diff options
author | 2018-08-27 07:28:05 -0400 | |
---|---|---|
committer | 2018-08-27 07:28:05 -0400 | |
commit | 020ae3787ba713f575e9e59cdb282ed11b3fe814 (patch) | |
tree | 7897576f9565baacdc94571aaa08d4007880b27e | |
parent | merge from mainline (diff) | |
download | firejail-020ae3787ba713f575e9e59cdb282ed11b3fe814.tar.gz firejail-020ae3787ba713f575e9e59cdb282ed11b3fe814.tar.zst firejail-020ae3787ba713f575e9e59cdb282ed11b3fe814.zip |
cleanup
-rw-r--r-- | etc-fixes/0.9.38/firefox.profile | 32 | ||||
-rw-r--r-- | etc-fixes/0.9.52/firefox.profile | 96 | ||||
-rw-r--r-- | etc-fixes/0.9.52/gedit.profile | 44 | ||||
-rw-r--r-- | etc-fixes/0.9.52/libreoffice.profile | 36 | ||||
-rwxr-xr-x | src/tools/check-caps.sh | 46 | ||||
-rw-r--r-- | src/tools/extract_caps.c | 83 | ||||
-rw-r--r-- | src/tools/extract_errnos.sh | 4 | ||||
-rw-r--r-- | src/tools/extract_syscalls.c | 93 | ||||
-rwxr-xr-x | src/tools/mkcoverit.sh | 45 | ||||
-rw-r--r-- | src/tools/testuid.c | 49 | ||||
-rw-r--r-- | src/tools/ttytest.c | 36 | ||||
-rwxr-xr-x | src/tools/unchroot.pl | 33 | ||||
-rw-r--r-- | src/tools/unixsocket.c | 29 |
13 files changed, 0 insertions, 626 deletions
diff --git a/etc-fixes/0.9.38/firefox.profile b/etc-fixes/0.9.38/firefox.profile deleted file mode 100644 index f107f77fd..000000000 --- a/etc-fixes/0.9.38/firefox.profile +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | # Firejail profile for Mozilla Firefox (Iceweasel in Debian) | ||
2 | noblacklist ${HOME}/.mozilla | ||
3 | include /etc/firejail/disable-mgmt.inc | ||
4 | include /etc/firejail/disable-secret.inc | ||
5 | include /etc/firejail/disable-common.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | caps.drop all | ||
8 | |||
9 | #seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||
10 | seccomp.drop adjtimex,clock_adjtime,clock_settime,settimeofday,stime,modify_ldt,subpage_prot,switch_endian,vm86,vm86old,lookup_dcookie,perf_event_open,process_vm_writev,rtas,s390_runtime_instr,sys_debug_setcontext,delete_module,finit_module,init_module,_sysctl,afs_syscall,bdflush,break,create_module,ftime,get_kernel_syms,getpmsg,gtty,lock,mpx,prof,profil,putpmsg,query_module,security,sgetmask,ssetmask,stty,sysfs,tuxcall,ulimit,uselib,ustat,vserver,ioperm,iopl,pciconfig_iobase,pciconfig_read,pciconfig_write,s390_mmio_read,s390_mmio_write,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||
11 | |||
12 | protocol unix,inet,inet6,netlink | ||
13 | netfilter | ||
14 | # tracelog | ||
15 | noroot | ||
16 | whitelist ${DOWNLOADS} | ||
17 | whitelist ~/.mozilla | ||
18 | whitelist ~/.cache/mozilla/firefox | ||
19 | whitelist ~/dwhelper | ||
20 | whitelist ~/.zotero | ||
21 | whitelist ~/.lastpass | ||
22 | whitelist ~/.vimperatorrc | ||
23 | whitelist ~/.vimperator | ||
24 | whitelist ~/.pentadactylrc | ||
25 | whitelist ~/.pentadactyl | ||
26 | whitelist ~/.keysnail.js | ||
27 | whitelist ~/.config/gnome-mplayer | ||
28 | whitelist ~/.cache/gnome-mplayer/plugin | ||
29 | include /etc/firejail/whitelist-common.inc | ||
30 | |||
31 | # experimental features | ||
32 | #private-etc passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,gtk-2.0,pango,fonts,iceweasel,firefox,adobe,mime.types,mailcap,asound.conf,pulse | ||
