUF 4096 |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 877ee0ce5..e60ecadaa 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -430,7 +430,7 @@ $ firejail \-\-ignore=shell --ignore=seccomp firefox | |||
430 | 430 | ||
431 | .TP | 431 | .TP |
432 | \fB\-\-interface=interface | 432 | \fB\-\-interface=interface |
433 | Move interface in a new network namespace. Up to four --interface options can be sepcified. | 433 | Move interface in a new network namespace. Up to four --interface options can be specified. |
434 | .br | 434 | .br |
435 | 435 | ||
436 | .br | 436 | .br |
@@ -1196,7 +1196,7 @@ SECCOMP Filter: | |||
1196 | .br | 1196 | .br |
1197 | VALIDATE_ARCHITECTURE | 1197 | VALIDATE_ARCHITECTURE |
1198 | .br | 1198 | .br |
1199 | EXAMINE_SYSCAL | 1199 | EXAMINE_SYSCALL |
1200 | .br | 1200 | .br |
1201 | BLACKLIST 165 mount | 1201 | BLACKLIST 165 mount |
1202 | .br | 1202 | .br |