diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-11-19 15:02:42 -0600 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-11-19 15:02:42 -0600 |
commit | b936e5ab77dfa0b54b2f6f6dd53762a8244e4230 (patch) | |
tree | edb7237ba54d7c2a85a8531c8901d6466c5e0e4d /src/fbuilder | |
parent | More qtox profile tightening (diff) | |
download | firejail-b936e5ab77dfa0b54b2f6f6dd53762a8244e4230.tar.gz firejail-b936e5ab77dfa0b54b2f6f6dd53762a8244e4230.tar.zst firejail-b936e5ab77dfa0b54b2f6f6dd53762a8244e4230.zip |
strip trailing whitespace
Diffstat (limited to 'src/fbuilder')
-rw-r--r-- | src/fbuilder/build_bin.c | 12 | ||||
-rw-r--r-- | src/fbuilder/build_fs.c | 34 | ||||
-rw-r--r-- | src/fbuilder/build_home.c | 30 | ||||
-rw-r--r-- | src/fbuilder/build_profile.c | 22 | ||||
-rw-r--r-- | src/fbuilder/build_seccomp.c | 22 | ||||
-rw-r--r-- | src/fbuilder/fbuilder.h | 2 | ||||
-rw-r--r-- | src/fbuilder/filedb.c | 10 | ||||
-rw-r--r-- | src/fbuilder/main.c | 8 | ||||
-rw-r--r-- | src/fbuilder/utils.c | 6 |
9 files changed, 73 insertions, 73 deletions
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c index fb92fb630..b69e089c3 100644 --- a/src/fbuilder/build_bin.c +++ b/src/fbuilder/build_bin.c | |||
@@ -23,21 +23,21 @@ static FileDB *bin_out = NULL; | |||
23 | 23 | ||
24 | static void process_bin(const char *fname) { | 24 | static void process_bin(const char *fname) { |
25 | assert(fname); | 25 | assert(fname); |
26 | 26 | ||
27 | // process trace file | 27 | // process trace file |
28 | FILE *fp = fopen(fname, "r"); | 28 | FILE *fp = fopen(fname, "r"); |
29 | if (!fp) { | 29 | if (!fp) { |
30 | fprintf(stderr, "Error: cannot open %s\n", fname); | 30 | fprintf(stderr, "Error: cannot open %s\n", fname); |
31 | exit(1); | 31 | exit(1); |
32 | } | 32 | } |
33 | 33 | ||
34 | char buf[MAX_BUF]; | 34 | char buf[MAX_BUF]; |
35 | while (fgets(buf, MAX_BUF, fp)) { | 35 | while (fgets(buf, MAX_BUF, fp)) { |
36 | // remove \n | 36 | // remove \n |
37 | char *ptr = strchr(buf, '\n'); | 37 | char *ptr = strchr(buf, '\n'); |
38 | if (ptr) | 38 | if (ptr) |
39 | *ptr = '\0'; | 39 | *ptr = '\0'; |
40 | 40 | ||
41 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 | 41 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 |
42 | // number followed by : | 42 | // number followed by : |
43 | ptr = buf; | 43 | ptr = buf; |
@@ -89,7 +89,7 @@ static void process_bin(const char *fname) { | |||
89 | 89 | ||
90 | bin_out = filedb_add(bin_out, ptr); | 90 | bin_out = filedb_add(bin_out, ptr); |
91 | } | 91 | } |
92 | 92 | ||
93 | fclose(fp); | 93 | fclose(fp); |
94 | } | 94 | } |
95 | 95 | ||
@@ -97,10 +97,10 @@ static void process_bin(const char *fname) { | |||
97 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 | 97 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 |
98 | void build_bin(const char *fname, FILE *fp) { | 98 | void build_bin(const char *fname, FILE *fp) { |
99 | assert(fname); | 99 | assert(fname); |
100 | 100 | ||
101 | // run fname | 101 | // run fname |
102 | process_bin(fname); | 102 | process_bin(fname); |
103 | 103 | ||
104 | // run all the rest | 104 | // run all the rest |
105 | struct stat s; | 105 | struct stat s; |
106 | int i; | 106 | int i; |
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index f1a27a35a..3f685623e 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -25,23 +25,23 @@ static void process_file(const char *fname, const char *dir, void (*callback)(ch | |||
