diff options
| author |  Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-11-19 15:02:42 -0600 |
|---|---|---|
| committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-11-19 15:02:42 -0600 |
| commit | b936e5ab77dfa0b54b2f6f6dd53762a8244e4230 (patch) | |
| tree | edb7237ba54d7c2a85a8531c8901d6466c5e0e4d /src/fbuilder | |
| parent | More qtox profile tightening (diff) | |
| download | firejail-b936e5ab77dfa0b54b2f6f6dd53762a8244e4230.tar.gz firejail-b936e5ab77dfa0b54b2f6f6dd53762a8244e4230.tar.zst firejail-b936e5ab77dfa0b54b2f6f6dd53762a8244e4230.zip | |
strip trailing whitespace
Diffstat (limited to 'src/fbuilder')
| -rw-r--r-- | src/fbuilder/build_bin.c | 12 | ||||
| -rw-r--r-- | src/fbuilder/build_fs.c | 34 | ||||
| -rw-r--r-- | src/fbuilder/build_home.c | 30 | ||||
| -rw-r--r-- | src/fbuilder/build_profile.c | 22 | ||||
| -rw-r--r-- | src/fbuilder/build_seccomp.c | 22 | ||||
| -rw-r--r-- | src/fbuilder/fbuilder.h | 2 | ||||
| -rw-r--r-- | src/fbuilder/filedb.c | 10 | ||||
| -rw-r--r-- | src/fbuilder/main.c | 8 | ||||
| -rw-r--r-- | src/fbuilder/utils.c | 6 |
9 files changed, 73 insertions, 73 deletions
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c index fb92fb630..b69e089c3 100644 --- a/src/fbuilder/build_bin.c +++ b/src/fbuilder/build_bin.c | |||
| @@ -23,21 +23,21 @@ static FileDB *bin_out = NULL; | |||
| 23 | 23 | ||
| 24 | static void process_bin(const char *fname) { | 24 | static void process_bin(const char *fname) { |
| 25 | assert(fname); | 25 | assert(fname); |
| 26 | 26 | ||
| 27 | // process trace file | 27 | // process trace file |
| 28 | FILE *fp = fopen(fname, "r"); | 28 | FILE *fp = fopen(fname, "r"); |
| 29 | if (!fp) { | 29 | if (!fp) { |
| 30 | fprintf(stderr, "Error: cannot open %s\n", fname); | 30 | fprintf(stderr, "Error: cannot open %s\n", fname); |
| 31 | exit(1); | 31 | exit(1); |
| 32 | } | 32 | } |
| 33 | 33 | ||
| 34 | char buf[MAX_BUF]; | 34 | char buf[MAX_BUF]; |
| 35 | while (fgets(buf, MAX_BUF, fp)) { | 35 | while (fgets(buf, MAX_BUF, fp)) { |
| 36 | // remove \n | 36 | // remove \n |
| 37 | char *ptr = strchr(buf, '\n'); | 37 | char *ptr = strchr(buf, '\n'); |
| 38 | if (ptr) | 38 | if (ptr) |
| 39 | *ptr = '\0'; | 39 | *ptr = '\0'; |
| 40 | 40 | ||
| 41 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 | 41 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 |
| 42 | // number followed by : | 42 | // number followed by : |
| 43 | ptr = buf; | 43 | ptr = buf; |
| @@ -89,7 +89,7 @@ static void process_bin(const char *fname) { | |||
| 89 | 89 | ||
| 90 | bin_out = filedb_add(bin_out, ptr); | 90 | bin_out = filedb_add(bin_out, ptr); |
| 91 | } | 91 | } |
| 92 | 92 | ||
| 93 | fclose(fp); | 93 | fclose(fp); |
| 94 | } | 94 | } |
| 95 | 95 | ||
| @@ -97,10 +97,10 @@ static void process_bin(const char *fname) { | |||
| 97 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 | 97 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 |
| 98 | void build_bin(const char *fname, FILE *fp) { | 98 | void build_bin(const char *fname, FILE *fp) { |
| 99 | assert(fname); | 99 | assert(fname); |
| 100 | 100 | ||
| 101 | // run fname | 101 | // run fname |
| 102 | process_bin(fname); | 102 | process_bin(fname); |
| 103 | 103 | ||
| 104 | // run all the rest | 104 | // run all the rest |
| 105 | struct stat s; | 105 | struct stat s; |
| 106 | int i; | 106 | int i; |
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index f1a27a35a..3f685623e 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
| @@ -25,23 +25,23 @@ static void process_file(const char *fname, const char *dir, void (*callback)(ch | |||