diff --git a/etc-fixes/0.9.52/firefox.profile b/etc-fixes/0.9.52/firefox.profile deleted file mode 100644 index 6b19b14df..000000000 --- a/etc-fixes/0.9.52/firefox.profile +++ /dev/null | |||
@@ -1,96 +0,0 @@ | |||
1 | # Firejail profile for firefox | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/firefox.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.cache/mozilla | ||
9 | noblacklist ${HOME}/.config/okularpartrc | ||
10 | noblacklist ${HOME}/.config/okularrc | ||
11 | noblacklist ${HOME}/.config/qpdfview | ||
12 | noblacklist ${HOME}/.kde/share/apps/kget | ||
13 | noblacklist ${HOME}/.kde/share/apps/okular | ||
14 | noblacklist ${HOME}/.kde/share/config/kgetrc | ||
15 | noblacklist ${HOME}/.kde/share/config/okularpartrc | ||
16 | noblacklist ${HOME}/.kde/share/config/okularrc | ||
17 | noblacklist ${HOME}/.kde4/share/apps/kget | ||
18 | noblacklist ${HOME}/.kde4/share/apps/okular | ||
19 | noblacklist ${HOME}/.kde4/share/config/kgetrc | ||
20 | noblacklist ${HOME}/.kde4/share/config/okularpartrc | ||
21 | noblacklist ${HOME}/.kde4/share/config/okularrc | ||
22 | # noblacklist ${HOME}/.local/share/gnome-shell/extensions | ||
23 | noblacklist ${HOME}/.local/share/okular | ||
24 | noblacklist ${HOME}/.local/share/qpdfview | ||
25 | noblacklist ${HOME}/.mozilla | ||
26 | noblacklist ${HOME}/.pki | ||
27 | |||
28 | include /etc/firejail/disable-common.inc | ||
29 | include /etc/firejail/disable-devel.inc | ||
30 | include /etc/firejail/disable-programs.inc | ||
31 | |||
32 | mkdir ${HOME}/.cache/mozilla/firefox | ||
33 | mkdir ${HOME}/.mozilla | ||
34 | mkdir ${HOME}/.pki | ||
35 | whitelist ${DOWNLOADS} | ||
36 | whitelist ${HOME}/.cache/gnome-mplayer/plugin | ||
37 | whitelist ${HOME}/.cache/mozilla/firefox | ||
38 | whitelist ${HOME}/.config/gnome-mplayer | ||
39 | whitelist ${HOME}/.config/okularpartrc | ||
40 | whitelist ${HOME}/.config/okularrc | ||
41 | whitelist ${HOME}/.config/pipelight-silverlight5.1 | ||
42 | whitelist ${HOME}/.config/pipelight-widevine | ||
43 | whitelist ${HOME}/.config/qpdfview | ||
44 | whitelist ${HOME}/.kde/share/apps/kget | ||
45 | whitelist ${HOME}/.kde/share/apps/okular | ||
46 | whitelist ${HOME}/.kde/share/config/kgetrc | ||
47 | whitelist ${HOME}/.kde/share/config/okularpartrc | ||
48 | whitelist ${HOME}/.kde/share/config/okularrc | ||
49 | whitelist ${HOME}/.kde4/share/apps/kget | ||
50 | whitelist ${HOME}/.kde4/share/apps/okular | ||
51 | whitelist ${HOME}/.kde4/share/config/kgetrc | ||
52 | whitelist ${HOME}/.kde4/share/config/okularpartrc | ||
53 | whitelist ${HOME}/.kde4/share/config/okularrc | ||
54 | whitelist ${HOME}/.keysnail.js | ||
55 | whitelist ${HOME}/.lastpass | ||
56 | whitelist ${HOME}/.local/share/gnome-shell/extensions | ||
57 | whitelist ${HOME}/.local/share/okular | ||
58 | whitelist ${HOME}/.local/share/qpdfview | ||
59 | whitelist ${HOME}/.mozilla | ||
60 | whitelist ${HOME}/.pentadactyl | ||
61 | whitelist ${HOME}/.pentadactylrc | ||
62 | whitelist ${HOME}/.pki | ||
63 | whitelist ${HOME}/.vimperator | ||
64 | whitelist ${HOME}/.vimperatorrc | ||
65 | whitelist ${HOME}/.wine-pipelight | ||
66 | whitelist ${HOME}/.wine-pipelight64 | ||
67 | whitelist ${HOME}/.zotero | ||
68 | whitelist ${HOME}/dwhelper | ||
69 | include /etc/firejail/whitelist-common.inc | ||
70 | include /etc/firejail/whitelist-var-common.inc | ||
