Added symlink fixer. It fixes the profiles in order to give access to symlinked binaries (for example if sh -> dash and dash is not in private-bin, you can't use sh)

author: KOLANICH <kolan_n@mail.ru> 2016-12-18 03:23:21 +0300
committer: KOLANICH <kolan_n@mail.ru> 2016-12-18 03:23:21 +0300
commit: 8e75011239e95eb718e7f5baf800b33423aa39ba (patch)
tree: 5591aaa22e7f543c38a9662033886162965aac08 /etc/fix_private-bin_for_symlinked_sh.py
parent: profile updates (diff)
download: firejail-8e75011239e95eb718e7f5baf800b33423aa39ba.tar.gz
firejail-8e75011239e95eb718e7f5baf800b33423aa39ba.tar.zst
firejail-8e75011239e95eb718e7f5baf800b33423aa39ba.zip
1 files changed, 68 insertions, 0 deletions
diff --git a/etc/fix_private-bin_for_symlinked_sh.py b/etc/fix_private-bin_for_symlinked_sh.py
new file mode 100644
index 000000000..705e46e46
--- /dev/null
+++ b/etc/fix_private-bin_for_symlinked_sh.py
@@ -0,0 +1,68 @@
+#!/usr/bin/python3
+import sys, os, glob, re
+privRx=re.compile("^(?:#\s*)?private-bin")
+def fixSymlinkedBins(files, replMap):
+        rxs=dict()
+        for (old,new) in replMap.items():
+                rxs[old]=re.compile("\\b"+old+"\\b")
+                rxs[new]=re.compile("\\b"+new+"\\b")
+        print(rxs)
+        
+        for filename in files:
+                lines=None
+                with open(filename,"r") as file:
+                        lines=file.readlines()
+                
+                shouldUpdate=False
+                for (i,line) in enumerate(lines):
+                        if privRx.search(line):
+                                for (old,new) in replMap.items():
+                                        if rxs[old].search(line) and not rxs[new].search(line):
+                                                lines[i]=rxs[old].sub(old+","+new, line)
+                                                shouldUpdate=True
+                                                print(lines[i])
+                
+                if shouldUpdate:
+                        with open(filename,"w") as file:
+                                file.writelines(lines)
+                                pass
+def createListOfBinaries(files):
+        s=set()
+        for filename in files:
+                lines=None
+                with open(filename,"r") as file:
+                        for line in file:
+                                if privRx.search(line):
+                                        bins=line.split(",")
+                                        bins[0]=bins[0].split(" ")[-1]
+                                        bins = [n.strip() for n in bins]
+                                        s=s|set(bins)
+        return s
+def createSymlinkTable(binDirs, binariesSet):
+        m=dict()
+        for sh in binariesSet:
+                for bD in binDirs:
+                        p=bD+os.path.sep+sh
+                        if os.path.exists(p):
+                                if os.path.islink(p):
+                                        m[sh]=os.readlink(p)
+                                else:
+                                        pass
+                                break
+        return m
+sh="sh"
+binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"]
+profilesPath="."
+files=glob.glob(profilesPath+os.path.sep+"*.profile")
+bins=createListOfBinaries(files)
+stbl=createSymlinkTable(binDirs,bins)
+print(stbl)
+fixSymlinkedBins(files,{a[0]:a[1] for a in stbl.items() if a[0].find("/") < 0 and a[1].find("/")<0})
author	KOLANICH <kolan_n@mail.ru>	2016-12-18 03:23:21 +0300
committer	KOLANICH <kolan_n@mail.ru>	2016-12-18 03:23:21 +0300
commit	8e75011239e95eb718e7f5baf800b33423aa39ba (patch)
tree	5591aaa22e7f543c38a9662033886162965aac08 /etc/fix_private-bin_for_symlinked_sh.py
parent	profile updates (diff)
download	firejail-8e75011239e95eb718e7f5baf800b33423aa39ba.tar.gz firejail-8e75011239e95eb718e7f5baf800b33423aa39ba.tar.zst firejail-8e75011239e95eb718e7f5baf800b33423aa39ba.zip

diff --git a/etc/fix_private-bin_for_symlinked_sh.py b/etc/fix_private-bin_for_symlinked_sh.py new file mode 100644 index 000000000..705e46e46 --- /dev/null +++ b/etc/fix_private-bin_for_symlinked_sh.py
@@ -0,0 +1,68 @@
	1	#!/usr/bin/python3
	2
	3	import sys, os, glob, re
	4
	5	privRx=re.compile("^(?:#\s*)?private-bin")
	6
	7	def fixSymlinkedBins(files, replMap):
	8	rxs=dict()
	9	for (old,new) in replMap.items():
	10	rxs[old]=re.compile("\\b"+old+"\\b")
	11	rxs[new]=re.compile("\\b"+new+"\\b")
	12	print(rxs)
	13
	14	for filename in files:
	15	lines=None
	16	with open(filename,"r") as file:
	17	lines=file.readlines()
	18
	19	shouldUpdate=False
	20	for (i,line) in enumerate(lines):
	21	if privRx.search(line):
	22	for (old,new) in replMap.items():
	23	if rxs[old].search(line) and not rxs[new].search(line):
	24	lines[i]=rxs[old].sub(old+","+new, line)
	25	shouldUpdate=True
	26	print(lines[i])
	27
	28	if shouldUpdate:
	29	with open(filename,"w") as file:
	30	file.writelines(lines)
	31	pass
	32
	33	def createListOfBinaries(files):
	34	s=set()
	35	for filename in files:
	36	lines=None
	37	with open(filename,"r") as file:
	38	for line in file:
	39	if privRx.search(line):
	40	bins=line.split(",")
	41	bins[0]=bins[0].split(" ")[-1]
	42	bins = [n.strip() for n in bins]
	43	s=s\|set(bins)
	44	return s
	45
	46	def createSymlinkTable(binDirs, binariesSet):
	47	m=dict()
	48	for sh in binariesSet:
	49	for bD in binDirs:
	50	p=bD+os.path.sep+sh
	51	if os.path.exists(p):
	52	if os.path.islink(p):
	53	m[sh]=os.readlink(p)
	54	else:
	55	pass
	56	break
	57	return m
	58
	59
	60	sh="sh"
	61	binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"]
	62	profilesPath="."
	63	files=glob.glob(profilesPath+os.path.sep+"*.profile")
	64
	65	bins=createListOfBinaries(files)
	66	stbl=createSymlinkTable(binDirs,bins)
	67	print(stbl)
	68	fixSymlinkedBins(files,{a[0]:a[1] for a in stbl.items() if a[0].find("/") < 0 and a[1].find("/")<0})