diff options
author | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-05-24 14:13:52 -0500 |
---|---|---|
committer | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-05-24 14:13:52 -0500 |
commit | 96c920e166b40bbe50f216e294f2efac154a1cb2 (patch) | |
tree | fa80a34e81863ab897f2f2b8ec4124b10d023516 /src/fseccomp | |
parent | remove trailing whitespace from etc/ (diff) | |
download | firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.tar.gz firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.tar.zst firejail-96c920e166b40bbe50f216e294f2efac154a1cb2.zip |
Remove trailing whitespace from src/
Diffstat (limited to 'src/fseccomp')
-rw-r--r-- | src/fseccomp/Makefile.in | 1 | ||||
-rw-r--r-- | src/fseccomp/errno.c | 2 | ||||
-rw-r--r-- | src/fseccomp/main.c | 8 | ||||
-rw-r--r-- | src/fseccomp/protocol.c | 14 | ||||
-rw-r--r-- | src/fseccomp/seccomp.c | 13 | ||||
-rw-r--r-- | src/fseccomp/seccomp_file.c | 7 | ||||
-rw-r--r-- | src/fseccomp/seccomp_print.c | 10 | ||||
-rw-r--r-- | src/fseccomp/seccomp_secondary.c | 13 | ||||
-rw-r--r-- | src/fseccomp/syscall.c | 10 |
9 files changed, 37 insertions, 41 deletions
diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in index 04c46f128..13025fbca 100644 --- a/src/fseccomp/Makefile.in +++ b/src/fseccomp/Makefile.in | |||
@@ -42,4 +42,3 @@ clean:; rm -f *.o fseccomp *.gcov *.gcda *.gcno | |||
42 | 42 | ||
43 | distclean: clean | 43 | distclean: clean |
44 | rm -fr Makefile | 44 | rm -fr Makefile |
45 | |||
diff --git a/src/fseccomp/errno.c b/src/fseccomp/errno.c index 3e92a1f9d..e5cd4e226 100644 --- a/src/fseccomp/errno.c +++ b/src/fseccomp/errno.c | |||
@@ -167,7 +167,7 @@ static ErrnoEntry errnolist[] = { | |||
167 | {"ENOTSUP", ENOTSUP}, | 167 | {"ENOTSUP", ENOTSUP}, |
168 | #ifdef ENOATTR | 168 | #ifdef ENOATTR |
169 | {"ENOATTR", ENOATTR}, | 169 | {"ENOATTR", ENOATTR}, |
170 | #endif | 170 | #endif |
171 | }; | 171 | }; |
172 | 172 | ||
173 | int errno_find_name(const char *name) { | 173 | int errno_find_name(const char *name) { |
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index 7e0239a5f..e322b5bbb 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c | |||
@@ -46,7 +46,7 @@ int i; | |||
46 | for (i = 0; i < argc; i++) | 46 | for (i = 0; i < argc; i++) |
47 | printf("*%s* ", argv[i]); | 47 | printf("*%s* ", argv[i]); |
48 | printf("\n"); | 48 | printf("\n"); |
49 | } | 49 | } |
50 | #endif | 50 | #endif |
51 | if (argc < 2) { | 51 | if (argc < 2) { |
52 | usage(); | 52 | usage(); |
@@ -56,7 +56,7 @@ printf("\n"); | |||
56 | char *quiet = getenv("FIREJAIL_QUIET"); | 56 | char *quiet = getenv("FIREJAIL_QUIET"); |
57 | if (quiet && strcmp(quiet, "yes") == 0) | 57 | if (quiet && strcmp(quiet, "yes") == 0) |
58 | arg_quiet = 1; | 58 | arg_quiet = 1; |
59 | 59 | ||
60 | if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) { | 60 | if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) { |
61 | usage(); | 61 | usage(); |
62 | return 0; | 62 | return 0; |
@@ -71,7 +71,7 @@ printf("\n"); | |||
71 | protocol_build_filter(argv[3], argv[4]); | 71 | protocol_build_filter(argv[3], argv[4]); |
72 | else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "64") == 0) | 72 | else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "64") == 0) |
73 | seccomp_secondary_64(argv[3]); | 73 | seccomp_secondary_64(argv[3]); |
74 | else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "32") == 0) | 74 | else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "32") == 0) |
75 | seccomp_secondary_32(argv[3]); | 75 | seccomp_secondary_32(argv[3]); |
