diff options
author | netblue30 <netblue30@protonmail.com> | 2021-05-03 20:01:45 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-05-03 20:01:45 -0400 |
commit | 7025b182f108655d267c06da287718f659018f4e (patch) | |
tree | bef2d2af24b3474d9e8edb1253e0d0c897dabae3 /src/fbuilder | |
parent | support older gstreamer setups in xfce4-mixer (#4234) (diff) | |
download | firejail-7025b182f108655d267c06da287718f659018f4e.tar.gz firejail-7025b182f108655d267c06da287718f659018f4e.tar.zst firejail-7025b182f108655d267c06da287718f659018f4e.zip |
--build fixes
Diffstat (limited to 'src/fbuilder')
-rw-r--r-- | src/fbuilder/build_bin.c | 2 | ||||
-rw-r--r-- | src/fbuilder/build_fs.c | 12 | ||||
-rw-r--r-- | src/fbuilder/build_home.c | 2 | ||||
-rw-r--r-- | src/fbuilder/build_profile.c | 23 |
4 files changed, 20 insertions, 19 deletions
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c index 96bd351f3..431aebee6 100644 --- a/src/fbuilder/build_bin.c +++ b/src/fbuilder/build_bin.c | |||
@@ -121,6 +121,6 @@ void build_bin(const char *fname, FILE *fp) { | |||
121 | ptr = ptr->next; | 121 | ptr = ptr->next; |
122 | } | 122 | } |
123 | fprintf(fp, "\n"); | 123 | fprintf(fp, "\n"); |
124 | fprintf(fp, "# private-lib\n"); | 124 | fprintf(fp, "#private-lib\n"); |
125 | } | 125 | } |
126 | } | 126 | } |
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 495f71ab8..ac0cd455a 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -220,6 +220,10 @@ static void tmp_callback(char *ptr) { | |||
220 | // skip strace file | 220 | // skip strace file |
221 | if (strncmp(ptr, "/tmp/firejail-strace", 20) == 0) | 221 | if (strncmp(ptr, "/tmp/firejail-strace", 20) == 0) |
222 | return; | 222 | return; |
223 | if (strncmp(ptr, "/tmp/runtime-", 13) == 0) | ||
224 | return; | ||
225 | if (strcmp(ptr, "/tmp") == 0) | ||
226 | return; | ||
223 | 227 | ||
224 | tmp_out = filedb_add(tmp_out, ptr); | 228 | tmp_out = filedb_add(tmp_out, ptr); |
225 | } | 229 | } |
@@ -232,8 +236,7 @@ void build_tmp(const char *fname, FILE *fp) { | |||
232 | if (tmp_out == NULL) | 236 | if (tmp_out == NULL) |
233 | fprintf(fp, "private-tmp\n"); | 237 | fprintf(fp, "private-tmp\n"); |
234 | else { | 238 | else { |
235 | fprintf(fp, "\n"); | 239 | fprintf(fp, "#private-tmp\n"); |
236 | fprintf(fp, "# private-tmp\n"); | ||
237 | fprintf(fp, "# File accessed in /tmp directory:\n"); | 240 | fprintf(fp, "# File accessed in /tmp directory:\n"); |
238 | fprintf(fp, "# "); | 241 | fprintf(fp, "# "); |
239 | FileDB *ptr = tmp_out; | 242 | FileDB *ptr = tmp_out; |
@@ -310,9 +313,8 @@ void build_dev(const char *fname, FILE *fp) { | |||
310 | if (dev_out == NULL) | 313 | if (dev_out == NULL) |
311 | fprintf(fp, "private-dev\n"); | 314 | fprintf(fp, "private-dev\n"); |
312 | else { | 315 | else { |
313 | fprintf(fp, "\n"); | 316 | fprintf(fp, "#private-dev\n"); |
314 | fprintf(fp, "# private-dev\n"); | 317 | fprintf(fp, "# This is the list of devices accessed on top of regular private-dev devices:\n"); |
315 | fprintf(fp, "# This is the list of devices accessed (on top of regular private-dev devices:\n"); | ||
316 | fprintf(fp, "# "); | 318 | fprintf(fp, "# "); |