| 25 | assert(fname); | 25 | assert(fname); |
| 26 | assert(dir); | 26 | assert(dir); |
| 27 | assert(callback); | 27 | assert(callback); |
| 28 | 28 | ||
| 29 | int dir_len = strlen(dir); | 29 | int dir_len = strlen(dir); |
| 30 | 30 | ||
| 31 | // process trace file | 31 | // process trace file |
| 32 | FILE *fp = fopen(fname, "r"); | 32 | FILE *fp = fopen(fname, "r"); |
| 33 | if (!fp) { | 33 | if (!fp) { |
| 34 | fprintf(stderr, "Error: cannot open %s\n", fname); | 34 | fprintf(stderr, "Error: cannot open %s\n", fname); |
| 35 | exit(1); | 35 | exit(1); |
| 36 | } | 36 | } |
| 37 | 37 | ||
| 38 | char buf[MAX_BUF]; | 38 | char buf[MAX_BUF]; |
| 39 | while (fgets(buf, MAX_BUF, fp)) { | 39 | while (fgets(buf, MAX_BUF, fp)) { |
| 40 | // remove \n | 40 | // remove \n |
| 41 | char *ptr = strchr(buf, '\n'); | 41 | char *ptr = strchr(buf, '\n'); |
| 42 | if (ptr) | 42 | if (ptr) |
| 43 | *ptr = '\0'; | 43 | *ptr = '\0'; |
| 44 | 44 | ||
| 45 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 | 45 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 |
| 46 | // number followed by : | 46 | // number followed by : |
| 47 | ptr = buf; | 47 | ptr = buf; |
| @@ -78,10 +78,10 @@ static void process_file(const char *fname, const char *dir, void (*callback)(ch | |||
| 78 | if (!ptr2) | 78 | if (!ptr2) |
| 79 | continue; | 79 | continue; |
| 80 | *ptr2 = '\0'; | 80 | *ptr2 = '\0'; |
| 81 | 81 | ||
| 82 | callback(ptr); | 82 | callback(ptr); |
| 83 | } | 83 | } |
| 84 | 84 | ||
| 85 | fclose(fp); | 85 | fclose(fp); |
| 86 | } | 86 | } |
| 87 | 87 | ||
| @@ -90,10 +90,10 @@ static void process_files(const char *fname, const char *dir, void (*callback)(c | |||
| 90 | assert(fname); | 90 | assert(fname); |
| 91 | assert(dir); | 91 | assert(dir); |
| 92 | assert(callback); | 92 | assert(callback); |
| 93 | 93 | ||
| 94 | // run fname | 94 | // run fname |
| 95 | process_file(fname, dir, callback); | 95 | process_file(fname, dir, callback); |
| 96 | 96 | ||
| 97 | // run all the rest | 97 | // run all the rest |
| 98 | struct stat s; | 98 | struct stat s; |
| 99 | int i; | 99 | int i; |
| @@ -127,9 +127,9 @@ static void etc_callback(char *ptr) { | |||
| 127 | 127 | ||
| 128 | void build_etc(const char *fname, FILE *fp) { | 128 | void build_etc(const char *fname, FILE *fp) { |
| 129 | assert(fname); | 129 | assert(fname); |
| 130 | 130 | ||
| 131 | process_files(fname, "/etc", etc_callback); | 131 | process_files(fname, "/etc", etc_callback); |
| 132 | 132 | ||
| 133 | fprintf(fp, "private-etc "); | 133 | fprintf(fp, "private-etc "); |
| 134 | if (etc_out == NULL) | 134 | if (etc_out == NULL) |
| 135 | fprintf(fp, "none\n"); | 135 | fprintf(fp, "none\n"); |
| @@ -140,7 +140,7 @@ void build_etc(const char *fname, FILE *fp) { | |||
| 140 | ptr = ptr->next; | 140 | ptr = ptr->next; |
| 141 | } | 141 | } |
| 142 | fprintf(fp, "\n"); | 142 | fprintf(fp, "\n"); |
| 143 | } | 143 | } |
| 144 | } | 144 | } |
| 145 | 145 | ||
| 146 | //******************************************* | 146 | //******************************************* |
| @@ -164,7 +164,7 @@ void build_var(const char *fname, FILE *fp) { | |||
| 164 | assert(fname); | 164 | assert(fname); |
| 165 | 165 | ||
| 166 | process_files(fname, "/var", var_callback); | 166 | process_files(fname, "/var", var_callback); |
| 167 | 167 | ||
| 168 | if (var_out == NULL) | 168 | if (var_out == NULL) |
| 169 | fprintf(fp, "blacklist /var\n"); | 169 | fprintf(fp, "blacklist /var\n"); |
| 170 | else | 170 | else |
