diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2018-11-19 17:45:11 -0600 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2018-11-19 17:45:11 -0600 |
commit | a179c7dc916b64aec79313b03b9e5fa976de2c85 (patch) | |
tree | c1528893a5c877bfcb0a42c97d7a64f41d51c891 /contrib/fix_private-bin.py | |
parent | Merge pull request #2265 from luzpaz/misc-typos (diff) | |
download | firejail-a179c7dc916b64aec79313b03b9e5fa976de2c85.tar.gz firejail-a179c7dc916b64aec79313b03b9e5fa976de2c85.tar.zst firejail-a179c7dc916b64aec79313b03b9e5fa976de2c85.zip |
Various python cleanups -- note fix_private-bin.py is (still) broken
Diffstat (limited to 'contrib/fix_private-bin.py')
-rwxr-xr-x | contrib/fix_private-bin.py | 206 |
1 files changed, 111 insertions, 95 deletions
diff --git a/contrib/fix_private-bin.py b/contrib/fix_private-bin.py index 613a945a8..65bfba52d 100755 --- a/contrib/fix_private-bin.py +++ b/contrib/fix_private-bin.py | |||
@@ -29,80 +29,84 @@ __license__ = "Unlicense" | |||
29 | 29 | ||
30 | import sys, os, glob, re | 30 | import sys, os, glob, re |
31 | 31 | ||
32 | privRx=re.compile("^(?:#\s*)?private-bin") | 32 | privRx = re.compile("^(?:#\s*)?private-bin") |
33 | |||
33 | 34 | ||
34 | def fixSymlinkedBins(files, replMap): | 35 | def fixSymlinkedBins(files, replMap): |
35 | """ | 36 | """ |
36 | Used to add filenames to private-bin directives of files if the ones present are mentioned in replMap | 37 | Used to add filenames to private-bin directives of files if the ones present are mentioned in replMap |
37 | replMap is a dict where key is the marker filename and value is the filename to add | 38 | replMap is a dict where key is the marker filename and value is the filename to add |
38 | """ | 39 | """ |
39 | 40 | ||
40 | rxs=dict() | 41 | rxs = dict() |
41 | for (old,new) in replMap.items(): | 42 | for (old, new) in replMap.items(): |
42 | rxs[old]=re.compile("\\b"+old+"\\b") | 43 | rxs[old] = re.compile("\\b" + old + "\\b") |
43 | rxs[new]=re.compile("\\b"+new+"\\b") | 44 | rxs[new] = re.compile("\\b" + new + "\\b") |
44 | #print(rxs) | 45 | #print(rxs) |
45 | 46 | ||
46 | for filename in files: | 47 | for filename in files: |
47 | lines=None | 48 | lines = None |
48 | with open(filename,"r") as file: | 49 | with open(filename, "r") as file: |
49 | lines=file.readlines() | 50 | lines = file.readlines() |
50 | 51 | ||
51 | shouldUpdate=False | 52 | shouldUpdate = False |
52 | for (i,line) in enumerate(lines): | 53 | for (i, line) in enumerate(lines): |
53 | if privRx.search(line): | 54 | if privRx.search(line): |
54 | for (old,new) in replMap.items(): | 55 | for (old, new) in replMap.items(): |
55 | if rxs[old].search(line) and not rxs[new].search(line): | 56 | if rxs[old].search(line) and not rxs[new].search(line): |
56 | lines[i]=rxs[old].sub(old+","+new, line) | 57 | lines[i] = rxs[old].sub(old + "," + new, line) |
57 | shouldUpdate=True | 58 | shouldUpdate = True |
58 | print(lines[i]) | 59 | print(lines[i]) |
59 | 60 | ||
60 | if shouldUpdate: | 61 | if shouldUpdate: |
61 | with open(filename,"w") as file: | 62 | with open(filename, "w") as file: |
62 | file.writelines(lines) | 63 | file.writelines(lines) |
63 | pass | 64 | pass |
65 | |||
64 | 66 | ||
65 | def createSetOfBinaries(files): | 67 | def createSetOfBinaries(files): |
66 | """ | 68 | """ |
