diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-04-22 14:45:16 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-04-22 14:45:16 -0400 |
| commit | 95063bc44a88d20c0e9dafce45f872bfd3916d06 (patch) | |
| tree | ac4b037edb161d4b935206d3dbe9744824a7f1e2 /src/firecfg/main.c | |
| parent | man: update output of --trace command (diff) | |
| download | firejail-95063bc44a88d20c0e9dafce45f872bfd3916d06.tar.gz firejail-95063bc44a88d20c0e9dafce45f872bfd3916d06.tar.zst firejail-95063bc44a88d20c0e9dafce45f872bfd3916d06.zip | |
set desktop files with firecfg by default (former --fix option)
Diffstat (limited to 'src/firecfg/main.c')
| -rw-r--r-- | src/firecfg/main.c | 85 |
1 files changed, 55 insertions, 30 deletions
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 6b69dd130..04ccbf2c3 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
| @@ -29,6 +29,8 @@ | |||
| 29 | #include <string.h> | 29 | #include <string.h> |
| 30 | #include <errno.h> | 30 | #include <errno.h> |
| 31 | #include <sys/mman.h> | 31 | #include <sys/mman.h> |
| 32 | #include <pwd.h> | ||
| 33 | |||
| 32 | #include "../include/common.h" | 34 | #include "../include/common.h" |
| 33 | static int arg_debug = 0; | 35 | static int arg_debug = 0; |
| 34 | 36 | ||
| @@ -45,7 +47,6 @@ static void usage(void) { | |||
| 45 | printf(" --debug - print debug messages.\n\n"); | 47 | printf(" --debug - print debug messages.\n\n"); |
| 46 | printf(" --help, -? - this help screen.\n\n"); | 48 | printf(" --help, -? - this help screen.\n\n"); |
| 47 | printf(" --list - list all firejail symbolic links.\n\n"); | 49 | printf(" --list - list all firejail symbolic links.\n\n"); |
| 48 | printf(" --fix - fix .desktop files.\n\n"); | ||
| 49 | printf(" --version - print program version and exit.\n\n"); | 50 | printf(" --version - print program version and exit.\n\n"); |
| 50 | printf("Example:\n\n"); | 51 | printf("Example:\n\n"); |
| 51 | printf(" $ sudo firecfg\n"); | 52 | printf(" $ sudo firecfg\n"); |
| @@ -60,10 +61,6 @@ static void usage(void) { | |||
| 60 | printf(" /usr/local/bin/firefox removed\n"); | 61 | printf(" /usr/local/bin/firefox removed\n"); |
| 61 | printf(" /usr/local/bin/vlc removed\n"); | 62 | printf(" /usr/local/bin/vlc removed\n"); |
| 62 | printf(" [...]\n"); | 63 | printf(" [...]\n"); |
| 63 | printf(" $ firecfg --fix\n"); | ||
| 64 | printf(" /home/user/.local/share/applications/chromium.desktop created\n"); | ||
| 65 | printf(" /home/user/.local/share/applications/vlc.desktop created\n"); | ||
| 66 | printf(" [...]\n"); | ||
| 67 | printf("\n"); | 64 | printf("\n"); |
| 68 | printf("License GPL version 2 or later\n"); | 65 | printf("License GPL version 2 or later\n"); |
| 69 | printf("Homepage: http://firejail.wordpress.com\n\n"); | 66 | printf("Homepage: http://firejail.wordpress.com\n\n"); |
| @@ -221,7 +218,7 @@ static void set_file(const char *name, const char *firejail_exec) { | |||
| 221 | 218 | ||
| 222 | struct stat s; | 219 | struct stat s; |
| 223 | if (stat(fname, &s) == 0) { | 220 | if (stat(fname, &s) == 0) { |