| @@ -218,9 +218,9 @@ static void tmp_callback(char *ptr) { | |||
| 218 | 218 | ||
| 219 | void build_tmp(const char *fname, FILE *fp) { | 219 | void build_tmp(const char *fname, FILE *fp) { |
| 220 | assert(fname); | 220 | assert(fname); |
| 221 | 221 | ||
| 222 | process_files(fname, "/tmp", tmp_callback); | 222 | process_files(fname, "/tmp", tmp_callback); |
| 223 | 223 | ||
| 224 | if (tmp_out == NULL) | 224 | if (tmp_out == NULL) |
| 225 | fprintf(fp, "private-tmp\n"); | 225 | fprintf(fp, "private-tmp\n"); |
| 226 | else { | 226 | else { |
| @@ -247,7 +247,7 @@ static char *dev_skip[] = { | |||
| 247 | "/dev/random", | 247 | "/dev/random", |
| 248 | "/dev/urandom", | 248 | "/dev/urandom", |
| 249 | "/dev/tty", | 249 | "/dev/tty", |
| 250 | "/dev/snd", | 250 | "/dev/snd", |
| 251 | "/dev/dri", | 251 | "/dev/dri", |
| 252 | "/dev/pts", | 252 | "/dev/pts", |
| 253 | "/dev/nvidia0", | 253 | "/dev/nvidia0", |
| @@ -296,9 +296,9 @@ static void dev_callback(char *ptr) { | |||
| 296 | 296 | ||
| 297 | void build_dev(const char *fname, FILE *fp) { | 297 | void build_dev(const char *fname, FILE *fp) { |
| 298 | assert(fname); | 298 | assert(fname); |
| 299 | 299 | ||
| 300 | process_files(fname, "/dev", dev_callback); | 300 | process_files(fname, "/dev", dev_callback); |
| 301 | 301 | ||
| 302 | if (dev_out == NULL) | 302 | if (dev_out == NULL) |
| 303 | fprintf(fp, "private-dev\n"); | 303 | fprintf(fp, "private-dev\n"); |
| 304 | else { | 304 | else { |
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c index 9bbd2c258..18bf5d702 100644 --- a/src/fbuilder/build_home.c +++ b/src/fbuilder/build_home.c | |||
| @@ -29,7 +29,7 @@ static void load_whitelist_common(void) { | |||
| 29 | fprintf(stderr, "Error: cannot open whitelist-common.inc\n"); | 29 | fprintf(stderr, "Error: cannot open whitelist-common.inc\n"); |
| 30 | exit(1); | 30 | exit(1); |
| 31 | } | 31 | } |
| 32 | 32 | ||
| 33 | char buf[MAX_BUF]; | 33 | char buf[MAX_BUF]; |
| 34 | while (fgets(buf, MAX_BUF, fp)) { | 34 | while (fgets(buf, MAX_BUF, fp)) { |
| 35 | if (strncmp(buf, "whitelist ~/", 12) != 0) | 35 | if (strncmp(buf, "whitelist ~/", 12) != 0) |
| @@ -39,33 +39,33 @@ static void load_whitelist_common(void) { | |||
| 39 | if (!ptr) | 39 | if (!ptr) |
| 40 | continue; | 40 | continue; |
| 41 | *ptr = '\0'; | 41 | *ptr = '\0'; |
| 42 | 42 | ||
| 43 | // add the file to skip list | 43 | // add the file to skip list |
| 44 | db_skip = filedb_add(db_skip, fn); | 44 | db_skip = filedb_add(db_skip, fn); |
| 45 | } | 45 | } |
| 46 | 46 | ||
| 47 | fclose(fp); | 47 | fclose(fp); |
| 48 | } | 48 | } |
| 49 | 49 | ||
| 50 | void process_home(const char *fname, char *home, int home_len) { | 50 | void process_home(const char *fname, char *home, int home_len) { |
| 51 | assert(fname); | 51 | assert(fname); |
| 52 | assert(home); | 52 | assert(home); |
| 53 | assert(home_len); | 53 | assert(home_len); |
| 54 | 54 | ||
| 55 | // process trace file | 55 | // process trace file |
| 56 | FILE *fp = fopen(fname, "r"); | 56 | FILE *fp = fopen(fname, "r"); |
| 57 | if (!fp) { | 57 | if (!fp) { |
| 58 | fprintf(stderr, "Error: cannot open %s\n", fname); | 58 | fprintf(stderr, "Error: cannot open %s\n", fname); |
| 59 | exit(1); | 59 | exit(1); |
| 60 | } | 60 | } |
| 61 | 61 | ||
| 62 | char buf[MAX_BUF]; | 62 | char buf[MAX_BUF]; |
| 63 | while (fgets(buf, MAX_BUF, fp)) { | 63 | while (fgets(buf, MAX_BUF, fp)) { |
| 64 | // remove \n | 64 | // remove \n |
| 65 | char *ptr = strchr(buf, '\n'); | 65 | char *ptr = strchr(buf, '\n'); |
| 66 | if (ptr) | 66 | if (ptr) |