71 | |||
72 | caps.drop all | ||
73 | # machine-id breaks pulse audio; it should work fine in setups where sound is not required | ||
74 | #machine-id | ||
75 | netfilter | ||
76 | nodvd | ||
77 | nogroups | ||
78 | nonewprivs | ||
79 | noroot | ||
80 | notv | ||
81 | protocol unix,inet,inet6,netlink | ||
82 | #seccomp - replaced with seccomp.drop for Firefox 60 | ||
83 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice | ||
84 | shell none | ||
85 | #tracelog - disabled for Firefox 60 | ||
86 | |||
87 | disable-mnt | ||
88 | # firefox requires a shell to launch on Arch. | ||
89 | # private-bin firefox,which,sh,dbus-launch,dbus-send,env,bash | ||
90 | private-dev | ||
91 | # private-etc below works fine on most distributions. There are some problems on CentOS. | ||
92 | # private-etc iceweasel,ca-certificates,ssl,machine-id,dconf,selinux,passwd,group,hostname,hosts,localtime,nsswitch.conf,resolv.conf,xdg,gtk-2.0,gtk-3.0,X11,pango,fonts,firefox,mime.types,mailcap,asound.conf,pulse | ||
93 | private-tmp | ||
94 | |||
95 | noexec ${HOME} | ||
96 | noexec /tmp | ||
diff --git a/etc-fixes/0.9.52/gedit.profile b/etc-fixes/0.9.52/gedit.profile deleted file mode 100644 index 2646233cf..000000000 --- a/etc-fixes/0.9.52/gedit.profile +++ /dev/null | |||
@@ -1,44 +0,0 @@ | |||
1 | # Firejail profile for gedit | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/gedit.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | # blacklist /run/user/*/bus - makes settings immutable | ||
9 | |||
10 | noblacklist ${HOME}/.config/enchant | ||
11 | noblacklist ${HOME}/.config/gedit | ||
12 | noblacklist ${HOME}/.gitconfig | ||
13 | |||
14 | include /etc/firejail/disable-common.inc | ||
15 | # include /etc/firejail/disable-devel.inc | ||
16 | include /etc/firejail/disable-passwdmgr.inc | ||
17 | include /etc/firejail/disable-programs.inc | ||
18 | |||
19 | include /etc/firejail/whitelist-var-common.inc | ||
20 | |||
21 | caps.drop all | ||
22 | # net none - makes settings immutable | ||
23 | machine-id | ||
24 | no3d | ||
25 | nodvd | ||
26 | nogroups | ||
27 | nonewprivs | ||
28 | noroot | ||
29 | nosound | ||
30 | notv | ||
31 | novideo | ||
32 | protocol unix | ||
33 | seccomp | ||
34 | shell none | ||
35 | tracelog | ||
36 | |||
37 | # private-bin gedit | ||
38 | private-dev | ||
39 | # private-etc fonts | ||
40 | #private-lib gedit - disabled; problems when running "firejail gedit"; "firejail /usr/bin/gedit" works fine | ||
41 | private-tmp | ||
42 | |||
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc-fixes/0.9.52/libreoffice.profile b/etc-fixes/0.9.52/libreoffice.profile deleted file mode 100644 index bbc52ff5e..000000000 --- a/etc-fixes/0.9.52/libreoffice.profile +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | # Firejail profile for libreoffice | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/libreoffice.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.java | ||
9 | noblacklist /usr/local/sbin | ||
10 | noblacklist ${HOME}/.config/libreoffice | ||
11 | |||
12 | include /etc/firejail/disable-common.inc | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | include /etc/firejail/disable-passwdmgr.inc | ||
15 | include /etc/firejail/disable-programs.inc | ||
16 | |||