| 224 | printf("%s is already present, skipping...\n", fname); | 221 | printf(" %s is already present, skipping...\n", name); |
| 225 | } | 222 | } |
| 226 | else { | 223 | else { |
| 227 | int rv = symlink(firejail_exec, fname); | 224 | int rv = symlink(firejail_exec, fname); |
| @@ -230,19 +227,14 @@ static void set_file(const char *name, const char *firejail_exec) { | |||
| 230 | perror("symlink"); | 227 | perror("symlink"); |
| 231 | } | 228 | } |
| 232 | else | 229 | else |
| 233 | printf("%s created\n", fname); | 230 | printf(" %s created\n", name); |
| 234 | } | 231 | } |
| 235 | 232 | ||
| 236 | free(fname); | 233 | free(fname); |
| 237 | } | 234 | } |
| 238 | 235 | ||
| 239 | #define MAX_BUF 1024 | 236 | #define MAX_BUF 1024 |
| 240 | static void set(void) { | 237 | static void set_links(void) { |
| 241 | if (getuid() != 0) { | ||
| 242 | fprintf(stderr, "Error: you need to be root to run this command\n"); | ||
| 243 | exit(1); | ||
| 244 | } | ||
| 245 | |||
| 246 | char *cfgfile; | 238 | char *cfgfile; |
| 247 | if (asprintf(&cfgfile, "%s/firejail/firecfg.config", LIBDIR) == -1) | 239 | if (asprintf(&cfgfile, "%s/firejail/firecfg.config", LIBDIR) == -1) |
| 248 | errExit("asprintf"); | 240 | errExit("asprintf"); |
| @@ -256,6 +248,7 @@ static void set(void) { | |||
| 256 | fprintf(stderr, "Error: cannot open %s\n", cfgfile); | 248 | fprintf(stderr, "Error: cannot open %s\n", cfgfile); |
| 257 | exit(1); | 249 | exit(1); |
| 258 | } | 250 | } |
| 251 | printf("Configuring symlinks in /usr/local/bin\n"); | ||
| 259 | 252 | ||
| 260 | char buf[MAX_BUF]; | 253 | char buf[MAX_BUF]; |
| 261 | int lineno = 0; | 254 | int lineno = 0; |
| @@ -294,7 +287,8 @@ static void set(void) { | |||
| 294 | free(firejail_exec); | 287 | free(firejail_exec); |
| 295 | } | 288 | } |
| 296 | 289 | ||
| 297 | static void fix_desktop_files(void) { | 290 | static void fix_desktop_files(char *homedir) { |
| 291 | assert(homedir); | ||
| 298 | struct stat sb; | 292 | struct stat sb; |
| 299 | 293 | ||
| 300 | // check user | 294 | // check user |
| @@ -302,9 +296,6 @@ static void fix_desktop_files(void) { | |||
| 302 | fprintf(stderr, "Error: this option is not supported for root user; please run as a regular user.\n"); | 296 | fprintf(stderr, "Error: this option is not supported for root user; please run as a regular user.\n"); |
| 303 | exit(1); | 297 | exit(1); |
| 304 | } | 298 | } |
| 305 | char *homedir = getenv("HOME"); | ||
| 306 | if (!homedir) | ||
| 307 | errExit("getenv"); | ||
| 308 | 299 | ||
| 309 | // destination | 300 | // destination |
| 310 | // create ~/.local/share/applications directory if necessary | 301 | // create ~/.local/share/applications directory if necessary |
| @@ -333,6 +324,7 @@ static void fix_desktop_files(void) { | |||
| 333 | exit(1); | 324 | exit(1); |
| 334 | } | 325 | } |
| 335 | 326 | ||
| 327 | printf("\nFixing desktop files in ~/.local/shared/applications\n"); | ||
| 336 | // copy | 328 | // copy |
| 337 | struct dirent *entry; | 329 | struct dirent *entry; |