67 | Creates a set of binaries mentioned in private-bin directives of files. | 69 | Creates a set of binaries mentioned in private-bin directives of files. |
68 | """ | 70 | """ |
69 | s=set() | 71 | s = set() |
70 | for filename in files: | 72 | for filename in files: |
71 | lines=None | 73 | lines = None |
72 | with open(filename,"r") as file: | 74 | with open(filename, "r") as file: |
73 | for line in file: | 75 | for line in file: |
74 | if privRx.search(line): | 76 | if privRx.search(line): |
75 | bins=line.split(",") | 77 | bins = line.split(",") |
76 | bins[0]=bins[0].split(" ")[-1] | 78 | bins[0] = bins[0].split(" ")[-1] |
77 | bins = [n.strip() for n in bins] | 79 | bins = [n.strip() for n in bins] |
78 | s=s|set(bins) | 80 | s = s | set(bins) |
79 | return s | 81 | return s |
82 | |||
80 | 83 | ||
81 | def createSymlinkTable(binDirs, binariesSet): | 84 | def createSymlinkTable(binDirs, binariesSet): |
82 | """ | 85 | """ |
83 | creates a dict of symlinked binaries in the system where a key is a symlink name and value is a symlinked binary. | 86 | creates a dict of symlinked binaries in the system where a key is a symlink name and value is a symlinked binary. |
84 | binDirs are folders to look into for binaries symlinks | 87 | binDirs are folders to look into for binaries symlinks |
85 | binariesSet is a set of binaries to be checked if they are actually a symlinks | 88 | binariesSet is a set of binaries to be checked if they are actually a symlinks |
86 | """ | 89 | """ |
87 | m=dict() | 90 | m = dict() |
88 | toProcess=binariesSet | 91 | toProcess = binariesSet |
89 | while len(toProcess)!=0: | 92 | while len(toProcess) != 0: |
90 | additional=set() | 93 | additional = set() |
91 | for sh in toProcess: | 94 | for sh in toProcess: |
92 | for bD in binDirs: | 95 | for bD in binDirs: |
93 | p=bD+os.path.sep+sh | 96 | p = bD + os.path.sep + sh |
94 | if os.path.exists(p): | 97 | if os.path.exists(p): |
95 | if os.path.islink(p): | 98 | if os.path.islink(p): |
96 | m[sh]=os.readlink(p) | 99 | m[sh] = os.readlink(p) |
97 | additional.add(m[sh].split(" ")[0]) | 100 | additional.add(m[sh].split(" ")[0]) |
98 | else: | 101 | else: |
99 | pass | 102 | pass |
100 | break | 103 | break |
101 | toProcess=additional | 104 | toProcess = additional |
102 | return m | 105 | return m |
106 | |||
103 | 107 | ||
104 | def doTheFixes(profilesPath, binDirs): | 108 | def doTheFixes(profilesPath, binDirs): |
105 | """ | 109 | """ |
106 | Fixes private-bin in .profiles for firejail. The pipeline is as follows: | 110 | Fixes private-bin in .profiles for firejail. The pipeline is as follows: |
107 | discover files -> discover mentioned binaries -> | 111 | discover files -> discover mentioned binaries -> |
108 | discover the ones which are symlinks -> | 112 | discover the ones which are symlinks -> |
@@ -110,48 +114,60 @@ def doTheFixes(profilesPath, binDirs): | |||
110 | filter the ones can be fixed (we cannot fix the ones which are not in directories for binaries) -> | 114 | filter the ones can be fixed (we cannot fix the ones which are not in directories for binaries) -> |
111 | apply fix | 115 | apply fix |
112 | """ | 116 | """ |
113 | files=glob.glob(profilesPath+os.path.sep+"*.profile") | 117 | files = glob.glob(profilesPath + os.path.sep + "*.profile") |
114 | bins=createSetOfBinaries(files) | 118 | bins = createSetOfBinaries(files) |
115 | #print("The binaries used are:") | 119 | #print("The binaries used are:") |
