diff options
author | netblue30 <netblue30@protonmail.com> | 2021-05-04 16:46:54 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-05-04 16:46:54 -0400 |
commit | 8988842c1bec4a41c09591e47771bf30247a5539 (patch) | |
tree | 274a62e6959ee23dee1084edb21b3abc6ae9f657 /src/fbuilder/build_fs.c | |
parent | Merge pull request #4209 from davidebeatrici/private-dev-input-support-and-no... (diff) | |
download | firejail-8988842c1bec4a41c09591e47771bf30247a5539.tar.gz firejail-8988842c1bec4a41c09591e47771bf30247a5539.tar.zst firejail-8988842c1bec4a41c09591e47771bf30247a5539.zip |
--build fixes
Diffstat (limited to 'src/fbuilder/build_fs.c')
-rw-r--r-- | src/fbuilder/build_fs.c | 129 |
1 files changed, 101 insertions, 28 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index ac0cd455a..b35380b96 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -177,6 +177,74 @@ void build_var(const char *fname, FILE *fp) { | |||
177 | //******************************************* | 177 | //******************************************* |
178 | // usr/share directory | 178 | // usr/share directory |
179 | //******************************************* | 179 | //******************************************* |
180 | // todo: load the list from whitelist-usr-share-common.inc | ||
181 | static char *share_skip[] = { | ||
182 | "/usr/share/alsa", | ||
183 | "/usr/share/applications", | ||
184 | "/usr/share/ca-certificates", | ||
185 | "/usr/share/crypto-policies", | ||
186 | "/usr/share/cursors", | ||
187 | "/usr/share/dconf", | ||
188 | "/usr/share/distro-info", | ||
189 | "/usr/share/drirc.d", | ||
190 | "/usr/share/enchant", | ||
191 | "/usr/share/enchant-2", | ||
192 | "/usr/share/file", | ||
193 | "/usr/share/fontconfig", | ||
194 | "/usr/share/fonts", | ||
195 | "/usr/share/fonts-config", | ||
196 | "/usr/share/gir-1.0", | ||
197 | "/usr/share/gjs-1.0", | ||
198 | "/usr/share/glib-2.0", | ||
199 | "/usr/share/glvnd", | ||
200 | "/usr/share/gtk-2.0", | ||
201 | "/usr/share/gtk-3.0", | ||
202 | "/usr/share/gtk-engines", | ||
203 | "/usr/share/gtksourceview-3.0", | ||
204 | "/usr/share/gtksourceview-4", | ||
205 | "/usr/share/hunspell", | ||
206 | "/usr/share/hwdata", | ||
207 | "/usr/share/icons", | ||
208 | "/usr/share/icu", | ||
209 | "/usr/share/knotifications5", | ||
210 | "/usr/share/kservices5", | ||
211 | "/usr/share/Kvantum", | ||
212 | "/usr/share/kxmlgui5", | ||
213 | "/usr/share/libdrm", | ||
214 | "/usr/share/libthai", | ||
215 | "/usr/share/locale", | ||
216 | "/usr/share/mime", | ||
217 | "/usr/share/misc", | ||
218 | "/usr/share/Modules", | ||
219 | "/usr/share/myspell", | ||
220 | "/usr/share/p11-kit", | ||
221 | "/usr/share/perl", | ||
222 | "/usr/share/perl5", | ||
223 | "/usr/share/pixmaps", | ||
224 | "/usr/share/pki", | ||
225 | "/usr/share/plasma", | ||
226 | "/usr/share/publicsuffix", | ||
227 | "/usr/share/qt", | ||
228 | "/usr/share/qt4", | ||
229 | "/usr/share/qt5", | ||
230 | "/usr/share/qt5ct", | ||
231 | "/usr/share/sounds", | ||
232 | "/usr/share/tcl8.6", | ||
233 | "/usr/share/tcltk", | ||
234 | "/usr/share/terminfo", | ||
235 | "/usr/share/texlive", | ||
236 | "/usr/share/texmf", | ||
237 | "/usr/share/themes", | ||
238 | "/usr/share/thumbnail.so", | ||
239 | "/usr/share/uim", | ||
240 | "/usr/share/vulkan", | ||
241 | "/usr/share/X11", | ||
242 | "/usr/share/xml", | ||
243 | "/usr/share/zenity", | ||