76 | else if (argc == 3 && strcmp(argv[1], "default") == 0) | 76 | else if (argc == 3 && strcmp(argv[1], "default") == 0) |
77 | seccomp_default(argv[2], 0); | 77 | seccomp_default(argv[2], 0); |
@@ -95,4 +95,4 @@ printf("\n"); | |||
95 | } | 95 | } |
96 | 96 | ||
97 | return 0; | 97 | return 0; |
98 | } \ No newline at end of file | 98 | } |
diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c index 4a0fadb3c..43bc3d562 100644 --- a/src/fseccomp/protocol.c +++ b/src/fseccomp/protocol.c | |||
@@ -87,7 +87,7 @@ static struct sock_filter *find_protocol_domain(const char *p) { | |||
87 | } | 87 | } |
88 | 88 | ||
89 | return NULL; | 89 | return NULL; |
90 | } | 90 | } |
91 | #endif | 91 | #endif |
92 | 92 | ||
93 | void protocol_print(void) { | 93 | void protocol_print(void) { |
@@ -119,7 +119,7 @@ void protocol_build_filter(const char *prlist, const char *fname) { | |||
119 | struct sock_filter filter[32]; // big enough | 119 | struct sock_filter filter[32]; // big enough |
120 | memset(&filter[0], 0, sizeof(filter)); | 120 | memset(&filter[0], 0, sizeof(filter)); |
121 | uint8_t *ptr = (uint8_t *) &filter[0]; | 121 | uint8_t *ptr = (uint8_t *) &filter[0]; |
122 | 122 | ||
123 | // header | 123 | // header |
124 | struct sock_filter filter_start[] = { | 124 | struct sock_filter filter_start[] = { |
125 | VALIDATE_ARCHITECTURE, | 125 | VALIDATE_ARCHITECTURE, |
@@ -153,7 +153,7 @@ printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned | |||
153 | char *token = strtok(tmplist, ","); | 153 | char *token = strtok(tmplist, ","); |
154 | if (!token) | 154 | if (!token) |
155 | errExit("strtok"); | 155 | errExit("strtok"); |
156 | 156 | ||
157 | while (token) { | 157 | while (token) { |
158 | struct sock_filter *domain = find_protocol_domain(token); | 158 | struct sock_filter *domain = find_protocol_domain(token); |
159 | if (domain == NULL) { | 159 | if (domain == NULL) { |
@@ -179,7 +179,7 @@ printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns | |||
179 | #endif | 179 | #endif |
180 | 180 | ||
181 | 181 | ||
182 | } | 182 | } |
183 | free(tmplist); | 183 | free(tmplist); |
184 | 184 | ||
185 | // add end of filter | 185 | // add end of filter |
@@ -201,14 +201,14 @@ printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns | |||
201 | } | 201 | } |
202 | printf("\n"); | 202 | printf("\n"); |
203 | } | 203 | } |
204 | #endif | 204 | #endif |
205 | // save filter to file | 205 | // save filter to file |
206 | int dst = open(fname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); | 206 | int dst = open(fname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
207 | if (dst < 0) { | 207 | if (dst < 0) { |
208 | fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname); | 208 | fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname); |
209 | exit(1); | 209 | exit(1); |
210 | } | 210 | } |
211 | 211 | ||
212 | int size = (int) ((uintptr_t) ptr - (uintptr_t) (filter)); | 212 | int size = (int) ((uintptr_t) ptr - (uintptr_t) (filter)); |
213 | int written = 0; | 213 | int written = 0; |
214 | while (written < size) { | 214 | while (written < size) { |
@@ -220,5 +220,5 @@ printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns | |||
220 | written += rv; | 220 | written += rv; |
221 | } | 221 | } |
222 | close(dst); | 222 | close(dst); |
223 | #endif // SYS_socket | 223 | #endif // SYS_socket |
224 | } | 224 | } |
diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c index 25a151a78..c12edfd90 100644 --- a/src/fseccomp/seccomp.c +++ b/src/fseccomp/seccomp.c | |||
@@ -257,7 +257,7 @@ void seccomp_default(const char *fname, int allow_debuggers) { | |||
257 | filter_init(fd); | 257 | filter_init(fd); |
