diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-06-29 18:22:10 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-08-04 17:25:20 -0300 |
commit | 2993298aaa7b6e70dd1bfc1b698db77390f397fd (patch) | |
tree | fb81818fefc587f3cbcd6a15c6a72fe6dfaf0731 /src/firecfg/main.c | |
parent | firecfg: turn constant strings into constants (diff) | |
download | firejail-2993298aaa7b6e70dd1bfc1b698db77390f397fd.tar.gz firejail-2993298aaa7b6e70dd1bfc1b698db77390f397fd.tar.zst firejail-2993298aaa7b6e70dd1bfc1b698db77390f397fd.zip |
firecfg: parse config files in /etc/firejail/firecfg.d
As suggested by @WhyNotHugo[1].
[1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459
Diffstat (limited to 'src/firecfg/main.c')
-rw-r--r-- | src/firecfg/main.c | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 0d995a6dd..35fa850f1 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c | |||
@@ -20,6 +20,8 @@ | |||
20 | 20 | ||
21 | #include "firecfg.h" | 21 | #include "firecfg.h" |
22 | #include "../include/firejail_user.h" | 22 | #include "../include/firejail_user.h" |
23 | #include <glob.h> | ||
24 | |||
23 | int arg_debug = 0; | 25 | int arg_debug = 0; |
24 | char *arg_bindir = "/usr/local/bin"; | 26 | char *arg_bindir = "/usr/local/bin"; |
25 | int arg_guide = 0; | 27 | int arg_guide = 0; |
@@ -209,6 +211,29 @@ static void set_links_firecfg(const char *cfgfile) { | |||
209 | } | 211 | } |
210 | 212 | ||
211 | fclose(fp); | 213 | fclose(fp); |
214 | printf("\n"); | ||
215 | } | ||
216 | |||
217 | // parse all config files matching pattern | ||
218 | static void set_links_firecfg_glob(const char *pattern) { | ||
219 | printf("Looking for config files in %s\n", pattern); | ||
220 | |||
221 | glob_t globbuf; | ||
222 | int globerr = glob(pattern, 0, NULL, &globbuf); | ||
223 | if (globerr == GLOB_NOMATCH) { | ||
224 | fprintf(stderr, "No matches for glob pattern %s\n", pattern); | ||
225 | goto out; | ||
226 | } else if (globerr != 0) { | ||
227 | fprintf(stderr, "Warning: Failed to match glob pattern %s: %s\n", | ||
228 | pattern, strerror(errno)); | ||
229 | goto out; | ||
230 | } | ||
231 | |||
232 | size_t i; | ||
233 | for (i = 0; i < globbuf.gl_pathc; i++) | ||
234 | set_links_firecfg(globbuf.gl_pathv[i]); | ||
235 | out: | ||
236 | globfree(&globbuf); | ||
212 | } | 237 | } |
213 | 238 | ||
214 | // parse ~/.config/firejail/ directory | 239 | // parse ~/.config/firejail/ directory |
@@ -450,12 +475,15 @@ int main(int argc, char **argv) { | |||
450 | // clear all symlinks | 475 | // clear all symlinks |
451 | clean(); | 476 | clean(); |
452 | 477 | ||
478 | // set new symlinks based on .conf files | ||
479 | set_links_firecfg_glob(FIRECFG_CONF_GLOB); | ||
480 | |||
453 | // set new symlinks based on firecfg.config | 481 | // set new symlinks based on firecfg.config |
454 | set_links_firecfg(FIRECFG_CFGFILE); | 482 | set_links_firecfg(FIRECFG_CFGFILE); |
455 | 483 | ||
456 | if (getuid() == 0) { | 484 | if (getuid() == 0) { |
457 | // add user to firejail access database - only for root | 485 | // add user to firejail access database - only for root |
458 | printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR); | 486 | printf("Adding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR); |
459 | // temporarily set the umask, access database must be world-readable | 487 | // temporarily set the umask, access database must be world-readable |
460 | mode_t orig_umask = umask(022); | 488 | mode_t orig_umask = umask(022); |
461 | firejail_user_add(user); | 489 | firejail_user_add(user); |