diff options
author | netblue30 <netblue30@yahoo.com> | 2017-10-22 11:09:50 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-10-22 11:09:50 -0400 |
commit | ba231088e6bd8e4c52e372f7a4d2928ee7bf223a (patch) | |
tree | 614f1fbcbdaa6ae5ac6a2148bd13cb6073b263e7 /src/fbuilder/build_profile.c | |
parent | --build fixes (diff) | |
download | firejail-ba231088e6bd8e4c52e372f7a4d2928ee7bf223a.tar.gz firejail-ba231088e6bd8e4c52e372f7a4d2928ee7bf223a.tar.zst firejail-ba231088e6bd8e4c52e372f7a4d2928ee7bf223a.zip |
--build: save the resulting profile in a file
Diffstat (limited to 'src/fbuilder/build_profile.c')
-rw-r--r-- | src/fbuilder/build_profile.c | 74 |
1 files changed, 37 insertions, 37 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 6d6263035..de9f79232 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -56,7 +56,7 @@ static void clear_tmp_files(void) { | |||
56 | 56 | ||
57 | } | 57 | } |
58 | 58 | ||
59 | void build_profile(int argc, char **argv, int index) { | 59 | void build_profile(int argc, char **argv, int index, FILE *fp) { |
60 | // next index is the application name | 60 | // next index is the application name |
61 | if (index >= argc) { | 61 | if (index >= argc) { |
62 | fprintf(stderr, "Error: application name missing\n"); | 62 | fprintf(stderr, "Error: application name missing\n"); |
@@ -116,51 +116,51 @@ void build_profile(int argc, char **argv, int index) { | |||
116 | 116 | ||
117 | if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { | 117 | if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { |
118 | printf("\n\n\n"); | 118 | printf("\n\n\n"); |
119 | printf("############################################\n"); | 119 | fprintf(fp, "############################################\n"); |
120 | printf("# %s profile\n", argv[index]); | 120 | fprintf(fp, "# %s profile\n", argv[index]); |
121 | printf("############################################\n"); | 121 | fprintf(fp, "############################################\n"); |
122 | printf("# Persistent global definitions\n"); | 122 | fprintf(fp, "# Persistent global definitions\n"); |
123 | printf("# include /etc/firejail/globals.local\n"); | 123 | fprintf(fp, "# include /etc/firejail/globals.local\n"); |
124 | printf("\n"); | 124 | fprintf(fp, "\n"); |
125 | 125 | ||
126 | printf("### basic blacklisting\n"); | 126 | fprintf(fp, "### basic blacklisting\n"); |
127 | printf("include /etc/firejail/disable-common.inc\n"); | 127 | fprintf(fp, "include /etc/firejail/disable-common.inc\n"); |
128 | printf("# include /etc/firejail/disable-devel.inc\n"); | 128 | fprintf(fp, "# include /etc/firejail/disable-devel.inc\n"); |
129 | printf("include /etc/firejail/disable-passwdmgr.inc\n"); | 129 | fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n"); |
130 | printf("# include /etc/firejail/disable-programs.inc\n"); | 130 | fprintf(fp, "# include /etc/firejail/disable-programs.inc\n"); |
131 | printf("\n"); | 131 | fprintf(fp, "\n"); |
132 | 132 | ||
133 | printf("### home directory whitelisting\n"); | 133 | fprintf(fp, "### home directory whitelisting\n"); |
134 | build_home(TRACE_OUTPUT); | 134 | build_home(TRACE_OUTPUT, fp); |
135 | printf("\n"); | 135 | fprintf(fp, "\n"); |
136 | 136 | ||
137 | printf("### filesystem\n"); | 137 | fprintf(fp, "### filesystem\n"); |
138 | build_tmp(TRACE_OUTPUT); | 138 | build_tmp(TRACE_OUTPUT, fp); |
139 | build_dev(TRACE_OUTPUT); | 139 | build_dev(TRACE_OUTPUT, fp); |
140 | build_etc(TRACE_OUTPUT); | 140 | build_etc(TRACE_OUTPUT, fp); |
141 | build_var(TRACE_OUTPUT); | 141 | build_var(TRACE_OUTPUT, fp); |
142 | build_bin(TRACE_OUTPUT); | 142 | build_bin(TRACE_OUTPUT, fp); |
143 | build_share(TRACE_OUTPUT); | 143 | build_share(TRACE_OUTPUT, fp); |
144 | printf("\n"); | 144 | fprintf(fp, "\n"); |
145 | 145 | ||
146 | printf("### security filters\n"); | 146 | fprintf(fp, "### security filters\n"); |
147 | printf("caps.drop all\n"); | 147 | fprintf(fp, "caps.drop all\n"); |
148 | printf("nonewprivs\n"); | 148 | fprintf(fp, "nonewprivs\n"); |
149 | printf("seccomp\n"); | 149 | fprintf(fp, "seccomp\n"); |
150 | if (have_strace) | 150 | if (have_strace) |
151 | build_seccomp(STRACE_OUTPUT); | 151 | build_seccomp(STRACE_OUTPUT, fp); |
152 | else { | 152 | else { |
153 | printf("# If you install strace on your system, Firejail will also create a\n"); | 153 | fprintf(fp, "# If you install strace on your system, Firejail will also create a\n"); |
154 | printf("# whitelisted seccomp filter.\n"); | 154 | fprintf(fp, "# whitelisted seccomp filter.\n"); |
155 | } | 155 | } |
156 | printf("\n"); | 156 | fprintf(fp, "\n"); |
157 | 157 | ||
158 | printf("### network\n"); | 158 | fprintf(fp, "### network\n"); |
159 | build_protocol(TRACE_OUTPUT); | 159 | build_protocol(TRACE_OUTPUT, fp); |
160 | printf("\n"); | 160 | fprintf(fp, "\n"); |
161 | 161 | ||
162 | printf("### environment\n"); | 162 | fprintf(fp, "### environment\n"); |
163 | printf("shell none\n"); | 163 | fprintf(fp, "shell none\n"); |
164 | 164 | ||
165 | } | 165 | } |
166 | else { | 166 | else { |