| 67 | *ptr = '\0'; | 67 | *ptr = '\0'; |
| 68 | 68 | ||
| 69 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 | 69 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 |
| 70 | // number followed by : | 70 | // number followed by : |
| 71 | ptr = buf; | 71 | ptr = buf; |
| @@ -107,8 +107,8 @@ void process_home(const char *fname, char *home, int home_len) { | |||
| 107 | if (strcmp(ptr, home) == 0) | 107 | if (strcmp(ptr, home) == 0) |
| 108 | continue; | 108 | continue; |
| 109 | ptr += home_len + 1; | 109 | ptr += home_len + 1; |
| 110 | 110 | ||
| 111 | // skip files handled automatically by firejail | 111 | // skip files handled automatically by firejail |
| 112 | if (strcmp(ptr, ".Xauthority") == 0 || | 112 | if (strcmp(ptr, ".Xauthority") == 0 || |
| 113 | strcmp(ptr, ".Xdefaults-debian") == 0 || | 113 | strcmp(ptr, ".Xdefaults-debian") == 0 || |
| 114 | strncmp(ptr, ".config/pulse/", 13) == 0 || | 114 | strncmp(ptr, ".config/pulse/", 13) == 0 || |
| @@ -116,8 +116,8 @@ void process_home(const char *fname, char *home, int home_len) { | |||
| 116 | strncmp(ptr, ".bash_hist", 10) == 0 || | 116 | strncmp(ptr, ".bash_hist", 10) == 0 || |
| 117 | strcmp(ptr, ".bashrc") == 0) | 117 | strcmp(ptr, ".bashrc") == 0) |
| 118 | continue; | 118 | continue; |
| 119 | 119 | ||
| 120 | 120 | ||
| 121 | // try to find the relevant directory for this file | 121 | // try to find the relevant directory for this file |
| 122 | char *dir = extract_dir(ptr); | 122 | char *dir = extract_dir(ptr); |
| 123 | char *toadd = (dir)? dir: ptr; | 123 | char *toadd = (dir)? dir: ptr; |
| @@ -160,7 +160,7 @@ void process_home(const char *fname, char *home, int home_len) { | |||
| 160 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 | 160 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 |
| 161 | void build_home(const char *fname, FILE *fp) { | 161 | void build_home(const char *fname, FILE *fp) { |
| 162 | assert(fname); | 162 | assert(fname); |
| 163 | 163 | ||
| 164 | // load whitelist common | 164 | // load whitelist common |
| 165 | load_whitelist_common(); | 165 | load_whitelist_common(); |
| 166 | 166 | ||
| @@ -172,10 +172,10 @@ void build_home(const char *fname, FILE *fp) { | |||
| 172 | if (!home) | 172 | if (!home) |
| 173 | errExit("getpwuid"); | 173 | errExit("getpwuid"); |
| 174 | int home_len = strlen(home); | 174 | int home_len = strlen(home); |
| 175 | 175 | ||
| 176 | // run fname | 176 | // run fname |
| 177 | process_home(fname, home, home_len); | 177 | process_home(fname, home, home_len); |
| 178 | 178 | ||
| 179 | // run all the rest | 179 | // run all the rest |
| 180 | struct stat s; | 180 | struct stat s; |
| 181 | int i; | 181 | int i; |
| @@ -187,7 +187,7 @@ void build_home(const char *fname, FILE *fp) { | |||
| 187 | process_home(newname, home, home_len); | 187 | process_home(newname, home, home_len); |
| 188 | free(newname); | 188 | free(newname); |
| 189 | } | 189 | } |
| 190 | 190 | ||
| 191 | // print the out list if any | 191 | // print the out list if any |
| 192 | if (db_out) { | 192 | if (db_out) { |
| 193 | filedb_print(db_out, "whitelist ~/", fp); | 193 | filedb_print(db_out, "whitelist ~/", fp); |
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index de9f79232..5fead41c5 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
| @@ -43,7 +43,7 @@ static char *cmdlist[] = { | |||
| 43 | static void clear_tmp_files(void) { | 43 | static void clear_tmp_files(void) { |
| 44 | unlink(STRACE_OUTPUT); | 44 | unlink(STRACE_OUTPUT); |
| 45 | unlink(TRACE_OUTPUT); | 45 | unlink(TRACE_OUTPUT); |
