Merge pull request #4878 from smitsohu/builder

build option: add AppImage support
author: netblue30 <netblue30@protonmail.com> 2022-01-24 11:54:16 -0500
committer: GitHub <noreply@github.com> 2022-01-24 11:54:16 -0500
commit: 775430e265dfdeca9ef472732b9e89155ac95dda (patch)
tree: 7bd73ccf7d9f98631202f3a5c713aaf8c150c042
parent: Revert "adding netlink to --protocol list (#4605)" (diff)
parent: build option: add appimage support (diff)
download: firejail-775430e265dfdeca9ef472732b9e89155ac95dda.tar.gz
firejail-775430e265dfdeca9ef472732b9e89155ac95dda.tar.zst
firejail-775430e265dfdeca9ef472732b9e89155ac95dda.zip
3 files changed, 26 insertions, 26 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c
index 2e6b46e77..3a7a12fb3 100644
--- a/src/fbuilder/build_profile.c
+++ b/src/fbuilder/build_profile.c
@@ -22,7 +22,6 @@
 #include <sys/wait.h>
 #define TRACE_OUTPUT "/tmp/firejail-trace.XXXXXX"
-#define STRACE_OUTPUT "/tmp/firejail-strace.XXXXXX"
 void build_profile(int argc, char **argv, int index, FILE *fp) {
        // next index is the application name
@@ -41,36 +40,33 @@ void build_profile(int argc, char **argv, int index, FILE *fp) {
        if(asprintf(&output,"--trace=%s",trace_output) == -1)
                errExit("asprintf");
-        char *cmdlist[] = {
-          BINDIR "/firejail",
-          "--quiet",
-          "--noprofile",
-          "--caps.drop=all",
-          "--seccomp",
-          output,
-          "--shell=none",
-        };
        // calculate command length
-        unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1;
+        unsigned len = 64;      // plenty of space for firejail command line
-        if (arg_debug)
+        len += argc - index;    // program command line
-                printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index);
+        len += 1;               // NULL
-        char *cmd[len];
-        cmd[0] = cmdlist[0];    // explicit assignment to clean scan-build error
        // build command
-        unsigned i = 0;
+        char *cmd[len];
-        for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++)
+        unsigned curr_len = 0;
-                cmd[i] = cmdlist[i];
+        cmd[curr_len++] = BINDIR "/firejail";
+        cmd[curr_len++] = "--quiet";
-        int i2 = index;
+        cmd[curr_len++] = "--noprofile";
-        for (; i < (len - 1); i++, i2++)
+        cmd[curr_len++] = "--caps.drop=all";
-                cmd[i] = argv[i2];
+        cmd[curr_len++] = "--seccomp";
-        assert(i < len);
+        cmd[curr_len++] = "--shell=none";
-        cmd[i] = NULL;
+        cmd[curr_len++] = output;
+        if (arg_appimage)
+                cmd[curr_len++] = "--appimage";
+        int i;
+        for (i = index; i < argc; i++)
+                cmd[curr_len++] = argv[i];
+        assert(curr_len < len);
+        cmd[curr_len] = NULL;
        if (arg_debug) {
-                for (i = 0; i < len; i++)
+                for (i = 0; cmd[i]; i++)
                        printf("%s%s\n", (i)?"\t":"", cmd[i]);
        }
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h
index 12dfdb8be..3e23d7854 100644
--- a/src/fbuilder/fbuilder.h
+++ b/src/fbuilder/fbuilder.h
@@ -31,6 +31,7 @@
 #define MAX_BUF 4096
 // main.c
 extern int arg_debug;
+extern int arg_appimage;
 // build_profile.c
 void build_profile(int argc, char **argv, int index, FILE *fp);
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c
index 9e30ec539..aa49b2489 100644
--- a/src/fbuilder/main.c
+++ b/src/fbuilder/main.c
@@ -19,6 +19,7 @@
 */
 #include "fbuilder.h"
 int arg_debug = 0;
+int arg_appimage = 0;
 static void usage(void) {
        printf("Firejail profile builder\n");
@@ -49,6 +50,8 @@ printf("\n");
                }
                else if (strcmp(argv[i], "--debug") == 0)
                        arg_debug = 1;
+                else if (strcmp(argv[i], "--appimage") == 0)
+                        arg_appimage = 1;
                else if (strcmp(argv[i], "--build") == 0)
                        ; // do nothing, this is passed down from firejail
                else if (strncmp(argv[i], "--build=", 8) == 0) {
author	netblue30 <netblue30@protonmail.com>	2022-01-24 11:54:16 -0500
committer	GitHub <noreply@github.com>	2022-01-24 11:54:16 -0500
commit	775430e265dfdeca9ef472732b9e89155ac95dda (patch)
tree	7bd73ccf7d9f98631202f3a5c713aaf8c150c042
parent	Revert "adding netlink to --protocol list (#4605)" (diff)
parent	build option: add appimage support (diff)
download	firejail-775430e265dfdeca9ef472732b9e89155ac95dda.tar.gz firejail-775430e265dfdeca9ef472732b9e89155ac95dda.tar.zst firejail-775430e265dfdeca9ef472732b9e89155ac95dda.zip

diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 2e6b46e77..3a7a12fb3 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c
@@ -22,7 +22,6 @@
22	#include <sys/wait.h>	22	#include <sys/wait.h>
23		23
24	#define TRACE_OUTPUT "/tmp/firejail-trace.XXXXXX"	24	#define TRACE_OUTPUT "/tmp/firejail-trace.XXXXXX"
25	#define STRACE_OUTPUT "/tmp/firejail-strace.XXXXXX"
26		25
27	void build_profile(int argc, char *argv, int index, FILE fp) {	26	void build_profile(int argc, char *argv, int index, FILE fp) {
28	// next index is the application name	27	// next index is the application name
@@ -41,36 +40,33 @@ void build_profile(int argc, char *argv, int index, FILE fp) {
41	if(asprintf(&output,"--trace=%s",trace_output) == -1)	40	if(asprintf(&output,"--trace=%s",trace_output) == -1)
42	errExit("asprintf");	41	errExit("asprintf");
43		42
44	char *cmdlist[] = {
45	BINDIR "/firejail",
46	"--quiet",
47	"--noprofile",
48	"--caps.drop=all",
49	"--seccomp",
50	output,
51	"--shell=none",
52	};
53
54	// calculate command length	43	// calculate command length
55	unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1;	44	unsigned len = 64; // plenty of space for firejail command line
56	if (arg_debug)	45	len += argc - index; // program command line
57	printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index);	46	len += 1; // NULL
58	char *cmd[len];
59	cmd[0] = cmdlist[0]; // explicit assignment to clean scan-build error
60		47
61	// build command	48	// build command
62	unsigned i = 0;	49	char *cmd[len];
63	for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++)	50	unsigned curr_len = 0;
64	cmd[i] = cmdlist[i];	51	cmd[curr_len++] = BINDIR "/firejail";
65		52	cmd[curr_len++] = "--quiet";
66	int i2 = index;	53	cmd[curr_len++] = "--noprofile";
67	for (; i < (len - 1); i++, i2++)	54	cmd[curr_len++] = "--caps.drop=all";
68	cmd[i] = argv[i2];	55	cmd[curr_len++] = "--seccomp";
69	assert(i < len);	56	cmd[curr_len++] = "--shell=none";
70	cmd[i] = NULL;	57	cmd[curr_len++] = output;
		58	if (arg_appimage)
		59	cmd[curr_len++] = "--appimage";
		60
		61	int i;
		62	for (i = index; i < argc; i++)
		63	cmd[curr_len++] = argv[i];
		64
		65	assert(curr_len < len);
		66	cmd[curr_len] = NULL;
71		67
72	if (arg_debug) {	68	if (arg_debug) {
73	for (i = 0; i < len; i++)	69	for (i = 0; cmd[i]; i++)
74	printf("%s%s\n", (i)?"\t":"", cmd[i]);	70	printf("%s%s\n", (i)?"\t":"", cmd[i]);
75	}	71	}
76		72


diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h index 12dfdb8be..3e23d7854 100644 --- a/src/fbuilder/fbuilder.h +++ b/src/fbuilder/fbuilder.h
@@ -31,6 +31,7 @@
31	#define MAX_BUF 4096	31	#define MAX_BUF 4096
32	// main.c	32	// main.c
33	extern int arg_debug;	33	extern int arg_debug;
		34	extern int arg_appimage;
34		35
35	// build_profile.c	36	// build_profile.c
36	void build_profile(int argc, char *argv, int index, FILE fp);	37	void build_profile(int argc, char *argv, int index, FILE fp);


diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c index 9e30ec539..aa49b2489 100644 --- a/src/fbuilder/main.c +++ b/src/fbuilder/main.c
@@ -19,6 +19,7 @@
19	*/	19	*/
20	#include "fbuilder.h"	20	#include "fbuilder.h"
21	int arg_debug = 0;	21	int arg_debug = 0;
		22	int arg_appimage = 0;
22		23
23	static void usage(void) {	24	static void usage(void) {
24	printf("Firejail profile builder\n");	25	printf("Firejail profile builder\n");
@@ -49,6 +50,8 @@ printf("\n");
49	}	50	}
50	else if (strcmp(argv[i], "--debug") == 0)	51	else if (strcmp(argv[i], "--debug") == 0)
51	arg_debug = 1;	52	arg_debug = 1;
		53	else if (strcmp(argv[i], "--appimage") == 0)
		54	arg_appimage = 1;
52	else if (strcmp(argv[i], "--build") == 0)	55	else if (strcmp(argv[i], "--build") == 0)
53	; // do nothing, this is passed down from firejail	56	; // do nothing, this is passed down from firejail
54	else if (strncmp(argv[i], "--build=", 8) == 0) {	57	else if (strncmp(argv[i], "--build=", 8) == 0) {