25 | assert(fname); | 25 | assert(fname); |
26 | assert(dir); | 26 | assert(dir); |
27 | assert(callback); | 27 | assert(callback); |
28 | 28 | ||
29 | int dir_len = strlen(dir); | 29 | int dir_len = strlen(dir); |
30 | 30 | ||
31 | // process trace file | 31 | // process trace file |
32 | FILE *fp = fopen(fname, "r"); | 32 | FILE *fp = fopen(fname, "r"); |
33 | if (!fp) { | 33 | if (!fp) { |
34 | fprintf(stderr, "Error: cannot open %s\n", fname); | 34 | fprintf(stderr, "Error: cannot open %s\n", fname); |
35 | exit(1); | 35 | exit(1); |
36 | } | 36 | } |
37 | 37 | ||
38 | char buf[MAX_BUF]; | 38 | char buf[MAX_BUF]; |
39 | while (fgets(buf, MAX_BUF, fp)) { | 39 | while (fgets(buf, MAX_BUF, fp)) { |
40 | // remove \n | 40 | // remove \n |
41 | char *ptr = strchr(buf, '\n'); | 41 | char *ptr = strchr(buf, '\n'); |
42 | if (ptr) | 42 | if (ptr) |
43 | *ptr = '\0'; | 43 | *ptr = '\0'; |
44 | 44 | ||
45 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 | 45 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 |
46 | // number followed by : | 46 | // number followed by : |
47 | ptr = buf; | 47 | ptr = buf; |
@@ -78,10 +78,10 @@ static void process_file(const char *fname, const char *dir, void (*callback)(ch | |||
78 | if (!ptr2) | 78 | if (!ptr2) |
79 | continue; | 79 | continue; |
80 | *ptr2 = '\0'; | 80 | *ptr2 = '\0'; |
81 | 81 | ||
82 | callback(ptr); | 82 | callback(ptr); |
83 | } | 83 | } |
84 | 84 | ||
85 | fclose(fp); | 85 | fclose(fp); |
86 | } | 86 | } |
87 | 87 | ||
@@ -90,10 +90,10 @@ static void process_files(const char *fname, const char *dir, void (*callback)(c | |||
90 | assert(fname); | 90 | assert(fname); |
91 | assert(dir); | 91 | assert(dir); |
92 | assert(callback); | 92 | assert(callback); |
93 | 93 | ||
94 | // run fname | 94 | // run fname |
95 | process_file(fname, dir, callback); | 95 | process_file(fname, dir, callback); |
96 | 96 | ||
97 | // run all the rest | 97 | // run all the rest |
98 | struct stat s; | 98 | struct stat s; |
99 | int i; | 99 | int i; |
@@ -127,9 +127,9 @@ static void etc_callback(char *ptr) { | |||
127 | 127 | ||
128 | void build_etc(const char *fname, FILE *fp) { | 128 | void build_etc(const char *fname, FILE *fp) { |
129 | assert(fname); | 129 | assert(fname); |
130 | 130 | ||
131 | process_files(fname, "/etc", etc_callback); | 131 | process_files(fname, "/etc", etc_callback); |
132 | 132 | ||
133 | fprintf(fp, "private-etc "); | 133 | fprintf(fp, "private-etc "); |
134 | if (etc_out == NULL) | 134 | if (etc_out == NULL) |
135 | fprintf(fp, "none\n"); | 135 | fprintf(fp, "none\n"); |
@@ -140,7 +140,7 @@ void build_etc(const char *fname, FILE *fp) { | |||
140 | ptr = ptr->next; | 140 | ptr = ptr->next; |
141 | } | 141 | } |
142 | fprintf(fp, "\n"); | 142 | fprintf(fp, "\n"); |
143 | } | 143 | } |
144 | } | 144 | } |
145 | 145 | ||
146 | //******************************************* | 146 | //******************************************* |
@@ -164,7 +164,7 @@ void build_var(const char *fname, FILE *fp) { | |||
164 | assert(fname); | 164 | assert(fname); |
165 | 165 | ||
166 | process_files(fname, "/var", var_callback); | 166 | process_files(fname, "/var", var_callback); |
167 | 167 | ||
168 | if (var_out == NULL) | 168 | if (var_out == NULL) |
169 | fprintf(fp, "blacklist /var\n"); | 169 | fprintf(fp, "blacklist /var\n"); |
170 | else | 170 | else |
@@ -218,9 +218,9 @@ static void tmp_callback(char *ptr) { | |||