| 46 | 46 | ||
| 47 | // run all the rest | 47 | // run all the rest |
| 48 | int i; | 48 | int i; |
| 49 | for (i = 1; i <= 5; i++) { | 49 | for (i = 1; i <= 5; i++) { |
| @@ -62,22 +62,22 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 62 | fprintf(stderr, "Error: application name missing\n"); | 62 | fprintf(stderr, "Error: application name missing\n"); |
| 63 | exit(1); | 63 | exit(1); |
| 64 | } | 64 | } |
| 65 | 65 | ||
| 66 | // clean /tmp files | 66 | // clean /tmp files |
| 67 | clear_tmp_files(); | 67 | clear_tmp_files(); |
| 68 | 68 | ||
| 69 | // detect strace | 69 | // detect strace |
| 70 | int have_strace = 0; | 70 | int have_strace = 0; |
| 71 | if (access("/usr/bin/strace", X_OK) == 0) | 71 | if (access("/usr/bin/strace", X_OK) == 0) |
| 72 | have_strace = 1; | 72 | have_strace = 1; |
| 73 | 73 | ||
| 74 | // calculate command length | 74 | // calculate command length |
| 75 | unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1; | 75 | unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1; |
| 76 | if (arg_debug) | 76 | if (arg_debug) |
| 77 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); | 77 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); |
| 78 | char *cmd[len]; | 78 | char *cmd[len]; |
| 79 | cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error | 79 | cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error |
| 80 | 80 | ||
| 81 | // build command | 81 | // build command |
| 82 | unsigned i = 0; | 82 | unsigned i = 0; |
| 83 | for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) { | 83 | for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) { |
| @@ -97,7 +97,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 97 | for (i = 0; i < len; i++) | 97 | for (i = 0; i < len; i++) |
| 98 | printf("\t%s\n", cmd[i]); | 98 | printf("\t%s\n", cmd[i]); |
| 99 | } | 99 | } |
| 100 | 100 | ||
| 101 | // fork and execute | 101 | // fork and execute |
| 102 | pid_t child = fork(); | 102 | pid_t child = fork(); |
| 103 | if (child == -1) | 103 | if (child == -1) |
| @@ -108,7 +108,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 108 | (void) rv; | 108 | (void) rv; |
| 109 | errExit("execv"); | 109 | errExit("execv"); |
| 110 | } | 110 | } |
| 111 | 111 | ||
| 112 | // wait for all processes to finish | 112 | // wait for all processes to finish |
| 113 | int status; | 113 | int status; |
| 114 | if (waitpid(child, &status, 0) != child) | 114 | if (waitpid(child, &status, 0) != child) |
| @@ -122,18 +122,18 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 122 | fprintf(fp, "# Persistent global definitions\n"); | 122 | fprintf(fp, "# Persistent global definitions\n"); |
| 123 | fprintf(fp, "# include /etc/firejail/globals.local\n"); | 123 | fprintf(fp, "# include /etc/firejail/globals.local\n"); |
| 124 | fprintf(fp, "\n"); | 124 | fprintf(fp, "\n"); |
| 125 | 125 | ||
| 126 | fprintf(fp, "### basic blacklisting\n"); | 126 | fprintf(fp, "### basic blacklisting\n"); |
| 127 | fprintf(fp, "include /etc/firejail/disable-common.inc\n"); | 127 | fprintf(fp, "include /etc/firejail/disable-common.inc\n"); |
| 128 | fprintf(fp, "# include /etc/firejail/disable-devel.inc\n"); | 128 | fprintf(fp, "# include /etc/firejail/disable-devel.inc\n"); |
| 129 | fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n"); | 129 | fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n"); |
| 130 | fprintf(fp, "# include /etc/firejail/disable-programs.inc\n"); | 130 | fprintf(fp, "# include /etc/firejail/disable-programs.inc\n"); |