258 | add_default_list(fd, allow_debuggers); | 258 | add_default_list(fd, allow_debuggers); |
259 | filter_end_blacklist(fd); | 259 | filter_end_blacklist(fd); |
260 | 260 | ||
261 | // close file | 261 | // close file |
262 | close(fd); | 262 | close(fd); |
263 | } | 263 | } |
@@ -281,7 +281,7 @@ void seccomp_drop(const char *fname, char *list, int allow_debuggers) { | |||
281 | exit(1); | 281 | exit(1); |
282 | } | 282 | } |
283 | filter_end_blacklist(fd); | 283 | filter_end_blacklist(fd); |
284 | 284 | ||
285 | // close file | 285 | // close file |
286 | close(fd); | 286 | close(fd); |
287 | } | 287 | } |
@@ -305,7 +305,7 @@ void seccomp_default_drop(const char *fname, char *list, int allow_debuggers) { | |||
305 | exit(1); | 305 | exit(1); |
306 | } | 306 | } |
307 | filter_end_blacklist(fd); | 307 | filter_end_blacklist(fd); |
308 | 308 | ||
309 | // close file | 309 | // close file |
310 | close(fd); | 310 | close(fd); |
311 | } | 311 | } |
@@ -326,15 +326,14 @@ void seccomp_keep(const char *fname, char *list) { | |||
326 | filter_add_whitelist(fd, SYS_setgroups, 0); | 326 | filter_add_whitelist(fd, SYS_setgroups, 0); |
327 | filter_add_whitelist(fd, SYS_dup, 0); | 327 | filter_add_whitelist(fd, SYS_dup, 0); |
328 | filter_add_whitelist(fd, SYS_prctl, 0); | 328 | filter_add_whitelist(fd, SYS_prctl, 0); |
329 | 329 | ||
330 | if (syscall_check_list(list, filter_add_whitelist, fd, 0)) { | 330 | if (syscall_check_list(list, filter_add_whitelist, fd, 0)) { |
331 | fprintf(stderr, "Error fseccomp: cannot build seccomp filter\n"); | 331 | fprintf(stderr, "Error fseccomp: cannot build seccomp filter\n"); |
332 | exit(1); | 332 | exit(1); |
333 | } | 333 | } |
334 | 334 | ||
335 | filter_end_whitelist(fd); | 335 | filter_end_whitelist(fd); |
336 | 336 | ||
337 | // close file | 337 | // close file |
338 | close(fd); | 338 | close(fd); |
339 | } | 339 | } |
340 | |||
diff --git a/src/fseccomp/seccomp_file.c b/src/fseccomp/seccomp_file.c index d706b3359..c1e8d406f 100644 --- a/src/fseccomp/seccomp_file.c +++ b/src/fseccomp/seccomp_file.c | |||
@@ -24,7 +24,7 @@ | |||
24 | static void write_to_file(int fd, void *data, int size) { | 24 | static void write_to_file(int fd, void *data, int size) { |
25 | assert(data); | 25 | assert(data); |
26 | assert(size); | 26 | assert(size); |
27 | 27 | ||
28 | int written = 0; | 28 | int written = 0; |
29 | while (written < size) { | 29 | while (written < size) { |
30 | int rv = write(fd, (unsigned char *) data + written, size - written); | 30 | int rv = write(fd, (unsigned char *) data + written, size - written); |
@@ -69,7 +69,7 @@ void filter_init(int fd) { | |||
69 | 69 | ||
70 | void filter_add_whitelist(int fd, int syscall, int arg) { | 70 | void filter_add_whitelist(int fd, int syscall, int arg) { |
71 | (void) arg; | 71 | (void) arg; |
72 | 72 | ||
73 | struct sock_filter filter[] = { | 73 | struct sock_filter filter[] = { |
74 | WHITELIST(syscall) | 74 | WHITELIST(syscall) |
75 | }; | 75 | }; |
@@ -78,7 +78,7 @@ void filter_add_whitelist(int fd, int syscall, int arg) { | |||
78 | 78 | ||
79 | void filter_add_blacklist(int fd, int syscall, int arg) { | 79 | void filter_add_blacklist(int fd, int syscall, int arg) { |
80 | (void) arg; | 80 | (void) arg; |
81 | 81 | ||
82 | struct sock_filter filter[] = { | 82 | struct sock_filter filter[] = { |
83 | BLACKLIST(syscall) | 83 | BLACKLIST(syscall) |
84 | }; | 84 | }; |
@@ -105,4 +105,3 @@ void filter_end_whitelist(int fd) { | |||
105 | }; | 105 | }; |
106 | write_to_file(fd, filter, sizeof(filter)); | 106 | write_to_file(fd, filter, sizeof(filter)); |
107 | } | 107 | } |
