allow/deny fbuilder

author: netblue30 <netblue30@protonmail.com> 2021-07-05 13:10:04 -0400
committer: netblue30 <netblue30@protonmail.com> 2021-07-05 13:10:04 -0400
commit: 4438f14f2892b5c88d158ae8fad0a80a2eebfd44 (patch)
tree: 44f41810dc9efda640f10b36a6c96a2b075d00ec /src/fbuilder
parent: move whitelist/blacklist to allow/deny (diff)
download: firejail-4438f14f2892b5c88d158ae8fad0a80a2eebfd44.tar.gz
firejail-4438f14f2892b5c88d158ae8fad0a80a2eebfd44.tar.zst
firejail-4438f14f2892b5c88d158ae8fad0a80a2eebfd44.zip
2 files changed, 6 insertions, 6 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
index 8700e0ba1..019c3ac5a 100644
--- a/src/fbuilder/build_fs.c
+++ b/src/fbuilder/build_fs.c
@@ -182,12 +182,12 @@ static void var_callback(char *ptr) {
 void build_var(const char *fname, FILE *fp) {
        assert(fname);
-        var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "whitelist /var/");
+        var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "allow /var/");
        process_files(fname, "/var", var_callback);
        // always whitelist /var
        if (var_out)
-                filedb_print(var_out, "whitelist /var/", fp);
+                filedb_print(var_out, "allow /var/", fp);
        fprintf(fp, "include whitelist-var-common.inc\n");
 }
@@ -222,12 +222,12 @@ static void share_callback(char *ptr) {
 void build_share(const char *fname, FILE *fp) {
        assert(fname);
-        share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "whitelist /usr/share/");
+        share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "allow /usr/share/");
        process_files(fname, "/usr/share", share_callback);
        // always whitelist /usr/share
        if (share_out)
-                filedb_print(share_out, "whitelist /usr/share/", fp);
+                filedb_print(share_out, "allow /usr/share/", fp);
        fprintf(fp, "include whitelist-usr-share-common.inc\n");
 }
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
index b3ec6cffd..f283a0cce 100644
--- a/src/fbuilder/build_home.c
+++ b/src/fbuilder/build_home.c
@@ -138,7 +138,7 @@ void build_home(const char *fname, FILE *fp) {
        assert(fname);
        // load whitelist common
-        db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "whitelist ${HOME}/");
+        db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "allow ${HOME}/");
        // find user home directory
        struct passwd *pw = getpwuid(getuid());
@@ -166,7 +166,7 @@ void build_home(const char *fname, FILE *fp) {
        // print the out list if any
        if (db_out) {
-                filedb_print(db_out, "whitelist ${HOME}/", fp);
+                filedb_print(db_out, "allow ${HOME}/", fp);
                fprintf(fp, "include whitelist-common.inc\n");
        }
        else
author	netblue30 <netblue30@protonmail.com>	2021-07-05 13:10:04 -0400
committer	netblue30 <netblue30@protonmail.com>	2021-07-05 13:10:04 -0400
commit	4438f14f2892b5c88d158ae8fad0a80a2eebfd44 (patch)
tree	44f41810dc9efda640f10b36a6c96a2b075d00ec /src/fbuilder
parent	move whitelist/blacklist to allow/deny (diff)
download	firejail-4438f14f2892b5c88d158ae8fad0a80a2eebfd44.tar.gz firejail-4438f14f2892b5c88d158ae8fad0a80a2eebfd44.tar.zst firejail-4438f14f2892b5c88d158ae8fad0a80a2eebfd44.zip

diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 8700e0ba1..019c3ac5a 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c
@@ -182,12 +182,12 @@ static void var_callback(char *ptr) {
182	void build_var(const char fname, FILE fp) {	182	void build_var(const char fname, FILE fp) {
183	assert(fname);	183	assert(fname);
184		184
185	var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "whitelist /var/");	185	var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "allow /var/");
186	process_files(fname, "/var", var_callback);	186	process_files(fname, "/var", var_callback);
187		187
188	// always whitelist /var	188	// always whitelist /var
189	if (var_out)	189	if (var_out)
190	filedb_print(var_out, "whitelist /var/", fp);	190	filedb_print(var_out, "allow /var/", fp);
191	fprintf(fp, "include whitelist-var-common.inc\n");	191	fprintf(fp, "include whitelist-var-common.inc\n");
192	}	192	}
193		193
@@ -222,12 +222,12 @@ static void share_callback(char *ptr) {
222	void build_share(const char fname, FILE fp) {	222	void build_share(const char fname, FILE fp) {
223	assert(fname);	223	assert(fname);
224		224
225	share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "whitelist /usr/share/");	225	share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "allow /usr/share/");
226	process_files(fname, "/usr/share", share_callback);	226	process_files(fname, "/usr/share", share_callback);
227		227
228	// always whitelist /usr/share	228	// always whitelist /usr/share
229	if (share_out)	229	if (share_out)
230	filedb_print(share_out, "whitelist /usr/share/", fp);	230	filedb_print(share_out, "allow /usr/share/", fp);
231	fprintf(fp, "include whitelist-usr-share-common.inc\n");	231	fprintf(fp, "include whitelist-usr-share-common.inc\n");
232	}	232	}
233		233


diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c index b3ec6cffd..f283a0cce 100644 --- a/src/fbuilder/build_home.c +++ b/src/fbuilder/build_home.c
@@ -138,7 +138,7 @@ void build_home(const char fname, FILE fp) {
138	assert(fname);	138	assert(fname);
139		139
140	// load whitelist common	140	// load whitelist common
141	db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "whitelist ${HOME}/");	141	db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "allow ${HOME}/");
142		142
143	// find user home directory	143	// find user home directory
144	struct passwd *pw = getpwuid(getuid());	144	struct passwd *pw = getpwuid(getuid());
@@ -166,7 +166,7 @@ void build_home(const char fname, FILE fp) {
166		166
167	// print the out list if any	167	// print the out list if any
168	if (db_out) {	168	if (db_out) {
169	filedb_print(db_out, "whitelist ${HOME}/", fp);	169	filedb_print(db_out, "allow ${HOME}/", fp);
170	fprintf(fp, "include whitelist-common.inc\n");	170	fprintf(fp, "include whitelist-common.inc\n");
171	}	171	}
172	else	172	else