diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-10-26 15:24:21 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-10-29 11:00:06 +0200 |
commit | 0aa66649efa11e9c3c4d341f8a42f2eef8e942de (patch) | |
tree | 0fb38be7b45d5c1b91197372795829779363c40c /ci/check/profiles | |
parent | Sort src/firecfg/firecfg.config (diff) | |
download | firejail-0aa66649efa11e9c3c4d341f8a42f2eef8e942de.tar.gz firejail-0aa66649efa11e9c3c4d341f8a42f2eef8e942de.tar.zst firejail-0aa66649efa11e9c3c4d341f8a42f2eef8e942de.zip |
Add Profile Checks
Diffstat (limited to 'ci/check/profiles')
-rwxr-xr-x | ci/check/profiles/private-etc-always-required.sh | 15 | ||||
-rwxr-xr-x | ci/check/profiles/sort-disable-programs.sh | 2 | ||||
-rwxr-xr-x | ci/check/profiles/sort-firecfg.config.sh | 2 | ||||
l--------- | ci/check/profiles/sort.py | 1 |
4 files changed, 20 insertions, 0 deletions
diff --git a/ci/check/profiles/private-etc-always-required.sh b/ci/check/profiles/private-etc-always-required.sh new file mode 100755 index 000000000..892b15aa4 --- /dev/null +++ b/ci/check/profiles/private-etc-always-required.sh | |||
@@ -0,0 +1,15 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | ALWAYS_REQUIRED=(alternatives ld.so.cache ld.so.preload) | ||
4 | |||
5 | error=0 | ||
6 | while IFS=: read -r profile private_etc; do | ||
7 | for required in "${ALWAYS_REQUIRED[@]}"; do | ||
8 | if grep -q -v -E "( |,)$required(,|$)" <<<"$private_etc"; then | ||
9 | printf '%s misses %s\n' "$profile" "$required" >&2 | ||
10 | error=1 | ||
11 | fi | ||
12 | done | ||
13 | done < <(grep "^private-etc " "$@") | ||
14 | |||
15 | exit "$error" | ||
diff --git a/ci/check/profiles/sort-disable-programs.sh b/ci/check/profiles/sort-disable-programs.sh new file mode 100755 index 000000000..d81ee75d7 --- /dev/null +++ b/ci/check/profiles/sort-disable-programs.sh | |||
@@ -0,0 +1,2 @@ | |||
1 | #!/bin/sh | ||
2 | tail -n +5 "$1" | LC_ALL=C sort -c -u | ||
diff --git a/ci/check/profiles/sort-firecfg.config.sh b/ci/check/profiles/sort-firecfg.config.sh new file mode 100755 index 000000000..17a595350 --- /dev/null +++ b/ci/check/profiles/sort-firecfg.config.sh | |||
@@ -0,0 +1,2 @@ | |||
1 | #!/bin/sh | ||
2 | tail -n +4 "$1" | sed 's/^# /#/' | LC_ALL=C sort -c -d | ||
diff --git a/ci/check/profiles/sort.py b/ci/check/profiles/sort.py new file mode 120000 index 000000000..e1f3f5f16 --- /dev/null +++ b/ci/check/profiles/sort.py | |||
@@ -0,0 +1 @@ | |||
../../../contrib/sort.py \ No newline at end of file | |||