218 | 218 | ||
219 | void build_tmp(const char *fname, FILE *fp) { | 219 | void build_tmp(const char *fname, FILE *fp) { |
220 | assert(fname); | 220 | assert(fname); |
221 | 221 | ||
222 | process_files(fname, "/tmp", tmp_callback); | 222 | process_files(fname, "/tmp", tmp_callback); |
223 | 223 | ||
224 | if (tmp_out == NULL) | 224 | if (tmp_out == NULL) |
225 | fprintf(fp, "private-tmp\n"); | 225 | fprintf(fp, "private-tmp\n"); |
226 | else { | 226 | else { |
@@ -247,7 +247,7 @@ static char *dev_skip[] = { | |||
247 | "/dev/random", | 247 | "/dev/random", |
248 | "/dev/urandom", | 248 | "/dev/urandom", |
249 | "/dev/tty", | 249 | "/dev/tty", |
250 | "/dev/snd", | 250 | "/dev/snd", |
251 | "/dev/dri", | 251 | "/dev/dri", |
252 | "/dev/pts", | 252 | "/dev/pts", |
253 | "/dev/nvidia0", | 253 | "/dev/nvidia0", |
@@ -296,9 +296,9 @@ static void dev_callback(char *ptr) { | |||
296 | 296 | ||
297 | void build_dev(const char *fname, FILE *fp) { | 297 | void build_dev(const char *fname, FILE *fp) { |
298 | assert(fname); | 298 | assert(fname); |
299 | 299 | ||
300 | process_files(fname, "/dev", dev_callback); | 300 | process_files(fname, "/dev", dev_callback); |
301 | 301 | ||
302 | if (dev_out == NULL) | 302 | if (dev_out == NULL) |
303 | fprintf(fp, "private-dev\n"); | 303 | fprintf(fp, "private-dev\n"); |
304 | else { | 304 | else { |
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c index 9bbd2c258..18bf5d702 100644 --- a/src/fbuilder/build_home.c +++ b/src/fbuilder/build_home.c | |||
@@ -29,7 +29,7 @@ static void load_whitelist_common(void) { | |||
29 | fprintf(stderr, "Error: cannot open whitelist-common.inc\n"); | 29 | fprintf(stderr, "Error: cannot open whitelist-common.inc\n"); |
30 | exit(1); | 30 | exit(1); |
31 | } | 31 | } |
32 | 32 | ||
33 | char buf[MAX_BUF]; | 33 | char buf[MAX_BUF]; |
34 | while (fgets(buf, MAX_BUF, fp)) { | 34 | while (fgets(buf, MAX_BUF, fp)) { |
35 | if (strncmp(buf, "whitelist ~/", 12) != 0) | 35 | if (strncmp(buf, "whitelist ~/", 12) != 0) |
@@ -39,33 +39,33 @@ static void load_whitelist_common(void) { | |||
39 | if (!ptr) | 39 | if (!ptr) |
40 | continue; | 40 | continue; |
41 | *ptr = '\0'; | 41 | *ptr = '\0'; |
42 | 42 | ||
43 | // add the file to skip list | 43 | // add the file to skip list |
44 | db_skip = filedb_add(db_skip, fn); | 44 | db_skip = filedb_add(db_skip, fn); |
45 | } | 45 | } |
46 | 46 | ||
47 | fclose(fp); | 47 | fclose(fp); |
48 | } | 48 | } |
49 | 49 | ||
50 | void process_home(const char *fname, char *home, int home_len) { | 50 | void process_home(const char *fname, char *home, int home_len) { |
51 | assert(fname); | 51 | assert(fname); |
52 | assert(home); | 52 | assert(home); |
53 | assert(home_len); | 53 | assert(home_len); |
54 | 54 | ||
55 | // process trace file | 55 | // process trace file |
56 | FILE *fp = fopen(fname, "r"); | 56 | FILE *fp = fopen(fname, "r"); |
57 | if (!fp) { | 57 | if (!fp) { |
58 | fprintf(stderr, "Error: cannot open %s\n", fname); | 58 | fprintf(stderr, "Error: cannot open %s\n", fname); |
59 | exit(1); | 59 | exit(1); |
60 | } | 60 | } |
61 | 61 | ||
62 | char buf[MAX_BUF]; | 62 | char buf[MAX_BUF]; |
63 | while (fgets(buf, MAX_BUF, fp)) { | 63 | while (fgets(buf, MAX_BUF, fp)) { |
64 | // remove \n | 64 | // remove \n |
65 | char *ptr = strchr(buf, '\n'); | 65 | char *ptr = strchr(buf, '\n'); |
66 | if (ptr) | 66 | if (ptr) |
67 | *ptr = '\0'; | 67 | *ptr = '\0'; |
