Merge pull request #1 from netblue30/master

Bring fork up-to-date
author: curiosity-seeker <seeker@posteo.org> 2016-12-15 12:58:32 +0100
committer: GitHub <noreply@github.com> 2016-12-15 12:58:32 +0100
commit: d8ee390a6ca56fde4baad57dea7572c39d595809 (patch)
tree: 255252b15232086e6f65203cda676859ab4117a0 /src/tools
parent: Update quiterss.profile (diff)
parent: added a 1 second delay after xpra server is started (diff)
download: firejail-d8ee390a6ca56fde4baad57dea7572c39d595809.tar.gz
firejail-d8ee390a6ca56fde4baad57dea7572c39d595809.tar.zst
firejail-d8ee390a6ca56fde4baad57dea7572c39d595809.zip
6 files changed, 3 insertions, 206 deletions
diff --git a/src/tools/mkcoverit.sh b/src/tools/mkcoverit.sh
index 4af84a7a1..65b06f9fa 100755
--- a/src/tools/mkcoverit.sh
+++ b/src/tools/mkcoverit.sh
@@ -1,13 +1,13 @@
 #!/bin/bash
 # unpack firejail archive
-ARCFIREJAIL=`ls *.tar.bz2| grep firejail`
+ARCFIREJAIL=`ls *.tar.xz| grep firejail`
 if [ "$?" -eq 0 ];
 then
        echo "preparing $ARCFIREJAIL"
-        DIRFIREJAIL=`basename $ARCFIREJAIL  .tar.bz2`
+        DIRFIREJAIL=`basename $ARCFIREJAIL  .tar.xz`
        rm -fr $DIRFIREJAIL
-        tar -xjvf $ARCFIREJAIL
+        tar -xJvf $ARCFIREJAIL
        cd $DIRFIREJAIL
        ./configure --prefix=/usr
        cd ..
diff --git a/src/tools/syscall_test b/src/tools/syscall_test
deleted file mode 100755
index bf29c5b99..000000000
--- a/src/tools/syscall_test
+++ /dev/null
Binary files differ
diff --git a/src/tools/syscall_test.c b/src/tools/syscall_test.c
deleted file mode 100644
index b3f43c755..000000000
--- a/src/tools/syscall_test.c
+++ /dev/null
@@ -1,78 +0,0 @@
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <linux/netlink.h>
-#include <net/ethernet.h>
-#include <sys/mount.h>
-int main(int argc, char **argv) {
-        if (argc != 2) {
-                printf("Usage: test [sleep|socket|mkdir|mount]\n");
-                return 1;
-        }
-        if (strcmp(argv[1], "sleep") == 0) {
-                printf("before sleep\n");
-                sleep(1);
-                printf("after sleep\n");
-        }
-        else if (strcmp(argv[1], "socket") == 0) {
-                int sock;
-                printf("testing socket AF_INET\n");
-                if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("testing socket AF_INET6\n");
-                if ((sock = socket(AF_INET6, SOCK_STREAM, 0)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("testing socket AF_NETLINK\n");
-                if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                        
-                printf("testing socket AF_UNIX\n");
-                if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                        
-                // root needed to be able to handle this
-                printf("testing socket AF_PACKETX\n");
-                if ((sock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP))) < 0) {
-                        perror("socket");
-                }
-                else
-                        close(sock);
-                printf("after socket\n");
-        }
-        else if (strcmp(argv[1], "mkdir") == 0) {
-                printf("before mkdir\n");
-                mkdir("tmp", 0777);
-                printf("after mkdir\n");
-        }
-        else if (strcmp(argv[1], "mount") == 0) {
-                printf("before mount\n");
-                if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0) {
-                        perror("mount");
-                }
-                printf("after mount\n");
-        }
-        else {
-                fprintf(stderr, "Error: invalid argument\n");
-                return 1;
-        }
-        return 0;
-}
diff --git a/src/tools/syscall_test32 b/src/tools/syscall_test32
deleted file mode 100755
index 8d72f58c4..000000000
--- a/src/tools/syscall_test32
+++ /dev/null
Binary files differ
diff --git a/src/tools/unchroot b/src/tools/unchroot
deleted file mode 100755
index d32ce2682..000000000
--- a/src/tools/unchroot
+++ /dev/null
Binary files differ
diff --git a/src/tools/unchroot.c b/src/tools/unchroot.c
deleted file mode 100644
index 21731296e..000000000
--- a/src/tools/unchroot.c
+++ /dev/null
@@ -1,125 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <string.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-/* 
- ** You should set NEED_FCHDIR to 1 if the chroot() on your
- ** system changes the working directory of the calling
- ** process to the same directory as the process was chroot()ed
- ** to.
- **
- ** It is known that you do not need to set this value if you
- ** running on Solaris 2.7 and below.