244 | "/usr/share/zoneinfo", | ||
245 | NULL | ||
246 | }; | ||
247 | |||
180 | static FileDB *share_out = NULL; | 248 | static FileDB *share_out = NULL; |
181 | static void share_callback(char *ptr) { | 249 | static void share_callback(char *ptr) { |
182 | // extract the directory: | 250 | // extract the directory: |
@@ -195,8 +263,17 @@ static void share_callback(char *ptr) { | |||
195 | if (p2) | 263 | if (p2) |
196 | *p2 = '\0'; | 264 | *p2 = '\0'; |
197 | 265 | ||
198 | // store the file | 266 | int i = 0; |
199 | share_out = filedb_add(share_out, ptr); | 267 | int found = 0; |
268 | while (share_skip[i]) { | ||
269 | if (strncmp(ptr, share_skip[i], strlen(share_skip[i])) == 0) { | ||
270 | found = 1; | ||
271 | break; | ||
272 | } | ||
273 | i++; | ||
274 | } | ||
275 | if (!found) | ||
276 | share_out = filedb_add(share_out, ptr); | ||
200 | } | 277 | } |
201 | 278 | ||
202 | void build_share(const char *fname, FILE *fp) { | 279 | void build_share(const char *fname, FILE *fp) { |
@@ -252,40 +329,36 @@ void build_tmp(const char *fname, FILE *fp) { | |||
252 | // dev directory | 329 | // dev directory |
253 | //******************************************* | 330 | //******************************************* |
254 | static char *dev_skip[] = { | 331 | static char *dev_skip[] = { |
332 | "/dev/stdin", | ||
333 | "/dev/stdout", | ||
334 | "/dev/stderr", | ||
255 | "/dev/zero", | 335 | "/dev/zero", |
256 | "/dev/null", | 336 | "/dev/null", |
257 | "/dev/full", | 337 | "/dev/full", |
258 | "/dev/random", | 338 | "/dev/random", |
259 | "/dev/urandom", | 339 | "/dev/urandom", |
340 | "/dev/sr0", | ||
341 | "/dev/cdrom", | ||
342 | "/dev/cdrw", | ||
343 | "/dev/dvd", | ||
344 | "/dev/dvdrw", | ||
345 | "/dev/fd", | ||
346 | "/dev/pts", | ||
347 | "/dev/ptmx", | ||
348 | "/dev/log", | ||
349 | |||
350 | "/dev/aload", // old ALSA devices, not covered in private-dev | ||
351 | "/dev/dsp", // old OSS device, deprecated | ||
352 | |||
260 | "/dev/tty", | 353 | "/dev/tty", |
261 | "/dev/snd", | 354 | "/dev/snd", |
262 | "/dev/dri", | 355 | "/dev/dri", |
263 | "/dev/pts", | 356 | "/dev/nvidia", |
264 | "/dev/nvidia0", | 357 | "/dev/video", |
265 | "/dev/nvidia1", | ||
266 | "/dev/nvidia2", | ||
267 | "/dev/nvidia3", | ||
268 | "/dev/nvidia4", | ||
269 | "/dev/nvidia5", | ||
270 | "/dev/nvidia6", | ||
271 | "/dev/nvidia7", | ||
272 | "/dev/nvidia8", | ||
273 | "/dev/nvidia9", | ||
274 | "/dev/nvidiactl", | ||
275 | "/dev/nvidia-modeset", | ||
276 | "/dev/nvidia-uvm", | ||
277 | "/dev/video0", | ||
278 | "/dev/video1", | ||
279 | "/dev/video2", | ||
280 | "/dev/video3", | ||
281 | "/dev/video4", | ||
282 | "/dev/video5", | ||
283 | "/dev/video6", | ||
284 | "/dev/video7", | ||
285 | "/dev/video8", | ||
286 | "/dev/video9", | ||
287 | "/dev/dvb", | 358 | "/dev/dvb", |
288 | "/dev/sr0", | 359 | "/dev/hidraw", |
360 | "/dev/usb", | ||
361 | "/dev/input", | ||
289 | NULL | 362 | NULL |
290 | }; | 363 | }; |
291 | 364 | ||
@@ -295,7 +368,7 @@ static void dev_callback(char *ptr) { | |||
295 | int i = 0; | 368 | int i = 0; |
296 | int found = 0; | 369 | int found = 0; |
297 | while (dev_skip[i]) { | 370 | while (dev_skip[i]) { |
298 | if (strcmp(ptr, dev_skip[i]) == 0) { | 371 | if (strncmp(ptr, dev_skip[i], strlen(dev_skip[i])) == 0) { |
299 | found = 1; | 372 | found = 1; |
300 | break; | 373 | break; |
301 | } | 374 | } |