68 | 68 | ||
69 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 | 69 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 |
70 | // number followed by : | 70 | // number followed by : |
71 | ptr = buf; | 71 | ptr = buf; |
@@ -107,8 +107,8 @@ void process_home(const char *fname, char *home, int home_len) { | |||
107 | if (strcmp(ptr, home) == 0) | 107 | if (strcmp(ptr, home) == 0) |
108 | continue; | 108 | continue; |
109 | ptr += home_len + 1; | 109 | ptr += home_len + 1; |
110 | 110 | ||
111 | // skip files handled automatically by firejail | 111 | // skip files handled automatically by firejail |
112 | if (strcmp(ptr, ".Xauthority") == 0 || | 112 | if (strcmp(ptr, ".Xauthority") == 0 || |
113 | strcmp(ptr, ".Xdefaults-debian") == 0 || | 113 | strcmp(ptr, ".Xdefaults-debian") == 0 || |
114 | strncmp(ptr, ".config/pulse/", 13) == 0 || | 114 | strncmp(ptr, ".config/pulse/", 13) == 0 || |
@@ -116,8 +116,8 @@ void process_home(const char *fname, char *home, int home_len) { | |||
116 | strncmp(ptr, ".bash_hist", 10) == 0 || | 116 | strncmp(ptr, ".bash_hist", 10) == 0 || |
117 | strcmp(ptr, ".bashrc") == 0) | 117 | strcmp(ptr, ".bashrc") == 0) |
118 | continue; | 118 | continue; |
119 | 119 | ||
120 | 120 | ||
121 | // try to find the relevant directory for this file | 121 | // try to find the relevant directory for this file |
122 | char *dir = extract_dir(ptr); | 122 | char *dir = extract_dir(ptr); |
123 | char *toadd = (dir)? dir: ptr; | 123 | char *toadd = (dir)? dir: ptr; |
@@ -160,7 +160,7 @@ void process_home(const char *fname, char *home, int home_len) { | |||
160 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 | 160 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 |
161 | void build_home(const char *fname, FILE *fp) { | 161 | void build_home(const char *fname, FILE *fp) { |
162 | assert(fname); | 162 | assert(fname); |
163 | 163 | ||
164 | // load whitelist common | 164 | // load whitelist common |
165 | load_whitelist_common(); | 165 | load_whitelist_common(); |
166 | 166 | ||
@@ -172,10 +172,10 @@ void build_home(const char *fname, FILE *fp) { | |||
172 | if (!home) | 172 | if (!home) |
173 | errExit("getpwuid"); | 173 | errExit("getpwuid"); |
174 | int home_len = strlen(home); | 174 | int home_len = strlen(home); |
175 | 175 | ||
176 | // run fname | 176 | // run fname |
177 | process_home(fname, home, home_len); | 177 | process_home(fname, home, home_len); |
178 | 178 | ||
179 | // run all the rest | 179 | // run all the rest |
180 | struct stat s; | 180 | struct stat s; |
181 | int i; | 181 | int i; |
@@ -187,7 +187,7 @@ void build_home(const char *fname, FILE *fp) { | |||
187 | process_home(newname, home, home_len); | 187 | process_home(newname, home, home_len); |
188 | free(newname); | 188 | free(newname); |
189 | } | 189 | } |
190 | 190 | ||
191 | // print the out list if any | 191 | // print the out list if any |
192 | if (db_out) { | 192 | if (db_out) { |
193 | filedb_print(db_out, "whitelist ~/", fp); | 193 | filedb_print(db_out, "whitelist ~/", fp); |
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index de9f79232..5fead41c5 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -43,7 +43,7 @@ static char *cmdlist[] = { | |||
43 | static void clear_tmp_files(void) { | 43 | static void clear_tmp_files(void) { |
44 | unlink(STRACE_OUTPUT); | 44 | unlink(STRACE_OUTPUT); |
45 | unlink(TRACE_OUTPUT); | 45 | unlink(TRACE_OUTPUT); |