17 | include /etc/firejail/whitelist-var-common.inc | ||
18 | |||
19 | caps.drop all | ||
20 | machine-id | ||
21 | netfilter | ||
22 | nodvd | ||
23 | nogroups | ||
24 | #nonewprivs | ||
25 | noroot | ||
26 | notv | ||
27 | #protocol unix,inet,inet6 | ||
28 | #seccomp | ||
29 | shell none | ||
30 | #tracelog | ||
31 | |||
32 | private-dev | ||
33 | private-tmp | ||
34 | |||
35 | noexec ${HOME} | ||
36 | noexec /tmp | ||
diff --git a/src/tools/check-caps.sh b/src/tools/check-caps.sh deleted file mode 100755 index 13525677b..000000000 --- a/src/tools/check-caps.sh +++ /dev/null | |||
@@ -1,46 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | if [ $# -eq 0 ] | ||
4 | then | ||
5 | echo "Usage: check-caps.sh program-and-arguments" | ||
6 | echo | ||
7 | fi | ||
8 | |||
9 | set -x | ||
10 | |||
11 | firejail --caps.drop=chown "$1" | ||
12 | firejail --caps.drop=dac_override "$1" | ||
13 | firejail --caps.drop=dac_read_search "$1" | ||
14 | firejail --caps.drop=fowner "$1" | ||
15 | firejail --caps.drop=fsetid "$1" | ||
16 | firejail --caps.drop=kill "$1" | ||
17 | firejail --caps.drop=setgid "$1" | ||
18 | firejail --caps.drop=setuid "$1" | ||
19 | firejail --caps.drop=setpcap "$1" | ||
20 | firejail --caps.drop=linux_immutable "$1" | ||
21 | firejail --caps.drop=net_bind_service "$1" | ||
22 | firejail --caps.drop=net_broadcast "$1" | ||
23 | firejail --caps.drop=net_admin "$1" | ||
24 | firejail --caps.drop=net_raw "$1" | ||
25 | firejail --caps.drop=ipc_lock "$1" | ||
26 | firejail --caps.drop=ipc_owner "$1" | ||
27 | firejail --caps.drop=sys_module "$1" | ||
28 | firejail --caps.drop=sys_rawio "$1" | ||
29 | firejail --caps.drop=sys_chroot "$1" | ||
30 | firejail --caps.drop=sys_ptrace "$1" | ||
31 | firejail --caps.drop=sys_pacct "$1" | ||
32 | firejail --caps.drop=sys_admin "$1" | ||
33 | firejail --caps.drop=sys_boot "$1" | ||
34 | firejail --caps.drop=sys_nice "$1" | ||
35 | firejail --caps.drop=sys_resource "$1" | ||
36 | firejail --caps.drop=sys_time "$1" | ||
37 | firejail --caps.drop=sys_tty_config "$1" | ||
38 | firejail --caps.drop=mknod "$1" | ||
39 | firejail --caps.drop=lease "$1" | ||
40 | firejail --caps.drop=audit_write "$1" | ||
41 | firejail --caps.drop=audit_control "$1" | ||
42 | firejail --caps.drop=setfcap "$1" | ||
43 | firejail --caps.drop=mac_override "$1" | ||
44 | firejail --caps.drop=mac_admin "$1" | ||
45 | firejail --caps.drop=syslog "$1" | ||
46 | firejail --caps.drop=wake_alarm "$1" | ||
diff --git a/src/tools/extract_caps.c b/src/tools/extract_caps.c deleted file mode 100644 index 9769fb071..000000000 --- a/src/tools/extract_caps.c +++ /dev/null | |||
@@ -1,83 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2018 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include <stdio.h> | ||
21 | #include <stdlib.h> | ||
22 | #include <string.h> | ||
23 | #include <assert.h> | ||
24 | |||
25 | #define BUFMAX 4096 | ||
26 | |||
27 | int main(int argc, char **argv) { | ||
28 | if (argc != 2) { | ||
29 | printf("usage: %s /usr/include/linux/capability.h\n", argv[0]); | ||
30 | return 1; | ||
31 | } | ||
32 | |||
33 | //open file | ||
34 | FILE *fp = fopen(argv[1], "r"); | ||
35 | if (!fp) { | ||
36 | fprintf(stderr, "Error: cannot open file\n"); | ||
37 | return 1; | ||
38 | } | ||