| 131 | fprintf(fp, "\n"); | 131 | fprintf(fp, "\n"); |
| 132 | 132 | ||
| 133 | fprintf(fp, "### home directory whitelisting\n"); | 133 | fprintf(fp, "### home directory whitelisting\n"); |
| 134 | build_home(TRACE_OUTPUT, fp); | 134 | build_home(TRACE_OUTPUT, fp); |
| 135 | fprintf(fp, "\n"); | 135 | fprintf(fp, "\n"); |
| 136 | 136 | ||
| 137 | fprintf(fp, "### filesystem\n"); | 137 | fprintf(fp, "### filesystem\n"); |
| 138 | build_tmp(TRACE_OUTPUT, fp); | 138 | build_tmp(TRACE_OUTPUT, fp); |
| 139 | build_dev(TRACE_OUTPUT, fp); | 139 | build_dev(TRACE_OUTPUT, fp); |
| @@ -158,7 +158,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
| 158 | fprintf(fp, "### network\n"); | 158 | fprintf(fp, "### network\n"); |
| 159 | build_protocol(TRACE_OUTPUT, fp); | 159 | build_protocol(TRACE_OUTPUT, fp); |
| 160 | fprintf(fp, "\n"); | 160 | fprintf(fp, "\n"); |
| 161 | 161 | ||
| 162 | fprintf(fp, "### environment\n"); | 162 | fprintf(fp, "### environment\n"); |
| 163 | fprintf(fp, "shell none\n"); | 163 | fprintf(fp, "shell none\n"); |
| 164 | 164 | ||
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c index 63f37e34a..85190f0f2 100644 --- a/src/fbuilder/build_seccomp.c +++ b/src/fbuilder/build_seccomp.c | |||
| @@ -23,13 +23,13 @@ | |||
| 23 | void build_seccomp(const char *fname, FILE *fp) { | 23 | void build_seccomp(const char *fname, FILE *fp) { |
| 24 | assert(fname); | 24 | assert(fname); |
| 25 | assert(fp); | 25 | assert(fp); |
| 26 | 26 | ||
| 27 | FILE *fp2 = fopen(fname, "r"); | 27 | FILE *fp2 = fopen(fname, "r"); |
| 28 | if (!fp2) { | 28 | if (!fp2) { |
| 29 | fprintf(stderr, "Error: cannot open %s\n", fname); | 29 | fprintf(stderr, "Error: cannot open %s\n", fname); |
| 30 | exit(1); | 30 | exit(1); |
| 31 | } | 31 | } |
| 32 | 32 | ||
| 33 | char buf[MAX_BUF]; | 33 | char buf[MAX_BUF]; |
| 34 | int line = 1; | 34 | int line = 1; |
| 35 | int position = 0; | 35 | int position = 0; |
| @@ -39,7 +39,7 @@ void build_seccomp(const char *fname, FILE *fp) { | |||
| 39 | char *ptr = strchr(buf, '\n'); | 39 | char *ptr = strchr(buf, '\n'); |
| 40 | if (ptr) | 40 | if (ptr) |
| 41 | *ptr = '\0'; | 41 | *ptr = '\0'; |
| 42 | 42 | ||
| 43 | // first line: | 43 | // first line: |
| 44 | //% time seconds usecs/call calls errors syscall | 44 | //% time seconds usecs/call calls errors syscall |
| 45 | if (line == 1) { | 45 | if (line == 1) { |
| @@ -61,7 +61,7 @@ void build_seccomp(const char *fname, FILE *fp) { | |||
| 61 | // get out on the next "----" line | 61 | // get out on the next "----" line |
| 62 | if (*buf == '-') | 62 | if (*buf == '-') |
| 63 | break; | 63 | break; |
| 64 | 64 | ||
| 65 | if (line == 3) | 65 | if (line == 3) |
| 66 | fprintf(fp, "# seccomp.keep %s", buf + position); | 66 | fprintf(fp, "# seccomp.keep %s", buf + position); |
| 67 | else | 67 | else |
| @@ -89,21 +89,21 @@ int netlink = 0; | |||
| 89 | int packet = 0; | 89 | int packet = 0; |
| 90 | static void process_protocol(const char *fname) { | 90 | static void process_protocol(const char *fname) { |
| 91 | assert(fname); | 91 | assert(fname); |
| 92 | 92 | ||
| 93 | // process trace file | 93 | // process trace file |
| 94 | FILE *fp = fopen(fname, "r"); | 94 | FILE *fp = fopen(fname, "r"); |
| 95 | if (!fp) { | 95 | if (!fp) { |
| 96 | fprintf(stderr, "Error: cannot open %s\n", fname); | 96 | fprintf(stderr, "Error: cannot open %s\n", fname); |
| 97 | exit(1); | 97 | exit(1); |
| 98 | } | 98 | } |
| 99 | 99 | ||
| 100 | char buf[MAX_BUF]; | 100 | char buf[MAX_BUF]; |
| 101 | while (fgets(buf, MAX_BUF, fp)) { | 101 | while (fgets(buf, MAX_BUF, fp)) { |