46 | 46 | ||
47 | // run all the rest | 47 | // run all the rest |
48 | int i; | 48 | int i; |
49 | for (i = 1; i <= 5; i++) { | 49 | for (i = 1; i <= 5; i++) { |
@@ -62,22 +62,22 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
62 | fprintf(stderr, "Error: application name missing\n"); | 62 | fprintf(stderr, "Error: application name missing\n"); |
63 | exit(1); | 63 | exit(1); |
64 | } | 64 | } |
65 | 65 | ||
66 | // clean /tmp files | 66 | // clean /tmp files |
67 | clear_tmp_files(); | 67 | clear_tmp_files(); |
68 | 68 | ||
69 | // detect strace | 69 | // detect strace |
70 | int have_strace = 0; | 70 | int have_strace = 0; |
71 | if (access("/usr/bin/strace", X_OK) == 0) | 71 | if (access("/usr/bin/strace", X_OK) == 0) |
72 | have_strace = 1; | 72 | have_strace = 1; |
73 | 73 | ||
74 | // calculate command length | 74 | // calculate command length |
75 | unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1; | 75 | unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1; |
76 | if (arg_debug) | 76 | if (arg_debug) |
77 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); | 77 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); |
78 | char *cmd[len]; | 78 | char *cmd[len]; |
79 | cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error | 79 | cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error |
80 | 80 | ||
81 | // build command | 81 | // build command |
82 | unsigned i = 0; | 82 | unsigned i = 0; |
83 | for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) { | 83 | for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) { |
@@ -97,7 +97,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
97 | for (i = 0; i < len; i++) | 97 | for (i = 0; i < len; i++) |
98 | printf("\t%s\n", cmd[i]); | 98 | printf("\t%s\n", cmd[i]); |
99 | } | 99 | } |
100 | 100 | ||
101 | // fork and execute | 101 | // fork and execute |
102 | pid_t child = fork(); | 102 | pid_t child = fork(); |
103 | if (child == -1) | 103 | if (child == -1) |
@@ -108,7 +108,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
108 | (void) rv; | 108 | (void) rv; |
109 | errExit("execv"); | 109 | errExit("execv"); |
110 | } | 110 | } |
111 | 111 | ||
112 | // wait for all processes to finish | 112 | // wait for all processes to finish |
113 | int status; | 113 | int status; |
114 | if (waitpid(child, &status, 0) != child) | 114 | if (waitpid(child, &status, 0) != child) |
@@ -122,18 +122,18 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
122 | fprintf(fp, "# Persistent global definitions\n"); | 122 | fprintf(fp, "# Persistent global definitions\n"); |
123 | fprintf(fp, "# include /etc/firejail/globals.local\n"); | 123 | fprintf(fp, "# include /etc/firejail/globals.local\n"); |
124 | fprintf(fp, "\n"); | 124 | fprintf(fp, "\n"); |
125 | 125 | ||
126 | fprintf(fp, "### basic blacklisting\n"); | 126 | fprintf(fp, "### basic blacklisting\n"); |
127 | fprintf(fp, "include /etc/firejail/disable-common.inc\n"); | 127 | fprintf(fp, "include /etc/firejail/disable-common.inc\n"); |
128 | fprintf(fp, "# include /etc/firejail/disable-devel.inc\n"); | 128 | fprintf(fp, "# include /etc/firejail/disable-devel.inc\n"); |
129 | fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n"); | 129 | fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n"); |
130 | fprintf(fp, "# include /etc/firejail/disable-programs.inc\n"); | 130 | fprintf(fp, "# include /etc/firejail/disable-programs.inc\n"); |