| 338 | while ((entry = readdir(dir)) != NULL) { | 330 | while ((entry = readdir(dir)) != NULL) { |
| @@ -370,7 +362,7 @@ static void fix_desktop_files(void) { | |||
| 370 | // check format | 362 | // check format |
| 371 | if (strstr(buf, "[Desktop Entry]\n") == NULL) { | 363 | if (strstr(buf, "[Desktop Entry]\n") == NULL) { |
| 372 | if (arg_debug) | 364 | if (arg_debug) |
| 373 | fprintf(stderr, "/usr/share/applications/%s - SKIPPED: wrong format?\n", filename); | 365 | printf(" %s - SKIPPED: wrong format?\n", filename); |
| 374 | munmap(buf, sb.st_size + 1); | 366 | munmap(buf, sb.st_size + 1); |
| 375 | continue; | 367 | continue; |
| 376 | } | 368 | } |
| @@ -379,7 +371,7 @@ static void fix_desktop_files(void) { | |||
| 379 | char *ptr1 = strstr(buf,"\nExec="); | 371 | char *ptr1 = strstr(buf,"\nExec="); |
| 380 | if (!ptr1 || strlen(ptr1) < 7) { | 372 | if (!ptr1 || strlen(ptr1) < 7) { |
| 381 | if (arg_debug) | 373 | if (arg_debug) |
| 382 | fprintf(stderr, "/usr/share/applications/%s - SKIPPED: wrong format?\n", filename); | 374 | printf(" %s - SKIPPED: wrong format?\n", filename); |
| 383 | munmap(buf, sb.st_size + 1); | 375 | munmap(buf, sb.st_size + 1); |
| 384 | continue; | 376 | continue; |
| 385 | } | 377 | } |
| @@ -390,13 +382,13 @@ static void fix_desktop_files(void) { | |||
| 390 | // or with the name of the executable only | 382 | // or with the name of the executable only |
| 391 | if (execname[0] != '/') { | 383 | if (execname[0] != '/') { |
| 392 | if (arg_debug) | 384 | if (arg_debug) |
| 393 | fprintf(stderr, "/usr/share/applications/%s - already OK\n", filename); | 385 | printf(" %s - already OK\n", filename); |
| 394 | continue; | 386 | continue; |
| 395 | } | 387 | } |
| 396 | // executable name can be quoted, this is rare and currently unsupported, TODO | 388 | // executable name can be quoted, this is rare and currently unsupported, TODO |
| 397 | if (execname[0] == '"') { | 389 | if (execname[0] == '"') { |
| 398 | if (arg_debug) | 390 | if (arg_debug) |
| 399 | fprintf(stderr, "/usr/share/applications/%s - skipped: path quoting unsupported\n", filename); | 391 | printf(" %s - skipped: path quoting unsupported\n", filename); |
| 400 | continue; | 392 | continue; |
| 401 | } | 393 | } |
| 402 | 394 | ||
| @@ -423,7 +415,7 @@ static void fix_desktop_files(void) { | |||
| 423 | 415 | ||
| 424 | // check if basename in PATH | 416 | // check if basename in PATH |
| 425 | if (!which(bname)) { | 417 | if (!which(bname)) { |
| 426 | fprintf(stderr, "/usr/share/applications/%s - skipped, %s not in PATH\n", filename, bname); | 418 | printf(" %s - skipped, %s not in PATH\n", filename, bname); |
| 427 | continue; | 419 | continue; |
| 428 | } | 420 | } |
| 429 | 421 | ||
| @@ -435,14 +427,14 @@ static void fix_desktop_files(void) { | |||
| 435 | free(outname); | 427 | free(outname); |
| 436 | 428 | ||
| 437 | if (fd1 == -1) { | 429 | if (fd1 == -1) { |
| 438 | fprintf(stderr, "%s/%s skipped: %s\n", user_apps_dir, filename, strerror(errno)); | 430 | printf(" %s skipped: %s\n", filename, strerror(errno)); |