39 | |||
40 | // read file | ||
41 | char buf[BUFMAX]; | ||
42 | while (fgets(buf, BUFMAX, fp)) { | ||
43 | // cleanup | ||
44 | char *start = buf; | ||
45 | while (*start == ' ' || *start == '\t') | ||
46 | start++; | ||
47 | char *end = strchr(start, '\n'); | ||
48 | if (end) | ||
49 | *end = '\0'; | ||
50 | |||
51 | // parsing | ||
52 | if (strncmp(start, "#define CAP_", 12) == 0) { | ||
53 | if (strstr(start, "CAP_LAST_CAP")) | ||
54 | break; | ||
55 | |||
56 | char *ptr1 = start + 8; | ||
57 | char *ptr2 = ptr1; | ||
58 | while (*ptr2 == ' ' || *ptr2 == '\t') | ||
59 | ptr2++; | ||
60 | while (*ptr2 != ' ' && *ptr2 != '\t') | ||
61 | ptr2++; | ||
62 | *ptr2 = '\0'; | ||
63 | |||
64 | ptr2 = strdup(ptr1); | ||
65 | assert(ptr2); | ||
66 | ptr2 += 4; | ||
67 | char *ptr3 = ptr2; | ||
68 | while (*ptr3 != '\0') { | ||
69 | *ptr3 = tolower(*ptr3); | ||
70 | ptr3++; | ||
71 | } | ||
72 | |||
73 | |||
74 | printf("#ifdef %s\n", ptr1); | ||
75 | printf("\t{\"%s\", %s },\n", ptr2, ptr1); | ||
76 | printf("#endif\n"); | ||
77 | |||
78 | } | ||
79 | |||
80 | } | ||
81 | fclose(fp); | ||
82 | return 0; | ||
83 | } | ||
diff --git a/src/tools/extract_errnos.sh b/src/tools/extract_errnos.sh deleted file mode 100644 index 43b225828..000000000 --- a/src/tools/extract_errnos.sh +++ /dev/null | |||
@@ -1,4 +0,0 @@ | |||
1 | echo -e "#include <errno.h>\n#include <attr/xattr.h>" | \ | ||
2 | cpp -dD | \ | ||
3 | grep "^#define E" | \ | ||
4 | sed -e '{s/#define \(.*\) .*/\t"\1", \1,/g}' | ||
diff --git a/src/tools/extract_syscalls.c b/src/tools/extract_syscalls.c deleted file mode 100644 index d7e16e912..000000000 --- a/src/tools/extract_syscalls.c +++ /dev/null | |||
@@ -1,93 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2018 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #include <stdio.h> | ||
21 | #include <stdlib.h> | ||
22 | #include <string.h> | ||
23 | |||
24 | #define BUFMAX 4096 | ||
25 | |||
26 | int main(int argc, char **argv) { | ||
27 | if (argc != 2) { | ||
28 | printf("usage: %s /usr/include/x86_64-linux-gnu/bits/syscall.h\n", argv[0]); | ||
29 | return 1; | ||
30 | } | ||
31 | |||
32 | //open file | ||
33 | FILE *fp = fopen(argv[1], "r"); | ||
34 | if (!fp) { | ||
35 | fprintf(stderr, "Error: cannot open file\n"); | ||
36 | return 1; | ||
37 | } | ||
38 | |||
39 | // read file | ||
40 | char buf[BUFMAX]; | ||
41 | while (fgets(buf, BUFMAX, fp)) { | ||
42 | // cleanup | ||
43 | char *start = buf; | ||
44 | while (*start == ' ' || *start == '\t') | ||
45 | start++; | ||
46 | char *end = strchr(start, '\n'); | ||
47 | if (end) | ||
48 | *end = '\0'; | ||
49 | |||
50 | // parsing | ||
51 | if (strncmp(start, "# error", 7) == 0) | ||
52 | continue; | ||
53 | if (strncmp(start, "#endif", 6) == 0) | ||
54 | printf("%s\n", start); | ||
55 | if (strncmp(start, "#endif", 6) == 0) | ||
56 | printf("%s\n", start); | ||
57 | else if (strncmp(start, "#if", 3) == 0) | ||
58 | printf("%s\n", start); | ||
59 | else if (strncmp(start, "#define", 7) == 0) { | ||
60 | // extract data | ||
61 | char *ptr1 = strstr(start, "SYS_"); | ||
62 | char *ptr2 = strstr(start, "__NR_"); | ||
63 | if (!ptr1 || !ptr2) { | ||
64 | fprintf(stderr, "Error: cannot parse \"%s\"\n", start); | ||
65 | fclose(fp); | ||
66 | return 1; | ||