| 102 | // remove \n | 102 | // remove \n |
| 103 | char *ptr = strchr(buf, '\n'); | 103 | char *ptr = strchr(buf, '\n'); |
| 104 | if (ptr) | 104 | if (ptr) |
| 105 | *ptr = '\0'; | 105 | *ptr = '\0'; |
| 106 | 106 | ||
| 107 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 | 107 | // parse line: 4:galculator:access /etc/fonts/conf.d:0 |
| 108 | // number followed by : | 108 | // number followed by : |
| 109 | ptr = buf; | 109 | ptr = buf; |
| @@ -136,7 +136,7 @@ static void process_protocol(const char *fname) { | |||
| 136 | else if (strncmp(ptr, "AF_PACKET ", 9) == 0) | 136 | else if (strncmp(ptr, "AF_PACKET ", 9) == 0) |
| 137 | packet = 1; | 137 | packet = 1; |
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | fclose(fp); | 140 | fclose(fp); |
| 141 | } | 141 | } |
| 142 | 142 | ||
| @@ -144,10 +144,10 @@ static void process_protocol(const char *fname) { | |||
| 144 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 | 144 | // process fname, fname.1, fname.2, fname.3, fname.4, fname.5 |
| 145 | void build_protocol(const char *fname, FILE *fp) { | 145 | void build_protocol(const char *fname, FILE *fp) { |
| 146 | assert(fname); | 146 | assert(fname); |
| 147 | 147 | ||
| 148 | // run fname | 148 | // run fname |
| 149 | process_protocol(fname); | 149 | process_protocol(fname); |
| 150 | 150 | ||
| 151 | // run all the rest | 151 | // run all the rest |
| 152 | struct stat s; | 152 | struct stat s; |
| 153 | int i; | 153 | int i; |
| @@ -159,7 +159,7 @@ void build_protocol(const char *fname, FILE *fp) { | |||
| 159 | process_protocol(newname); | 159 | process_protocol(newname); |
| 160 | free(newname); | 160 | free(newname); |
| 161 | } | 161 | } |
| 162 | 162 | ||
| 163 | int net = 0; | 163 | int net = 0; |
| 164 | if (unix_s || inet || inet6 || netlink || packet) { | 164 | if (unix_s || inet || inet6 || netlink || packet) { |
| 165 | fprintf(fp, "protocol "); | 165 | fprintf(fp, "protocol "); |
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h index 81dc951ec..711167704 100644 --- a/src/fbuilder/fbuilder.h +++ b/src/fbuilder/fbuilder.h | |||
| @@ -25,7 +25,7 @@ | |||
| 25 | #include <pwd.h> | 25 | #include <pwd.h> |
| 26 | #include <sys/types.h> | 26 | #include <sys/types.h> |
| 27 | #include <sys/stat.h> | 27 | #include <sys/stat.h> |
| 28 | 28 | ||
| 29 | 29 | ||
| 30 | #define MAX_BUF 4096 | 30 | #define MAX_BUF 4096 |
| 31 | // main.c | 31 | // main.c |
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c index b7162c2d6..6b57954d3 100644 --- a/src/fbuilder/filedb.c +++ b/src/fbuilder/filedb.c | |||
| @@ -24,14 +24,14 @@ FileDB *filedb_find(FileDB *head, const char *fname) { | |||
| 24 | FileDB *ptr = head; | 24 | FileDB *ptr = head; |
| 25 | int found = 0; | 25 | int found = 0; |
| 26 | int len = strlen(fname); | 26 | int len = strlen(fname); |
| 27 | 27 | ||
| 28 | while (ptr) { | 28 | while (ptr) { |
| 29 | // exact name | 29 | // exact name |
| 30 | if (strcmp(fname, ptr->fname) == 0) { | 30 | if (strcmp(fname, ptr->fname) == 0) { |
| 31 | found = 1; | 31 | found = 1; |
| 32 | break; | 32 | break; |
| 33 | } | 33 | } |
| 34 | 34 | ||
| 35 | // parent directory in the list | 35 | // parent directory in the list |
| 36 | if (len > ptr->len && | 36 | if (len > ptr->len && |
| 37 | fname[ptr->len] == '/' && | 37 | fname[ptr->len] == '/' && |
| @@ -42,10 +42,10 @@ FileDB *filedb_find(FileDB *head, const char *fname) { | |||
| 42 | 42 | ||
| 43 | ptr = ptr->next; | 43 | ptr = ptr->next; |
| 44 | } | 44 | } |
| 45 | 45 | ||
