diff options
| author |  Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-11-19 15:02:42 -0600 |
|---|---|---|
| committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-11-19 15:02:42 -0600 |
| commit | b936e5ab77dfa0b54b2f6f6dd53762a8244e4230 (patch) | |
| tree | edb7237ba54d7c2a85a8531c8901d6466c5e0e4d /src/fbuilder/build_profile.c | |
| parent | More qtox profile tightening (diff) | |
| download | firejail-b936e5ab77dfa0b54b2f6f6dd53762a8244e4230.tar.gz firejail-b936e5ab77dfa0b54b2f6f6dd53762a8244e4230.tar.zst firejail-b936e5ab77dfa0b54b2f6f6dd53762a8244e4230.zip | |
strip trailing whitespace
Diffstat (limited to 'src/fbuilder/build_profile.c')
| -rw-r--r-- | src/fbuilder/build_profile.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index de9f79232..5fead41c5 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
| @@ -43,7 +43,7 @@ static char *cmdlist[] = { | |||
| 43 | static void clear_tmp_files(void) { | 43 | static void clear_tmp_files(void) { |
| 44 | unlink(STRACE_OUTPUT); | 44 | unlink(STRACE_OUTPUT); |
| 45 | unlink(TRACE_OUTPUT); | 45 | unlink(TRACE_OUTPUT); |
| 46 | 46 | ||
| 47 | // run all the rest | 47 | // run all the rest |
| 48 | int i; | 48 | int i; |
| 49 | for (i = 1; i <= 5; i++) { | 49 | for (i = 1; i <= 5; i++) { |
| @@ -62,22 +62,22 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 62 | fprintf(stderr, "Error: application name missing\n"); | 62 | fprintf(stderr, "Error: application name missing\n"); |
| 63 | exit(1); | 63 | exit(1); |
| 64 | } | 64 | } |
| 65 | 65 | ||
| 66 | // clean /tmp files | 66 | // clean /tmp files |
| 67 | clear_tmp_files(); | 67 | clear_tmp_files(); |
| 68 | 68 | ||
| 69 | // detect strace | 69 | // detect strace |
| 70 | int have_strace = 0; | 70 | int have_strace = 0; |
| 71 | if (access("/usr/bin/strace", X_OK) == 0) | 71 | if (access("/usr/bin/strace", X_OK) == 0) |
| 72 | have_strace = 1; | 72 | have_strace = 1; |
| 73 | 73 | ||
| 74 | // calculate command length | 74 | // calculate command length |
| 75 | unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1; | 75 | unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1; |
| 76 | if (arg_debug) | 76 | if (arg_debug) |
| 77 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); | 77 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); |
| 78 | char *cmd[len]; | 78 | char *cmd[len]; |
| 79 | cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error | 79 | cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error |
| 80 | 80 | ||
| 81 | // build command | 81 | // build command |
| 82 | unsigned i = 0; | 82 | unsigned i = 0; |
| 83 | for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) { | 83 | for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) { |
| @@ -97,7 +97,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 97 | for (i = 0; i < len; i++) | 97 | for (i = 0; i < len; i++) |
| 98 | printf("\t%s\n", cmd[i]); | 98 | printf("\t%s\n", cmd[i]); |
| 99 | } | 99 | } |
| 100 | 100 | ||
| 101 | // fork and execute | 101 | // fork and execute |
| 102 | pid_t child = fork(); | 102 | pid_t child = fork(); |
| 103 | if (child == -1) | 103 | if (child == -1) |
| @@ -108,7 +108,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 108 | (void) rv; | 108 | (void) rv; |
| 109 | errExit("execv"); | 109 | errExit("execv"); |
| 110 | } | 110 | } |
| 111 | 111 | ||
| 112 | // wait for all processes to finish | 112 | // wait for all processes to finish |
| 113 | int status; | 113 | int status; |
| 114 | if (waitpid(child, &status, 0) != child) | 114 | if (waitpid(child, &status, 0) != child) |
| @@ -122,18 +122,18 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 122 | fprintf(fp, "# Persistent global definitions\n"); | 122 | fprintf(fp, "# Persistent global definitions\n"); |
| 123 | fprintf(fp, "# include /etc/firejail/globals.local\n"); | 123 | fprintf(fp, "# include /etc/firejail/globals.local\n"); |
| 124 | fprintf(fp, "\n"); | 124 | fprintf(fp, "\n"); |
| 125 | 125 | ||
| 126 | fprintf(fp, "### basic blacklisting\n"); | 126 | fprintf(fp, "### basic blacklisting\n"); |
| 127 | fprintf(fp, "include /etc/firejail/disable-common.inc\n"); | 127 | fprintf(fp, "include /etc/firejail/disable-common.inc\n"); |
| 128 | fprintf(fp, "# include /etc/firejail/disable-devel.inc\n"); | 128 | fprintf(fp, "# include /etc/firejail/disable-devel.inc\n"); |
| 129 | fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n"); | 129 | fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n"); |
| 130 | fprintf(fp, "# include /etc/firejail/disable-programs.inc\n"); | 130 | fprintf(fp, "# include /etc/firejail/disable-programs.inc\n"); |
| 131 | fprintf(fp, "\n"); | 131 | fprintf(fp, "\n"); |
| 132 | 132 | ||
| 133 | fprintf(fp, "### home directory whitelisting\n"); | 133 | fprintf(fp, "### home directory whitelisting\n"); |
| 134 | build_home(TRACE_OUTPUT, fp); | 134 | build_home(TRACE_OUTPUT, fp); |
| 135 | fprintf(fp, "\n"); | 135 | fprintf(fp, "\n"); |
| 136 | 136 | ||
| 137 | fprintf(fp, "### filesystem\n"); | 137 | fprintf(fp, "### filesystem\n"); |
| 138 | build_tmp(TRACE_OUTPUT, fp); | 138 | build_tmp(TRACE_OUTPUT, fp); |
| 139 | build_dev(TRACE_OUTPUT, fp); | 139 | build_dev(TRACE_OUTPUT, fp); |
| @@ -158,7 +158,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 158 | fprintf(fp, "### network\n"); | 158 | fprintf(fp, "### network\n"); |
| 159 | build_protocol(TRACE_OUTPUT, fp); | 159 | build_protocol(TRACE_OUTPUT, fp); |
| 160 | fprintf(fp, "\n"); | 160 | fprintf(fp, "\n"); |
| 161 | 161 | ||
| 162 | fprintf(fp, "### environment\n"); | 162 | fprintf(fp, "### environment\n"); |
| 163 | fprintf(fp, "shell none\n"); | 163 | fprintf(fp, "shell none\n"); |
| 164 | 164 | ||