67 | } | ||
68 | *(ptr2 - 1) = '\0'; | ||
69 | |||
70 | char *ptr3 = ptr1; | ||
71 | while (*ptr3 != ' ' && *ptr3 != '\t' && *ptr3 != '\0') | ||
72 | ptr3++; | ||
73 | *ptr3 = '\0'; | ||
74 | ptr3 = ptr2; | ||
75 | while (*ptr3 != ' ' && *ptr3 != '\t' && *ptr3 != '\0') | ||
76 | ptr3++; | ||
77 | *ptr3 = '\0'; | ||
78 | |||
79 | ptr3 = ptr1; | ||
80 | while (*ptr3 != '_') | ||
81 | ptr3++; | ||
82 | ptr3++; | ||
83 | |||
84 | printf("#ifdef %s\n", ptr1); | ||
85 | printf("#ifdef %s\n", ptr2); | ||
86 | printf("\t{\"%s\", %s},\n", ptr3, ptr2); | ||
87 | printf("#endif\n"); | ||
88 | printf("#endif\n"); | ||
89 | } | ||
90 | } | ||
91 | fclose(fp); | ||
92 | return 0; | ||
93 | } | ||
diff --git a/src/tools/mkcoverit.sh b/src/tools/mkcoverit.sh deleted file mode 100755 index d4a68e397..000000000 --- a/src/tools/mkcoverit.sh +++ /dev/null | |||
@@ -1,45 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | # unpack firejail archive | ||
4 | ARCFIREJAIL=`ls *.tar.xz| grep firejail` | ||
5 | if [ "$?" -eq 0 ]; | ||
6 | then | ||
7 | echo "preparing $ARCFIREJAIL" | ||
8 | DIRFIREJAIL=`basename $ARCFIREJAIL .tar.xz` | ||
9 | rm -fr $DIRFIREJAIL | ||
10 | tar -xJvf $ARCFIREJAIL | ||
11 | cd $DIRFIREJAIL | ||
12 | ./configure --prefix=/usr | ||
13 | cd .. | ||
14 | else | ||
15 | echo "Error: firejail source archive missing" | ||
16 | exit 1 | ||
17 | fi | ||
18 | |||
19 | |||
20 | # unpack firetools archive | ||
21 | ARCFIRETOOLS=`ls *.tar.bz2 | grep firetools` | ||
22 | if [ "$?" -eq 0 ]; | ||
23 | then | ||
24 | echo "preparing $ARCFIRETOOLS" | ||
25 | DIRFIRETOOLS=`basename $ARCFIRETOOLS .tar.bz2` | ||
26 | rm -fr $DIRFIRETOOLS | ||
27 | tar -xjvf $ARCFIRETOOLS | ||
28 | cd $DIRFIRETOOLS | ||
29 | pwd | ||
30 | ./configure --prefix=/usr | ||
31 | cd .. | ||
32 | |||
33 | else | ||
34 | echo "Error: firetools source archive missing" | ||
35 | exit 1 | ||
36 | fi | ||
37 | |||
38 | # move firetools in firejail source tree | ||
39 | mkdir -p $DIRFIREJAIL/extras | ||
40 | mv $DIRFIRETOOLS $DIRFIREJAIL/extras/firetools | ||
41 | |||
42 | # build | ||
43 | cd $DIRFIREJAIL | ||
44 | cov-build --dir cov-int make -j 4 extras | ||
45 | tar czvf myproject.tgz cov-int | ||
diff --git a/src/tools/testuid.c b/src/tools/testuid.c deleted file mode 100644 index 633b9773e..000000000 --- a/src/tools/testuid.c +++ /dev/null | |||
@@ -1,49 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2018 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | |||
21 | // compile: gcc -o testuid testuid.c | ||
22 | |||
23 | #include <stdio.h> | ||
24 | #include <stdlib.h> | ||
25 | #include <string.h> | ||
26 | #include <unistd.h> | ||
27 | #include <sys/types.h> | ||
28 | |||
29 | |||
30 | static void print_status(void) { | ||
31 | FILE *fp = fopen("/proc/self/status", "r"); | ||
32 | if (!fp) { | ||
33 | fprintf(stderr, "Error, cannot open staus file\n"); | ||
34 | exit(1); | ||
35 | } | ||
36 | |||
37 | char buf[4096]; | ||
38 | while (fgets(buf, 4096, fp)) { | ||
39 | if (strncmp(buf, "Uid", 3) == 0 || strncmp(buf, "Gid", 3) == 0) | ||
40 | printf("%s", buf); | ||
41 | } | ||
42 | |||
43 | fclose(fp); | ||
44 | } | ||
45 | |||
46 | int main(void) { | ||
47 | print_status(); | ||
48 | return 0; | ||
49 | } | ||
