diff options
author | netblue30 <netblue30@yahoo.com> | 2017-10-22 08:14:04 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-10-22 08:14:04 -0400 |
commit | ba74462631d3411e12ede6943d61de1cb612779a (patch) | |
tree | 92e02af59ff95c0914e93d2b70668814950d6eba /src/fbuilder/build_fs.c | |
parent | Merge branch 'master' of http://github.com/netblue30/firejail (diff) | |
download | firejail-ba74462631d3411e12ede6943d61de1cb612779a.tar.gz firejail-ba74462631d3411e12ede6943d61de1cb612779a.tar.zst firejail-ba74462631d3411e12ede6943d61de1cb612779a.zip |
add /usr/share whitelisting support in --build
Diffstat (limited to 'src/fbuilder/build_fs.c')
-rw-r--r-- | src/fbuilder/build_fs.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 6f3907770..5e63c241a 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -171,6 +171,37 @@ void build_var(const char *fname) { | |||
171 | filedb_print(var_out, "whitelist "); | 171 | filedb_print(var_out, "whitelist "); |
172 | } | 172 | } |
173 | 173 | ||
174 | |||
175 | //******************************************* | ||
176 | // usr/share directory | ||
177 | //******************************************* | ||
178 | static FileDB *share_out = NULL; | ||
179 | static void share_callback(char *ptr) { | ||
180 | // extract the directory: | ||
181 | // "/usr/share/bash-completion/bash_completion" becomes "/usr/share/bash-completion" | ||
182 | assert(strncmp(ptr, "/usr/share", 10) == 0); | ||
183 | char *p1 = ptr + 10; | ||
184 | if (*p1 != '/') | ||
185 | return; | ||
186 | p1++; | ||
187 | char *p2 = strchr(p1, '/'); | ||
188 | if (p2) | ||
189 | *p2 = '\0'; | ||
190 | |||
191 | share_out = filedb_add(share_out, ptr); | ||
192 | } | ||
193 | |||
194 | void build_share(const char *fname) { | ||
195 | assert(fname); | ||
196 | |||
197 | process_files(fname, "/usr/share", share_callback); | ||
198 | |||
199 | if (share_out == NULL) | ||
200 | printf("blacklist /usr/share\n"); | ||
201 | else | ||
202 | filedb_print(share_out, "whitelist "); | ||
203 | } | ||
204 | |||
174 | //******************************************* | 205 | //******************************************* |
175 | // tmp directory | 206 | // tmp directory |
176 | //******************************************* | 207 | //******************************************* |