| 439 | munmap(buf, sb.st_size + 1); | 431 | munmap(buf, sb.st_size + 1); |
| 440 | continue; | 432 | continue; |
| 441 | } | 433 | } |
| 442 | 434 | ||
| 443 | FILE *outfile = fdopen(fd1, "w"); | 435 | FILE *outfile = fdopen(fd1, "w"); |
| 444 | if (!outfile) { | 436 | if (!outfile) { |
| 445 | fprintf(stderr, "%s/%s skipped: %s\n", user_apps_dir, filename, strerror(errno)); | 437 | printf(" %s skipped: %s\n", filename, strerror(errno)); |
| 446 | munmap(buf, sb.st_size + 1); | 438 | munmap(buf, sb.st_size + 1); |
| 447 | close(fd1); | 439 | close(fd1); |
| 448 | continue; | 440 | continue; |
| @@ -460,7 +452,7 @@ static void fix_desktop_files(void) { | |||
| 460 | fclose(outfile); | 452 | fclose(outfile); |
| 461 | munmap(buf, sb.st_size + 1); | 453 | munmap(buf, sb.st_size + 1); |
| 462 | 454 | ||
| 463 | printf("%s/%s created\n", user_apps_dir, filename); | 455 | printf(" %s created\n", filename); |
| 464 | } | 456 | } |
| 465 | 457 | ||
| 466 | closedir(dir); | 458 | closedir(dir); |
| @@ -491,10 +483,6 @@ int main(int argc, char **argv) { | |||
| 491 | list(); | 483 | list(); |
| 492 | return 0; | 484 | return 0; |
| 493 | } | 485 | } |
| 494 | else if (strcmp(argv[i], "--fix") == 0) { | ||
| 495 | fix_desktop_files(); | ||
| 496 | return 0; | ||
| 497 | } | ||
| 498 | else { | 486 | else { |
| 499 | fprintf(stderr, "Error: invalid command line option\n"); | 487 | fprintf(stderr, "Error: invalid command line option\n"); |
| 500 | usage(); | 488 | usage(); |
| @@ -502,8 +490,45 @@ int main(int argc, char **argv) { | |||
| 502 | } | 490 | } |
| 503 | } | 491 | } |
| 504 | 492 | ||
| 505 | set(); | 493 | // set symlinks in /usr/local/bin |
| 494 | if (getuid() != 0) { | ||
| 495 | fprintf(stderr, "Error: you need to be root to run this command\n"); | ||
| 496 | exit(1); | ||
| 497 | } | ||
| 498 | set_links(); | ||
| 499 | |||
| 500 | |||
| 501 | |||
| 502 | // switch to the local user, and fix desktop files | ||
| 503 | char *user = getlogin(); | ||
| 504 | if (!user) | ||
| 505 | goto errexit; | ||
| 506 | if (user) { | ||
| 507 | // find home directory | ||
| 508 | struct passwd *pw = getpwnam(user); | ||
| 509 | if (!pw) | ||
| 510 | goto errexit; | ||
| 511 | char *home = pw->pw_dir; | ||
| 512 | if (!home) | ||
| 513 | goto errexit; | ||
| 514 | |||
| 515 | // drop permissions | ||
| 516 | if (setgroups(0, NULL) < 0) | ||
| 517 | errExit("setgroups"); | ||
| 518 | // set uid/gid | ||
| 519 | if (setgid(pw->pw_gid) < 0) | ||
| 520 | errExit("setgid"); | ||
| 521 | if (setuid(pw->pw_uid) < 0) | ||
| 522 | errExit("setuid"); | ||
| 523 | if (arg_debug) | ||
| 524 | printf("%s %d %d %d %d\n", user, getuid(), getgid(), geteuid(), getegid()); | ||
| 525 | fix_desktop_files(home); | ||
| 526 | } | ||
| 506 | 527 | ||
| 507 | return 0; | 528 | return 0; |
| 529 | |||
| 530 | errexit: | ||
| 531 | fprintf(stderr, "Error: cannot set desktop files in ~/.local/share/applications\n"); | ||
| 532 | return 1; | ||
| 508 | } | 533 | } |
| 509 | 534 | ||