diff --git a/src/tools/ttytest.c b/src/tools/ttytest.c deleted file mode 100644 index a449bf9ba..000000000 --- a/src/tools/ttytest.c +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | #define _XOPEN_SOURCE 600 | ||
2 | #include <stdlib.h> | ||
3 | #include <stdio.h> | ||
4 | #include <fcntl.h> | ||
5 | #include <errno.h> | ||
6 | |||
7 | int main(void) { | ||
8 | int fdm; | ||
9 | int rc; | ||
10 | |||
11 | // initial | ||
12 | system("ls -l /dev/pts"); | ||
13 | |||
14 | fdm = posix_openpt(O_RDWR); | ||
15 | if (fdm < 0) { | ||
16 | perror("posix_openpt"); | ||
17 | return 1; | ||
18 | } | ||
19 | |||
20 | rc = grantpt(fdm); | ||
21 | if (rc != 0) { | ||
22 | perror("grantpt"); | ||
23 | return 1; | ||
24 | } | ||
25 | |||
26 | rc = unlockpt(fdm); | ||
27 | if (rc != 0) { | ||
28 | perror("unlockpt"); | ||
29 | return 1; | ||
30 | } | ||
31 | |||
32 | // final | ||
33 | system("ls -l /dev/pts"); | ||
34 | |||
35 | return 0; | ||
36 | } | ||
diff --git a/src/tools/unchroot.pl b/src/tools/unchroot.pl deleted file mode 100755 index bd30ffe76..000000000 --- a/src/tools/unchroot.pl +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | #!/usr/bin/perl -w | ||
2 | use strict; | ||
3 | # unchroot.pl Dec 2007 | ||
4 | # http://pentestmonkey.net/blog/chroot-breakout-perl | ||
5 | |||
6 | # This script may be used for legal purposes only. | ||
7 | |||
8 | # Go to the root of the jail | ||
9 | chdir "/"; | ||
10 | |||
11 | # Open filehandle to root of jail | ||
12 | opendir JAILROOT, "." or die "ERROR: Couldn't get file handle to root of jailn"; | ||
13 | |||
14 | # Create a subdir, move into it | ||
15 | mkdir "mysubdir"; | ||
16 | chdir "mysubdir"; | ||
17 | |||
18 | # Lock ourselves in a new jail | ||
19 | chroot "."; | ||
20 | |||
21 | # Use our filehandle to get back to the root of the old jail | ||
22 | chdir(*JAILROOT); | ||
23 | |||
24 | # Get to the real root | ||
25 | while ((stat("."))[0] != (stat(".."))[0] or (stat("."))[1] != (stat(".."))[1]) { | ||
26 | chdir ".."; | ||
27 | } | ||
28 | |||
29 | # Lock ourselves in real root - so we're not really in a jail at all now | ||
30 | chroot "."; | ||
31 | |||
32 | # Start an un-jailed shell | ||
33 | system("/bin/sh"); | ||
diff --git a/src/tools/unixsocket.c b/src/tools/unixsocket.c deleted file mode 100644 index c4302eed3..000000000 --- a/src/tools/unixsocket.c +++ /dev/null | |||
@@ -1,29 +0,0 @@ | |||
1 | #include <stdio.h> | ||
2 | #include <sys/types.h> | ||
3 | #include <sys/socket.h> | ||
4 | #include <sys/un.h> | ||
5 | |||
6 | int main(void) { | ||
7 | struct sockaddr_un addr; | ||
8 | int s; | ||
9 | const char *socketpath = "/var/run/minissdpd.sock"; | ||
10 | // const char *socketpath = "/var/run/acipd.sock"; | ||
11 | |||
12 | s = socket(AF_UNIX, SOCK_STREAM, 0); | ||
13 | if(s < 0) { | ||
14 | fprintf(stderr, "Error: cannot open socket\n"); | ||
15 | return 1; | ||
16 | } | ||
17 | |||
18 | addr.sun_family = AF_UNIX; | ||
19 | strncpy(addr.sun_path, socketpath, sizeof(addr.sun_path)); | ||
20 | if(connect(s, (struct sockaddr *)&addr, sizeof(struct sockaddr_un)) < 0) { | ||
21 | fprintf(stderr, "Error: cannot connect to socket\n"); | ||
22 | return 1; | ||
23 | } | ||
24 | |||
25 | printf("connected to %s\n", socketpath); | ||
26 | close(s); | ||
27 | |||
28 | return 0; | ||
29 | } | ||