| 46 | if (found) | 46 | if (found) |
| 47 | return ptr; | 47 | return ptr; |
| 48 | 48 | ||
| 49 | return NULL; | 49 | return NULL; |
| 50 | } | 50 | } |
| 51 | 51 | ||
| @@ -55,7 +55,7 @@ FileDB *filedb_add(FileDB *head, const char *fname) { | |||
| 55 | // don't add it if it is already there or if the parent directory is already in the list | 55 | // don't add it if it is already there or if the parent directory is already in the list |
| 56 | if (filedb_find(head, fname)) | 56 | if (filedb_find(head, fname)) |
| 57 | return head; | 57 | return head; |
| 58 | 58 | ||
| 59 | // add a new entry | 59 | // add a new entry |
| 60 | FileDB *entry = malloc(sizeof(FileDB)); | 60 | FileDB *entry = malloc(sizeof(FileDB)); |
| 61 | if (!entry) | 61 | if (!entry) |
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c index 1b997ccdb..697b53700 100644 --- a/src/fbuilder/main.c +++ b/src/fbuilder/main.c | |||
| @@ -40,7 +40,7 @@ printf("\n"); | |||
| 40 | int prog_index = 0; | 40 | int prog_index = 0; |
| 41 | FILE *fp = stdout; | 41 | FILE *fp = stdout; |
| 42 | int prof_file = 0; | 42 | int prof_file = 0; |
| 43 | 43 | ||
| 44 | // parse arguments and extract program index | 44 | // parse arguments and extract program index |
| 45 | for (i = 1; i < argc; i++) { | 45 | for (i = 1; i < argc; i++) { |
| 46 | if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-?") ==0) { | 46 | if (strcmp(argv[i], "-h") == 0 || strcmp(argv[i], "--help") == 0 || strcmp(argv[i], "-?") ==0) { |
| @@ -57,7 +57,7 @@ printf("\n"); | |||
| 57 | fprintf(stderr, "Error fbuild: --build=profile-name is not supported for root user.\n"); | 57 | fprintf(stderr, "Error fbuild: --build=profile-name is not supported for root user.\n"); |
| 58 | exit(1); | 58 | exit(1); |
| 59 | } | 59 | } |
| 60 | 60 | ||
| 61 | // check file access | 61 | // check file access |
| 62 | fp = fopen(argv[i] + 8, "w"); | 62 | fp = fopen(argv[i] + 8, "w"); |
| 63 | if (!fp) { | 63 | if (!fp) { |
| @@ -77,7 +77,7 @@ printf("\n"); | |||
| 77 | break; | 77 | break; |
| 78 | } | 78 | } |
| 79 | } | 79 | } |
| 80 | 80 | ||
| 81 | if (prog_index == 0) { | 81 | if (prog_index == 0) { |
| 82 | fprintf(stderr, "Error fbuilder: program and arguments required\n"); | 82 | fprintf(stderr, "Error fbuilder: program and arguments required\n"); |
| 83 | usage(); | 83 | usage(); |
| @@ -85,7 +85,7 @@ printf("\n"); | |||
| 85 | fclose(fp); | 85 | fclose(fp); |
| 86 | exit(1); | 86 | exit(1); |
| 87 | } | 87 | } |
| 88 | 88 | ||
| 89 | build_profile(argc, argv, prog_index, fp); | 89 | build_profile(argc, argv, prog_index, fp); |
| 90 | if (prof_file) | 90 | if (prof_file) |
| 91 | fclose(fp); | 91 | fclose(fp); |
diff --git a/src/fbuilder/utils.c b/src/fbuilder/utils.c index 902290899..c07d2e925 100644 --- a/src/fbuilder/utils.c +++ b/src/fbuilder/utils.c | |||
| @@ -56,17 +56,17 @@ char *extract_dir(char *fname) { | |||
| 56 | assert(fname); | 56 | assert(fname); |
| 57 | if (is_dir(fname)) | 57 | if (is_dir(fname)) |
| 58 | return NULL; | 58 | return NULL; |
| 59 | 59 | ||
| 60 | char *name = strdup(fname); | 60 | char *name = strdup(fname); |
| 61 | if (!name) | 61 | if (!name) |
| 62 | errExit("strdup"); | 62 | errExit("strdup"); |
| 63 | 63 | ||
| 64 | char *ptr = strrchr(name, '/'); | 64 | char *ptr = strrchr(name, '/'); |
| 65 | if (!ptr) { | 65 | if (!ptr) { |
| 66 | free(name); | 66 | free(name); |
| 67 | return NULL; | 67 | return NULL; |
| 68 | } | 68 | } |
| 69 | *ptr = '\0'; | 69 | *ptr = '\0'; |
| 70 | 70 | ||
| 71 | return name; | 71 | return name; |
| 72 | } | 72 | } |