diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-08-30 06:45:17 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-08-30 06:45:17 -0400 |
| commit | cad73e6df6927b10040121d6a969d16ccf356f58 (patch) | |
| tree | e8245a93fb3f9d370a8bc6b5e4786c1bca1b8011 | |
| parent | fixing manpages (diff) | |
| parent | Rewrite globbing code to fix various minor issues (diff) | |
| download | firejail-cad73e6df6927b10040121d6a969d16ccf356f58.tar.gz firejail-cad73e6df6927b10040121d6a969d16ccf356f58.tar.zst firejail-cad73e6df6927b10040121d6a969d16ccf356f58.zip | |
Merge pull request #48 from sarneaud/glob
Rewrite globbing code to fix various minor issues
| -rw-r--r-- | etc/disable-history.inc | 9 | ||||
| -rw-r--r-- | src/firejail/fs.c | 32 |
2 files changed, 19 insertions, 22 deletions
diff --git a/etc/disable-history.inc b/etc/disable-history.inc index 66261c1cf..7a91df828 100644 --- a/etc/disable-history.inc +++ b/etc/disable-history.inc | |||
| @@ -1,10 +1,3 @@ | |||
| 1 | # History files in $HOME | 1 | # History files in $HOME |
| 2 | blacklist ${HOME}/.history | 2 | blacklist ${HOME}/.history |
| 3 | blacklist ${HOME}/.bash_history | 3 | blacklist ${HOME}/.*_history |
| 4 | blacklist ${HOME}/.zsh_history | ||
| 5 | blacklist ${HOME}/.ksh_history | ||
| 6 | blacklist ${HOME}/.sh_history | ||
| 7 | blacklist ${HOME}/.nano_history | ||
| 8 | blacklist ${HOME}/.python_history | ||
| 9 | blacklist ${HOME}/.mysql_history | ||
| 10 | blacklist ${HOME}/.pgsql_history \ No newline at end of file | ||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 1e74257eb..14b7c1f01 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
| @@ -197,24 +197,28 @@ static void disable_file(OPERATION op, const char *filename, const char *emptydi | |||
| 197 | free(fname); | 197 | free(fname); |
| 198 | } | 198 | } |
| 199 | 199 | ||
| 200 | static void globbing(OPERATION op, const char *fname, const char *emptydir, const char *emptyfile) { | 200 | // Treat pattern as a shell glob pattern and blacklist matching files |
| 201 | assert(fname); | 201 | static void globbing(OPERATION op, const char *pattern, const char *emptydir, const char *emptyfile) { |
| 202 | assert(pattern); | ||
| 202 | assert(emptydir); | 203 | assert(emptydir); |
| 203 | assert(emptyfile); | 204 | assert(emptyfile); |
| 204 | 205 | ||
| 205 | // filename globbing: expand * macro and continue processing for every single file | 206 | glob_t globbuf; |
| 206 | if (strchr(fname, '*')) { | 207 | // Profiles contain blacklists for files that might not exist on a user's machine. |
| 207 | glob_t globbuf; | 208 | // GLOB_NOCHECK makes that okay. |
| 208 | globbuf.gl_offs = 0; | 209 | int globerr = glob(pattern, GLOB_NOCHECK | GLOB_NOSORT, NULL, &globbuf); |
| 209 | glob(fname, GLOB_DOOFFS, NULL, &globbuf); | 210 | if (globerr) { |
| 210 | unsigned int i; | 211 | fprintf(stderr, "Error: failed to glob pattern %s\n", pattern); |
| 211 | for (i = 0; i < globbuf.gl_pathc; i++) { | 212 | return; |
| 212 | assert(globbuf.gl_pathv[i]); | ||
| 213 | disable_file(op, globbuf.gl_pathv[i], emptydir, emptyfile); | ||
| 214 | } | ||
| 215 | } | 213 | } |
| 216 | else | 214 | |
| 217 | disable_file(op, fname, emptydir, emptyfile); | 215 | size_t i; |
| 216 | for (i = 0; i < globbuf.gl_pathc; i++) { | ||
| 217 | char* match = globbuf.gl_pathv[i]; | ||
| 218 | assert(match); | ||
| 219 | disable_file(op, match, emptydir, emptyfile); | ||
| 220 | } | ||
| 221 | globfree(&globbuf); | ||
| 218 | } | 222 | } |
| 219 | 223 | ||
| 220 | static void expand_path(OPERATION op, const char *path, const char *fname, const char *emptydir, const char *emptyfile) { | 224 | static void expand_path(OPERATION op, const char *path, const char *fname, const char *emptydir, const char *emptyfile) { |