116 | #print(bins) | 120 | #print(bins) |
117 | stbl=createSymlinkTable(binDirs,bins) | 121 | stbl = createSymlinkTable(binDirs, bins) |
118 | print("The replacement table is:") | 122 | print("The replacement table is:") |
119 | print(stbl) | 123 | print(stbl) |
120 | stbl={a[0]:a[1] for a in stbl.items() if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep)<0} | 124 | stbl = { |
121 | print("Filtered replacement table is:") | 125 | a[0]: a[1] |
122 | print(stbl) | 126 | for a in stbl.items() |
123 | fixSymlinkedBins(files,stbl) | 127 | if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep) < 0 |
128 | } | ||
129 | print("Filtered replacement table is:") | ||
130 | print(stbl) | ||
131 | fixSymlinkedBins(files, stbl) | ||
132 | |||
124 | 133 | ||
125 | def printHelp(): | 134 | def printHelp(): |
126 | print("python3 "+os.path.basename(__file__)+" <dir with .profile files>\nThe default dir is "+defaultProfilesPath+"\n"+doTheFixes.__doc__) | 135 | print("python3 " + os.path.basename(__file__) + |
136 | " <dir with .profile files>\nThe default dir is " + | ||
137 | defaultProfilesPath + "\n" + doTheFixes.__doc__) | ||
138 | |||
127 | 139 | ||
128 | def main(): | 140 | def main(): |
129 | """The main function. Parses the commandline args, shows messages and calles the function actually doing the work.""" | 141 | """The main function. Parses the commandline args, shows messages and calles the function actually doing the work.""" |
130 | print(repr(sys.argv)) | 142 | print(repr(sys.argv)) |
131 | defaultProfilesPath="../etc" | 143 | defaultProfilesPath = "../etc" |
132 | if len(sys.argv)>2 or (len(sys.argv)==2 and (sys.argv[1] == '-h' or sys.argv[1] == '--help') ): | 144 | if len(sys.argv) > 2 or (len(sys.argv) == 2 and |
133 | printHelp() | 145 | (sys.argv[1] == '-h' or sys.argv[1] == '--help')): |
134 | exit(1) | 146 | printHelp() |
135 | 147 | exit(1) | |
136 | profilesPath=None | 148 | |
137 | if len(sys.argv)==2: | 149 | profilesPath = None |
138 | if os.path.isdir(sys.argv[1]): | 150 | if len(sys.argv) == 2: |
139 | profilesPath=os.path.abspath(sys.argv[1]) | 151 | if os.path.isdir(sys.argv[1]): |
140 | else: | 152 | profilesPath = os.path.abspath(sys.argv[1]) |
141 | if os.path.exists(sys.argv[1]): | 153 | else: |
142 | print(sys.argv[1]+" is not a dir") | 154 | if os.path.exists(sys.argv[1]): |
143 | else: | 155 | print(sys.argv[1] + " is not a dir") |
144 | print(sys.argv[1]+" does not exist") | 156 | else: |
145 | printHelp() | 157 | print(sys.argv[1] + " does not exist") |
146 | exit(1) | 158 | printHelp() |
147 | else: | 159 | exit(1) |
148 | print("Using default profiles dir: " + defaultProfilesPath) | 160 | else: |
149 | profilesPath=defaultProfilesPath | 161 | print("Using default profiles dir: " + defaultProfilesPath) |
150 | 162 | profilesPath = defaultProfilesPath | |
151 | binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"] | 163 | |
152 | print("Binaries dirs are:") | 164 | binDirs = [ |
153 | print(binDirs) | 165 | "/bin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/usr/local/sbin" |
154 | doTheFixes(profilesPath, binDirs) | 166 | ] |
167 | print("Binaries dirs are:") | ||
168 | print(binDirs) | ||
169 | doTheFixes(profilesPath, binDirs) | ||
170 | |||
155 | 171 | ||
156 | if __name__ == "__main__": | 172 | if __name__ == "__main__": |
157 | main() | 173 | main() |