diff options
| author |  netblue30 <netblue30@yahoo.com> | 2018-08-28 13:04:13 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2018-08-28 13:04:13 -0400 |
| commit | 8ce3b7ab971d6ab02463fd6c7591a73465526cb1 (patch) | |
| tree | 2df83450626433978a970dbae4fb38d84754600e /src/fbuilder/build_profile.c | |
| parent | memory leaks (diff) | |
| download | firejail-8ce3b7ab971d6ab02463fd6c7591a73465526cb1.tar.gz firejail-8ce3b7ab971d6ab02463fd6c7591a73465526cb1.tar.zst firejail-8ce3b7ab971d6ab02463fd6c7591a73465526cb1.zip | |
fbuider cleanup
Diffstat (limited to 'src/fbuilder/build_profile.c')
| -rw-r--r-- | src/fbuilder/build_profile.c | 36 |
1 files changed, 15 insertions, 21 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 79de7063f..74f0da226 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
| @@ -51,25 +51,20 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 51 | 51 | ||
| 52 | int tfile = mkstemp(trace_output); | 52 | int tfile = mkstemp(trace_output); |
| 53 | int stfile = mkstemp(strace_output); | 53 | int stfile = mkstemp(strace_output); |
| 54 | |||
| 55 | if(tfile == -1 || stfile == -1) | 54 | if(tfile == -1 || stfile == -1) |
| 56 | errExit("mkstemp"); | 55 | errExit("mkstemp"); |
| 57 | 56 | ||
| 58 | FILE *tp = fdopen(tfile, "r"); | 57 | // close the files, firejail/strace will overwrite them! |
| 58 | close(tfile); | ||
| 59 | close(stfile); | ||
| 59 | 60 | ||
| 60 | if (!tp) { | ||
| 61 | fprintf(stderr, "Error: cannot open %s\n", trace_output); | ||
| 62 | exit(1); | ||
| 63 | } | ||
| 64 | 61 | ||
| 65 | char *output; | 62 | char *output; |
| 66 | char *stroutput; | 63 | char *stroutput; |
| 67 | |||
| 68 | if(asprintf(&output,"--output=%s",trace_output) == -1) | 64 | if(asprintf(&output,"--output=%s",trace_output) == -1) |
| 69 | errExit("asprintf"); | 65 | errExit("asprintf"); |
| 70 | |||
| 71 | if(asprintf(&stroutput,"-o %s",strace_output) == -1) | 66 | if(asprintf(&stroutput,"-o %s",strace_output) == -1) |
| 72 | errExit("asprintf"); | 67 | errExit("asprintf"); |
| 73 | 68 | ||
| 74 | char *cmdlist[] = { | 69 | char *cmdlist[] = { |
| 75 | "/usr/bin/firejail", | 70 | "/usr/bin/firejail", |
| @@ -151,16 +146,16 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 151 | fprintf(fp, "\n"); | 146 | fprintf(fp, "\n"); |
| 152 | 147 | ||
| 153 | fprintf(fp, "### home directory whitelisting\n"); | 148 | fprintf(fp, "### home directory whitelisting\n"); |
| 154 | build_home(trace_output, tp, fp); | 149 | build_home(trace_output, fp); |
| 155 | fprintf(fp, "\n"); | 150 | fprintf(fp, "\n"); |
| 156 | 151 | ||
| 157 | fprintf(fp, "### filesystem\n"); | 152 | fprintf(fp, "### filesystem\n"); |
| 158 | build_tmp(trace_output, tp, fp); | 153 | build_tmp(trace_output, fp); |
| 159 | build_dev(trace_output, tp, fp); | 154 | build_dev(trace_output, fp); |
| 160 | build_etc(trace_output, tp, fp); | 155 | build_etc(trace_output, fp); |
| 161 | build_var(trace_output, tp, fp); | 156 | build_var(trace_output, fp); |
| 162 | build_bin(trace_output, tp, fp); | 157 | build_bin(trace_output, fp); |
| 163 | build_share(trace_output, tp, fp); | 158 | build_share(trace_output, fp); |
| 164 | fprintf(fp, "\n"); | 159 | fprintf(fp, "\n"); |
| 165 | 160 | ||
| 166 | fprintf(fp, "### security filters\n"); | 161 | fprintf(fp, "### security filters\n"); |
| @@ -168,7 +163,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 168 | fprintf(fp, "nonewprivs\n"); | 163 | fprintf(fp, "nonewprivs\n"); |
| 169 | fprintf(fp, "seccomp\n"); | 164 | fprintf(fp, "seccomp\n"); |
| 170 | if (have_strace) | 165 | if (have_strace) |
| 171 | build_seccomp(strace_output, stfile, fp); | 166 | build_seccomp(strace_output, fp); |
| 172 | else { | 167 | else { |
| 173 | fprintf(fp, "# If you install strace on your system, Firejail will also create a\n"); | 168 | fprintf(fp, "# If you install strace on your system, Firejail will also create a\n"); |
| 174 | fprintf(fp, "# whitelisted seccomp filter.\n"); | 169 | fprintf(fp, "# whitelisted seccomp filter.\n"); |
| @@ -176,13 +171,12 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 176 | fprintf(fp, "\n"); | 171 | fprintf(fp, "\n"); |
| 177 | 172 | ||
| 178 | fprintf(fp, "### network\n"); | 173 | fprintf(fp, "### network\n"); |
| 179 | build_protocol(trace_output, tfile, fp); | 174 | build_protocol(trace_output, fp); |
| 180 | fprintf(fp, "\n"); | 175 | fprintf(fp, "\n"); |
| 181 | 176 | ||
| 182 | fprintf(fp, "### environment\n"); | 177 | fprintf(fp, "### environment\n"); |
| 183 | fprintf(fp, "shell none\n"); | 178 | fprintf(fp, "shell none\n"); |
| 184 | 179 | ||
| 185 | fclose(tp); | ||
| 186 | unlink(trace_output); | 180 | unlink(trace_output); |
| 187 | unlink(strace_output); | 181 | unlink(strace_output); |
| 188 | 182 | ||