131 | fprintf(fp, "\n"); | 131 | fprintf(fp, "\n"); |
132 | 132 | ||
133 | fprintf(fp, "### home directory whitelisting\n"); | 133 | fprintf(fp, "### home directory whitelisting\n"); |
134 | build_home(TRACE_OUTPUT, fp); | 134 | build_home(TRACE_OUTPUT, fp); |
135 | fprintf(fp, "\n"); | 135 | fprintf(fp, "\n"); |
136 | 136 | ||
137 | fprintf(fp, "### filesystem\n"); | 137 | fprintf(fp, "### filesystem\n"); |
138 | build_tmp(TRACE_OUTPUT, fp); | 138 | build_tmp(TRACE_OUTPUT, fp); |
139 | build_dev(TRACE_OUTPUT, fp); | 139 | build_dev(TRACE_OUTPUT, fp); |
@@ -158,7 +158,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
158 | fprintf(fp, "### network\n"); | 158 | fprintf(fp, "### network\n"); |
159 | build_protocol(TRACE_OUTPUT, fp); | 159 | build_protocol(TRACE_OUTPUT, fp); |
160 | fprintf(fp, "\n"); | 160 | fprintf(fp, "\n"); |
161 | 161 | ||
162 | fprintf(fp, "### environment\n"); | 162 | fprintf(fp, "### environment\n"); |
163 | fprintf(fp, "shell none\n"); | 163 | fprintf(fp, "shell none\n"); |
164 | 164 | ||
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c index 63f37e34a..85190f0f2 100644 --- a/src/fbuilder/build_seccomp.c +++ b/src/fbuilder/build_seccomp.c | |||
@@ -23,13 +23,13 @@ | |||
23 | void build_seccomp(const char *fname, FILE *fp) { | 23 | void build_seccomp(const char *fname, FILE *fp) { |
24 | assert(fname); | 24 | assert(fname); |
25 | assert(fp); | 25 | assert(fp); |
26 | 26 | ||
27 | FILE *fp2 = fopen(fname, "r"); | 27 | FILE *fp2 = fopen(fname, "r"); |
28 | if (!fp2) { | 28 | if (!fp2) { |
29 | fprintf(stderr, "Error: cannot open %s\n", fname); | 29 | fprintf(stderr, "Error: cannot open %s\n", fname); |
30 | exit(1); | 30 | exit(1); |
31 | } | 31 | } |
32 | 32 | ||
33 | char buf[MAX_BUF]; | 33 | char buf[MAX_BUF]; |
34 | int line = 1; | 34 | int line = 1; |
35 | int position = 0; | 35 | int position = 0; |
@@ -39,7 +39,7 @@ void build_seccomp(const char *fname, FILE *fp) { | |||
39 | char *ptr = strchr(buf, '\n'); | 39 | char *ptr = strchr(buf, '\n'); |
40 | if (ptr) | 40 | if (ptr) |
41 | *ptr = '\0'; | 41 | *ptr = '\0'; |
42 | 42 | ||
43 | // first line: | 43 | // first line: |
44 | //% time seconds usecs/call calls errors syscall | 44 | //% time seconds usecs/call calls errors syscall |
45 | if (line == 1) { | 45 | if (line == 1) { |
@@ -61,7 +61,7 @@ void build_seccomp(const char *fname, FILE *fp) { | |||
61 | // get out on the next "----" line | 61 | // get out on the next "----" line |
62 | if (*buf == '-') | 62 | if (*buf == '-') |
63 | break; | 63 | break; |
64 | 64 | ||
65 | if (line == 3) | 65 | if (line == 3) |
66 | fprintf(fp, "# seccomp.keep %s", buf + position); | 66 | fprintf(fp, "# seccomp.keep %s", buf + position); |
67 | else | 67 | else |
@@ -89,21 +89,21 @@ int netlink = 0; | |||
89 | int packet = 0; | 89 | int packet = 0; |
90 | static void process_protocol(const char *fname) { | 90 | static void process_protocol(const char *fname) { |
91 | assert(fname); | 91 | assert(fname); |
92 | 92 | ||
93 | // process trace file | 93 | // process trace file |
94 | FILE *fp = fopen(fname, "r"); | 94 | FILE *fp = fopen(fname, "r"); |
95 | if (!fp) { | 95 | if (!fp) { |
96 | fprintf(stderr, "Error: cannot open %s\n", fname); | 96 | fprintf(stderr, "Error: cannot open %s\n", fname); |
97 | exit(1); | 97 | exit(1); |
98 | } | 98 | } |
99 | 99 | ||
100 | char buf[MAX_BUF]; | 100 | char buf[MAX_BUF]; |