108 | |||
diff --git a/src/fseccomp/seccomp_print.c b/src/fseccomp/seccomp_print.c index d18f2efa5..67555e554 100644 --- a/src/fseccomp/seccomp_print.c +++ b/src/fseccomp/seccomp_print.c | |||
@@ -26,7 +26,7 @@ static int filter_cnt = 0; | |||
26 | 26 | ||
27 | static void load_seccomp(const char *fname) { | 27 | static void load_seccomp(const char *fname) { |
28 | assert(fname); | 28 | assert(fname); |
29 | 29 | ||
30 | // open filter file | 30 | // open filter file |
31 | int fd = open(fname, O_RDONLY); | 31 | int fd = open(fname, O_RDONLY); |
32 | if (fd == -1) | 32 | if (fd == -1) |
@@ -40,7 +40,7 @@ static void load_seccomp(const char *fname) { | |||
40 | goto errexit; | 40 | goto errexit; |
41 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); | 41 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); |
42 | filter_cnt = entries; | 42 | filter_cnt = entries; |
43 | 43 | ||
44 | // read filter | 44 | // read filter |
45 | filter = malloc(size); | 45 | filter = malloc(size); |
46 | if (filter == NULL) | 46 | if (filter == NULL) |
@@ -53,7 +53,7 @@ static void load_seccomp(const char *fname) { | |||
53 | goto errexit; | 53 | goto errexit; |
54 | rd += rv; | 54 | rd += rv; |
55 | } | 55 | } |
56 | 56 | ||
57 | // close file | 57 | // close file |
58 | close(fd); | 58 | close(fd); |
59 | return; | 59 | return; |
@@ -67,7 +67,7 @@ errexit: | |||
67 | void filter_print(const char *fname) { | 67 | void filter_print(const char *fname) { |
68 | assert(fname); | 68 | assert(fname); |
69 | load_seccomp(fname); | 69 | load_seccomp(fname); |
70 | 70 | ||
71 | // start filter | 71 | // start filter |
72 | struct sock_filter start[] = { | 72 | struct sock_filter start[] = { |
73 | VALIDATE_ARCHITECTURE, | 73 | VALIDATE_ARCHITECTURE, |
@@ -86,7 +86,7 @@ void filter_print(const char *fname) { | |||
86 | printf("Invalid seccomp filter %s\n", fname); | 86 | printf("Invalid seccomp filter %s\n", fname); |
87 | return; | 87 | return; |
88 | } | 88 | } |
89 | 89 | ||
90 | // loop trough blacklists | 90 | // loop trough blacklists |
91 | int i = 4; | 91 | int i = 4; |
92 | while (i < filter_cnt) { | 92 | while (i < filter_cnt) { |
diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c index 79c85eb75..8270b7018 100644 --- a/src/fseccomp/seccomp_secondary.c +++ b/src/fseccomp/seccomp_secondary.c | |||
@@ -28,7 +28,7 @@ void seccomp_secondary_64(const char *fname) { | |||
28 | EXAMINE_SYSCALL, | 28 | EXAMINE_SYSCALL, |
29 | BLACKLIST(165), // mount | 29 | BLACKLIST(165), // mount |
30 | BLACKLIST(166), // umount2 | 30 | BLACKLIST(166), // umount2 |
31 | // todo: implement --allow-debuggers | 31 | // todo: implement --allow-debuggers |
32 | BLACKLIST(101), // ptrace | 32 | BLACKLIST(101), // ptrace |
33 | BLACKLIST(246), // kexec_load | 33 | BLACKLIST(246), // kexec_load |
34 | BLACKLIST(304), // open_by_handle_at | 34 | BLACKLIST(304), // open_by_handle_at |
@@ -77,7 +77,7 @@ void seccomp_secondary_64(const char *fname) { | |||
77 | BLACKLIST(169), // reboot | 77 | BLACKLIST(169), // reboot |
78 | BLACKLIST(180), // nfsservctl | 78 | BLACKLIST(180), // nfsservctl |
79 | BLACKLIST(177), // get_kernel_syms | 79 | BLACKLIST(177), // get_kernel_syms |
80 | 80 | ||
81 | RETURN_ALLOW | 81 | RETURN_ALLOW |
82 | }; | 82 | }; |
83 | 83 | ||
@@ -87,7 +87,7 @@ void seccomp_secondary_64(const char *fname) { | |||
87 | fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname); | 87 | fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname); |
88 | exit(1); | 88 | exit(1); |
89 | } | 89 | } |
90 | 90 | ||
91 | int size = (int) sizeof(filter); | 91 | int size = (int) sizeof(filter); |
