diff options
author | netblue30 <netblue30@yahoo.com> | 2017-10-22 08:14:04 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-10-22 08:14:04 -0400 |
commit | ba74462631d3411e12ede6943d61de1cb612779a (patch) | |
tree | 92e02af59ff95c0914e93d2b70668814950d6eba /src/fbuilder | |
parent | Merge branch 'master' of http://github.com/netblue30/firejail (diff) | |
download | firejail-ba74462631d3411e12ede6943d61de1cb612779a.tar.gz firejail-ba74462631d3411e12ede6943d61de1cb612779a.tar.zst firejail-ba74462631d3411e12ede6943d61de1cb612779a.zip |
add /usr/share whitelisting support in --build
Diffstat (limited to 'src/fbuilder')
-rw-r--r-- | src/fbuilder/build_fs.c | 31 | ||||
-rw-r--r-- | src/fbuilder/build_profile.c | 1 | ||||
-rw-r--r-- | src/fbuilder/fbuilder.h | 1 |
3 files changed, 33 insertions, 0 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 6f3907770..5e63c241a 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -171,6 +171,37 @@ void build_var(const char *fname) { | |||
171 | filedb_print(var_out, "whitelist "); | 171 | filedb_print(var_out, "whitelist "); |
172 | } | 172 | } |
173 | 173 | ||
174 | |||
175 | //******************************************* | ||
176 | // usr/share directory | ||
177 | //******************************************* | ||
178 | static FileDB *share_out = NULL; | ||
179 | static void share_callback(char *ptr) { | ||
180 | // extract the directory: | ||
181 | // "/usr/share/bash-completion/bash_completion" becomes "/usr/share/bash-completion" | ||
182 | assert(strncmp(ptr, "/usr/share", 10) == 0); | ||
183 | char *p1 = ptr + 10; | ||
184 | if (*p1 != '/') | ||
185 | return; | ||
186 | p1++; | ||
187 | char *p2 = strchr(p1, '/'); | ||
188 | if (p2) | ||
189 | *p2 = '\0'; | ||
190 | |||
191 | share_out = filedb_add(share_out, ptr); | ||
192 | } | ||
193 | |||
194 | void build_share(const char *fname) { | ||
195 | assert(fname); | ||
196 | |||
197 | process_files(fname, "/usr/share", share_callback); | ||
198 | |||
199 | if (share_out == NULL) | ||
200 | printf("blacklist /usr/share\n"); | ||
201 | else | ||
202 | filedb_print(share_out, "whitelist "); | ||
203 | } | ||
204 | |||
174 | //******************************************* | 205 | //******************************************* |
175 | // tmp directory | 206 | // tmp directory |
176 | //******************************************* | 207 | //******************************************* |
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index fbe48cd4b..6d6263035 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -140,6 +140,7 @@ void build_profile(int argc, char **argv, int index) { | |||
140 | build_etc(TRACE_OUTPUT); | 140 | build_etc(TRACE_OUTPUT); |
141 | build_var(TRACE_OUTPUT); | 141 | build_var(TRACE_OUTPUT); |
142 | build_bin(TRACE_OUTPUT); | 142 | build_bin(TRACE_OUTPUT); |
143 | build_share(TRACE_OUTPUT); | ||
143 | printf("\n"); | 144 | printf("\n"); |
144 | 145 | ||
145 | printf("### security filters\n"); | 146 | printf("### security filters\n"); |
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h index c448f3e06..401ae908e 100644 --- a/src/fbuilder/fbuilder.h +++ b/src/fbuilder/fbuilder.h | |||
@@ -43,6 +43,7 @@ void build_etc(const char *fname); | |||
43 | void build_var(const char *fname); | 43 | void build_var(const char *fname); |
44 | void build_tmp(const char *fname); | 44 | void build_tmp(const char *fname); |
45 | void build_dev(const char *fname); | 45 | void build_dev(const char *fname); |
46 | void build_share(const char *fname); | ||
46 | 47 | ||
47 | // build_bin.c | 48 | // build_bin.c |
48 | void build_bin(const char *fname); | 49 | void build_bin(const char *fname); |