317 | FileDB *ptr = dev_out; | 319 | FileDB *ptr = dev_out; |
318 | while (ptr) { | 320 | while (ptr) { |
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c index 683009b71..d7706282a 100644 --- a/src/fbuilder/build_home.c +++ b/src/fbuilder/build_home.c | |||
@@ -141,7 +141,7 @@ void process_home(const char *fname, char *home, int home_len) { | |||
141 | } | 141 | } |
142 | 142 | ||
143 | // skip files and directories in whitelist-common.inc | 143 | // skip files and directories in whitelist-common.inc |
144 | if (filedb_find(db_skip, toadd)) { | 144 | if (strlen(toadd) == 0 || filedb_find(db_skip, toadd)) { |
145 | if (dir) | 145 | if (dir) |
146 | free(dir); | 146 | free(dir); |
147 | continue; | 147 | continue; |
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 96a83954d..0c1b57384 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -150,12 +150,12 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
150 | 150 | ||
151 | fprintf(fp, "### basic blacklisting\n"); | 151 | fprintf(fp, "### basic blacklisting\n"); |
152 | fprintf(fp, "include disable-common.inc\n"); | 152 | fprintf(fp, "include disable-common.inc\n"); |
153 | fprintf(fp, "# include disable-devel.inc\n"); | 153 | fprintf(fp, "#include disable-devel.inc\n"); |
154 | fprintf(fp, "# include disable-exec.inc\n"); | 154 | fprintf(fp, "#include disable-exec.inc\n"); |
155 | fprintf(fp, "# include disable-interpreters.inc\n"); | 155 | fprintf(fp, "#include disable-interpreters.inc\n"); |
156 | fprintf(fp, "include disable-passwdmgr.inc\n"); | 156 | fprintf(fp, "include disable-passwdmgr.inc\n"); |
157 | fprintf(fp, "# include disable-programs.inc\n"); | 157 | fprintf(fp, "#include disable-programs.inc\n"); |
158 | fprintf(fp, "# include disable-xdg.inc\n"); | 158 | fprintf(fp, "#include disable-xdg.inc\n"); |
159 | fprintf(fp, "\n"); | 159 | fprintf(fp, "\n"); |
160 | 160 | ||
161 | fprintf(fp, "### home directory whitelisting\n"); | 161 | fprintf(fp, "### home directory whitelisting\n"); |
@@ -163,18 +163,17 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
163 | fprintf(fp, "\n"); | 163 | fprintf(fp, "\n"); |
164 | 164 | ||
165 | fprintf(fp, "### filesystem\n"); | 165 | fprintf(fp, "### filesystem\n"); |
166 | fprintf(fp, "# /usr/share:\n"); | 166 | fprintf(fp, "### /usr/share:\n"); |
167 | build_share(trace_output, fp); | 167 | build_share(trace_output, fp); |
168 | fprintf(fp, "# /var:\n"); | 168 | fprintf(fp, "### /var:\n"); |
169 | build_var(trace_output, fp); | 169 | build_var(trace_output, fp); |
170 | fprintf(fp, "\n"); | 170 | fprintf(fp, "### /bin:\n"); |
171 | fprintf(fp, "# $PATH:\n"); | ||
172 | build_bin(trace_output, fp); | 171 | build_bin(trace_output, fp); |
173 | fprintf(fp, "# /dev:\n"); | 172 | fprintf(fp, "### /dev:\n"); |
174 | build_dev(trace_output, fp); | 173 | build_dev(trace_output, fp); |
175 | fprintf(fp, "# /etc:\n"); | 174 | fprintf(fp, "### /etc:\n"); |
176 | build_etc(trace_output, fp); | 175 | build_etc(trace_output, fp); |
177 | fprintf(fp, "# /tmp:\n"); | 176 | fprintf(fp, "### /tmp:\n"); |
178 | build_tmp(trace_output, fp); | 177 | build_tmp(trace_output, fp); |
179 | fprintf(fp, "\n"); | 178 | fprintf(fp, "\n"); |
180 | 179 | ||