101 | while (fgets(buf, MAX_BUF, fp)) { | 101 | while (fgets(buf, MAX_BUF, fp)) { |
102 | // remove \n | 102 | // remove \n |
103 | char *ptr = strchr(buf, '\n'); | 103 | char *ptr = strchr(buf, '\n'); |
104 | if (ptr) | 104 | if (ptr) |
105 | *ptr = '\0'; | 105 | *ptr = '\0'; |
106 | 106 | ||
107 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 | 107 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 |
108 | // number followed by : | 108 | // number followed by : |
109 | ptr = buf; | 109 | ptr = buf; |
@@ -136,7 +136,7 @@ static void process_protocol(const char *fname) { | |||
136 | else if (strncmp(ptr, "AF_PACKET ", 9) == 0) | 136 | else if (strncmp(ptr, "AF_PACKET ", 9) == 0) |
137 | packet = 1; | 137 | packet = 1; |
138 | } | 138 | } |
139 | 139 | ||
140 | fclose(fp); | 140 | fclose(fp); |
141 | } | 141 | } |
142 | 142 | ||
@@ -144,10 +144,10 @@ static void process_protocol(const char *fname) { | |||
144 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 | 144 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 |
145 | void build_protocol(const char *fname, FILE *fp) { | 145 | void build_protocol(const char *fname, FILE *fp) { |
146 | assert(fname); | 146 | assert(fname); |
147 | 147 | ||
148 | // run fname | 148 | // run fname |
149 | process_protocol(fname); | 149 | process_protocol(fname); |
150 | 150 | ||
151 | // run all the rest | 151 | // run all the rest |
152 | struct stat s; | 152 | struct stat s; |
153 | int i; | 153 | int i; |
@@ -159,7 +159,7 @@ void build_protocol(const char *fname, FILE *fp) { | |||
159 | process_protocol(newname); | 159 | process_protocol(newname); |
160 | free(newname); | 160 | free(newname); |
161 | } | 161 | } |
162 | 162 | ||
163 | int net = 0; | 163 | int net = 0; |
164 | if (unix_s || inet || inet6 || netlink || packet) { | 164 | if (unix_s || inet || inet6 || netlink || packet) { |
165 | fprintf(fp, "protocol "); | 165 | fprintf(fp, "protocol "); |
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h index 81dc951ec..711167704 100644 --- a/src/fbuilder/fbuilder.h +++ b/src/fbuilder/fbuilder.h | |||
@@ -25,7 +25,7 @@ | |||
25 | #include <pwd.h> | 25 | #include <pwd.h> |
26 | #include <sys/types.h> | 26 | #include <sys/types.h> |
27 | #include <sys/stat.h> | 27 | #include <sys/stat.h> |
28 | 28 | ||
29 | 29 | ||
30 | #define MAX_BUF 4096 | 30 | #define MAX_BUF 4096 |
31 | // main.c | 31 | // main.c |
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c index b7162c2d6..6b57954d3 100644 --- a/src/fbuilder/filedb.c +++ b/src/fbuilder/filedb.c | |||
@@ -24,14 +24,14 @@ FileDB *filedb_find(FileDB *head, const char *fname) { | |||
24 | FileDB *ptr = head; | 24 | FileDB *ptr = head; |
25 | int found = 0; | 25 | int found = 0; |
26 | int len = strlen(fname); | 26 | int len = strlen(fname); |
27 | 27 | ||
28 | while (ptr) { | 28 | while (ptr) { |
29 | // exact name | 29 | // exact name |
30 | if (strcmp(fname, ptr->fname) == 0) { | 30 | if (strcmp(fname, ptr->fname) == 0) { |
31 | found = 1; | 31 | found = 1; |
32 | break; | 32 | break; |
33 | } | 33 | } |
34 | 34 | ||
35 | // parent directory in the list | 35 | // parent directory in the list |
36 | if (len > ptr->len && | 36 | if (len > ptr->len && |
37 | fname[ptr->len] == '/' && | 37 | fname[ptr->len] == '/' && |
@@ -42,10 +42,10 @@ FileDB *filedb_find(FileDB *head, const char *fname) { | |||
42 | 42 | ||
43 | ptr = ptr->next; | 43 | ptr = ptr->next; |
44 | } | 44 | } |