92 | int written = 0; | 92 | int written = 0; |
93 | while (written < size) { | 93 | while (written < size) { |
@@ -109,7 +109,7 @@ void seccomp_secondary_32(const char *fname) { | |||
109 | EXAMINE_SYSCALL, | 109 | EXAMINE_SYSCALL, |
110 | BLACKLIST(21), // mount | 110 | BLACKLIST(21), // mount |
111 | BLACKLIST(52), // umount2 | 111 | BLACKLIST(52), // umount2 |
112 | // todo: implement --allow-debuggers | 112 | // todo: implement --allow-debuggers |
113 | BLACKLIST(26), // ptrace | 113 | BLACKLIST(26), // ptrace |
114 | BLACKLIST(283), // kexec_load | 114 | BLACKLIST(283), // kexec_load |
115 | BLACKLIST(341), // name_to_handle_at | 115 | BLACKLIST(341), // name_to_handle_at |
@@ -157,7 +157,7 @@ void seccomp_secondary_32(const char *fname) { | |||
157 | BLACKLIST(88), // reboot | 157 | BLACKLIST(88), // reboot |
158 | BLACKLIST(169), // nfsservctl | 158 | BLACKLIST(169), // nfsservctl |
159 | BLACKLIST(130), // get_kernel_syms | 159 | BLACKLIST(130), // get_kernel_syms |
160 | 160 | ||
161 | RETURN_ALLOW | 161 | RETURN_ALLOW |
162 | }; | 162 | }; |
163 | 163 | ||
@@ -167,7 +167,7 @@ void seccomp_secondary_32(const char *fname) { | |||
167 | fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname); | 167 | fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname); |
168 | exit(1); | 168 | exit(1); |
169 | } | 169 | } |
170 | 170 | ||
171 | int size = (int) sizeof(filter); | 171 | int size = (int) sizeof(filter); |
172 | int written = 0; | 172 | int written = 0; |
173 | while (written < size) { | 173 | while (written < size) { |
@@ -180,4 +180,3 @@ void seccomp_secondary_32(const char *fname) { | |||
180 | } | 180 | } |
181 | close(dst); | 181 | close(dst); |
182 | } | 182 | } |
183 | |||
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index b86c1c489..0a86dade0 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c | |||
@@ -43,7 +43,7 @@ int syscall_find_name(const char *name) { | |||
43 | if (strcmp(name, syslist[i].name) == 0) | 43 | if (strcmp(name, syslist[i].name) == 0) |
44 | return syslist[i].nr; | 44 | return syslist[i].nr; |
45 | } | 45 | } |
46 | 46 | ||
47 | return -1; | 47 | return -1; |
48 | } | 48 | } |
49 | 49 | ||
@@ -54,7 +54,7 @@ char *syscall_find_nr(int nr) { | |||
54 | if (nr == syslist[i].nr) | 54 | if (nr == syslist[i].nr) |
55 | return syslist[i].name; | 55 | return syslist[i].name; |
56 | } | 56 | } |
57 | 57 | ||
58 | return "unknown"; | 58 | return "unknown"; |
59 | } | 59 | } |
60 | 60 | ||
@@ -75,7 +75,7 @@ static void syscall_process_name(const char *name, int *syscall_nr, int *error_n | |||
75 | if (strlen(name) == 0) | 75 | if (strlen(name) == 0) |
76 | goto error; | 76 | goto error; |
77 | *error_nr = -1; | 77 | *error_nr = -1; |
78 | 78 | ||
79 | // syntax check | 79 | // syntax check |
80 | char *str = strdup(name); | 80 | char *str = strdup(name); |
81 | if (!str) | 81 | if (!str) |
@@ -101,7 +101,7 @@ static void syscall_process_name(const char *name, int *syscall_nr, int *error_n | |||
101 | 101 | ||
102 | free(str); | 102 | free(str); |
103 | return; | 103 | return; |
104 | 104 | ||
105 | error: | 105 | error: |
106 | fprintf(stderr, "Error fseccomp: invalid syscall list entry %s\n", name); | 106 | fprintf(stderr, "Error fseccomp: invalid syscall list entry %s\n", name); |
107 | exit(1); | 107 | exit(1); |
@@ -142,7 +142,7 @@ int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall, | |||
142 | } | 142 | } |
143 | ptr = strtok(NULL, ","); | 143 | ptr = strtok(NULL, ","); |
144 | } | 144 | } |
145 | 145 | ||
146 | free(str); | 146 | free(str); |
147 | return 0; | 147 | return 0; |
148 | } | 148 | } |