diff options
author | netblue30 <netblue30@yahoo.com> | 2019-09-15 07:00:09 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-15 07:00:09 -0500 |
commit | 38ace01bf5a501f8cd3de5c1384297c3163f9c35 (patch) | |
tree | aab0f8277a0ae1de922b8a9268b01428e8febd73 /src/fbuilder | |
parent | Fix #2899 (diff) | |
parent | Merge branch 'master' into fix-profile-builder (diff) | |
download | firejail-38ace01bf5a501f8cd3de5c1384297c3163f9c35.tar.gz firejail-38ace01bf5a501f8cd3de5c1384297c3163f9c35.tar.zst firejail-38ace01bf5a501f8cd3de5c1384297c3163f9c35.zip |
Merge pull request #2935 from crass/fix-profile-builder
Fix profile builder
Diffstat (limited to 'src/fbuilder')
-rw-r--r-- | src/fbuilder/build_profile.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index f11e37057..a0f71ae03 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -61,19 +61,18 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
61 | 61 | ||
62 | char *output; | 62 | char *output; |
63 | char *stroutput; | 63 | char *stroutput; |
64 | if(asprintf(&output,"--output=%s",trace_output) == -1) | 64 | if(asprintf(&output,"--trace=%s",trace_output) == -1) |
65 | errExit("asprintf"); | 65 | errExit("asprintf"); |
66 | if(asprintf(&stroutput,"-o %s",strace_output) == -1) | 66 | if(asprintf(&stroutput,"-o%s",strace_output) == -1) |
67 | errExit("asprintf"); | 67 | errExit("asprintf"); |
68 | 68 | ||
69 | char *cmdlist[] = { | 69 | char *cmdlist[] = { |
70 | "/usr/bin/firejail", | 70 | BINDIR "/firejail", |
71 | "--quiet", | 71 | "--quiet", |
72 | output, | ||
73 | "--noprofile", | 72 | "--noprofile", |
74 | "--caps.drop=all", | 73 | "--caps.drop=all", |
75 | "--nonewprivs", | 74 | "--nonewprivs", |
76 | "--trace", | 75 | output, |
77 | "--shell=none", | 76 | "--shell=none", |
78 | "/usr/bin/strace", // also used as a marker in build_profile() | 77 | "/usr/bin/strace", // also used as a marker in build_profile() |
79 | "-c", | 78 | "-c", |
@@ -110,7 +109,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
110 | 109 | ||
111 | if (arg_debug) { | 110 | if (arg_debug) { |
112 | for (i = 0; i < len; i++) | 111 | for (i = 0; i < len; i++) |
113 | printf("\t%s\n", cmd[i]); | 112 | printf("%s%s\n", (i)?"\t":"", cmd[i]); |
114 | } | 113 | } |
115 | 114 | ||
116 | // fork and execute | 115 | // fork and execute |
@@ -130,7 +129,8 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
130 | errExit("waitpid"); | 129 | errExit("waitpid"); |
131 | 130 | ||
132 | if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { | 131 | if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { |
133 | printf("\n\n\n"); | 132 | if (fp == stdout) |
133 | printf("--- Built profile beings after this line ---\n"); | ||
134 | fprintf(fp, "############################################\n"); | 134 | fprintf(fp, "############################################\n"); |
135 | fprintf(fp, "# %s profile\n", argv[index]); | 135 | fprintf(fp, "# %s profile\n", argv[index]); |
136 | fprintf(fp, "############################################\n"); | 136 | fprintf(fp, "############################################\n"); |
@@ -177,9 +177,10 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
177 | fprintf(fp, "### environment\n"); | 177 | fprintf(fp, "### environment\n"); |
178 | fprintf(fp, "shell none\n"); | 178 | fprintf(fp, "shell none\n"); |
179 | 179 | ||
180 | unlink(trace_output); | 180 | if (!arg_debug) { |
181 | unlink(strace_output); | 181 | unlink(trace_output); |
182 | 182 | unlink(strace_output); | |
183 | } | ||
183 | } | 184 | } |
184 | else { | 185 | else { |
185 | fprintf(stderr, "Error: cannot run the sandbox\n"); | 186 | fprintf(stderr, "Error: cannot run the sandbox\n"); |