45 | 45 | ||
46 | if (found) | 46 | if (found) |
47 | return ptr; | 47 | return ptr; |
48 | 48 | ||
49 | return NULL; | 49 | return NULL; |
50 | } | 50 | } |
51 | 51 | ||
@@ -55,7 +55,7 @@ FileDB *filedb_add(FileDB *head, const char *fname) { | |||
55 | // don't add it if it is already there or if the parent directory is already in the list | 55 | // don't add it if it is already there or if the parent directory is already in the list |
56 | if (filedb_find(head, fname)) | 56 | if (filedb_find(head, fname)) |
57 | return head; | 57 | return head; |
58 | 58 | ||
59 | // add a new entry | 59 | // add a new entry |
60 | FileDB *entry = malloc(sizeof(FileDB)); | 60 | FileDB *entry = malloc(sizeof(FileDB)); |
61 | if (!entry) | 61 | if (!entry) |
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c index 1b997ccdb..697b53700 100644 --- a/src/fbuilder/main.c +++ b/src/fbuilder/main.c | |||
@@ -40,7 +40,7 @@ printf("\n"); | |||
40 | int prog_index = 0; | 40 | int prog_index = 0; |
41 | FILE *fp = stdout; | 41 | FILE *fp = stdout; |
42 | int prof_file = 0; | 42 | int prof_file = 0; |
43 | 43 | ||
44 | // parse arguments and extract program index | 44 | // parse arguments and extract program index |
45 | for (i = 1; i < argc; i++) { | 45 | for (i = 1; i < argc; i++) { |
46 | if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-?") ==0) { | 46 | if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-?") ==0) { |
@@ -57,7 +57,7 @@ printf("\n"); | |||
57 | fprintf(stderr, "Error fbuild: --build=profile-name is not supported for root user.\n"); | 57 | fprintf(stderr, "Error fbuild: --build=profile-name is not supported for root user.\n"); |
58 | exit(1); | 58 | exit(1); |
59 | } | 59 | } |
60 | 60 | ||
61 | // check file access | 61 | // check file access |
62 | fp = fopen(argv[i] + 8, "w"); | 62 | fp = fopen(argv[i] + 8, "w"); |
63 | if (!fp) { | 63 | if (!fp) { |
@@ -77,7 +77,7 @@ printf("\n"); | |||
77 | break; | 77 | break; |
78 | } | 78 | } |
79 | } | 79 | } |
80 | 80 | ||
81 | if (prog_index == 0) { | 81 | if (prog_index == 0) { |
82 | fprintf(stderr, "Error fbuilder: program and arguments required\n"); | 82 | fprintf(stderr, "Error fbuilder: program and arguments required\n"); |
83 | usage(); | 83 | usage(); |
@@ -85,7 +85,7 @@ printf("\n"); | |||
85 | fclose(fp); | 85 | fclose(fp); |
86 | exit(1); | 86 | exit(1); |
87 | } | 87 | } |
88 | 88 | ||
89 | build_profile(argc, argv, prog_index, fp); | 89 | build_profile(argc, argv, prog_index, fp); |
90 | if (prof_file) | 90 | if (prof_file) |
91 | fclose(fp); | 91 | fclose(fp); |
diff --git a/src/fbuilder/utils.c b/src/fbuilder/utils.c index 902290899..c07d2e925 100644 --- a/src/fbuilder/utils.c +++ b/src/fbuilder/utils.c | |||
@@ -56,17 +56,17 @@ char *extract_dir(char *fname) { | |||
56 | assert(fname); | 56 | assert(fname); |
57 | if (is_dir(fname)) | 57 | if (is_dir(fname)) |
58 | return NULL; | 58 | return NULL; |
59 | 59 | ||
60 | char *name = strdup(fname); | 60 | char *name = strdup(fname); |
61 | if (!name) | 61 | if (!name) |
62 | errExit("strdup"); | 62 | errExit("strdup"); |
63 | 63 | ||
64 | char *ptr = strrchr(name, '/'); | 64 | char *ptr = strrchr(name, '/'); |
65 | if (!ptr) { | 65 | if (!ptr) { |
66 | free(name); | 66 | free(name); |
67 | return NULL; | 67 | return NULL; |
68 | } | 68 | } |
69 | *ptr = '\0'; | 69 | *ptr = '\0'; |
70 | 70 | ||
71 | return name; | 71 | return name; |
72 | } | 72 | } |