- **
- */
-#define NEED_FCHDIR 0
-#define TEMP_DIR "waterbuffalo"
-/* Break out of a chroot() environment in C */
-int main() {
-        int x;                                    /* Used to move up a directory tree */
-        int done=0;                               /* Are we done yet ? */
-#ifdef NEED_FCHDIR
-        int dir_fd;                               /* File descriptor to directory */
-#endif
-        struct stat sbuf;                         /* The stat() buffer */
-        /* 
-         ** First we create the temporary directory if it doesn't exist
-         */
-        if (stat(TEMP_DIR,&sbuf)<0) {
-                if (errno==ENOENT) {
-                        if (mkdir(TEMP_DIR,0755)<0) {
-                                fprintf(stderr,"Failed to create %s - %s\n", TEMP_DIR,
-                                        strerror(errno));
-                                exit(1);
-                        }
-                }
-                else {
-                        fprintf(stderr,"Failed to stat %s - %s\n", TEMP_DIR,
-                                strerror(errno));
-                        exit(1);
-                }
-        }
-        else if (!S_ISDIR(sbuf.st_mode)) {
-                fprintf(stderr,"Error - %s is not a directory!\n",TEMP_DIR);
-                exit(1);
-        }
-#ifdef NEED_FCHDIR
-        /* 
-         ** Now we open the current working directory
-         **
-         ** Note: Only required if chroot() changes the calling program's
-         **       working directory to the directory given to chroot().
-         **
-         */
-        if ((dir_fd=open(".",O_RDONLY))<0) {
-                fprintf(stderr,"Failed to open \".\" for reading - %s\n",
-                        strerror(errno));
-                exit(1);
-        }
-#endif
-        /* 
-         ** Next we chroot() to the temporary directory
-         */
-        if (chroot(TEMP_DIR)<0) {
-                fprintf(stderr,"Failed to chroot to %s - %s\n",TEMP_DIR,
-                        strerror(errno));
-                exit(1);
-        }
-#ifdef NEED_FCHDIR
-        /* 
-         ** Partially break out of the chroot by doing an fchdir()
-         **
-         ** This only partially breaks out of the chroot() since whilst
-         ** our current working directory is outside of the chroot() jail,
-         ** our root directory is still within it. Thus anything which refers
-         ** to "/" will refer to files under the chroot() point.
-         **
-         ** Note: Only required if chroot() changes the calling program's
-         **       working directory to the directory given to chroot().
-         **
-         */
-        if (fchdir(dir_fd)<0) {
-                fprintf(stderr,"Failed to fchdir - %s\n",
-                        strerror(errno));
-                exit(1);
-        }
-        close(dir_fd);
-#endif
-        /* 
-         ** Completely break out of the chroot by recursing up the directory
-         ** tree and doing a chroot to the current working directory (which will
-         ** be the real "/" at that point). We just do a chdir("..") lots of
-         ** times (1024 times for luck :). If we hit the real root directory before
-         ** we have finished the loop below it doesn't matter as .. in the root
-         ** directory is the same as . in the root.
-         **
-         ** We do the final break out by doing a chroot(".") which sets the root
-         ** directory to the current working directory - at this point the real
-         ** root directory.
-         */
-        for(x=0;x<1024;x++) {
-                chdir("..");
-        }
-        chroot(".");
-        /* 
-         ** We're finally out - so exec a shell in interactive mode
-         */
-        if (execl("/bin/sh","-i",NULL)<0) {
-                fprintf(stderr,"Failed to exec - %s\n",strerror(errno));
-                exit(1);
-        }
-}
author	curiosity-seeker <seeker@posteo.org>	2016-12-15 12:58:32 +0100
committer	GitHub <noreply@github.com>	2016-12-15 12:58:32 +0100
commit	d8ee390a6ca56fde4baad57dea7572c39d595809 (patch)
tree	255252b15232086e6f65203cda676859ab4117a0 /src/tools
parent	Update quiterss.profile (diff)
parent	added a 1 second delay after xpra server is started (diff)
download	firejail-d8ee390a6ca56fde4baad57dea7572c39d595809.tar.gz firejail-d8ee390a6ca56fde4baad57dea7572c39d595809.tar.zst firejail-d8ee390a6ca56fde4baad57dea7572c39d595809.zip

diff --git a/src/tools/mkcoverit.sh b/src/tools/mkcoverit.sh index 4af84a7a1..65b06f9fa 100755 --- a/src/tools/mkcoverit.sh +++ b/src/tools/mkcoverit.sh
@@ -1,13 +1,13 @@
1	#!/bin/bash	1	#!/bin/bash
2		2
3	# unpack firejail archive	3	# unpack firejail archive
4	ARCFIREJAIL=`ls *.tar.bz2\| grep firejail`	4	ARCFIREJAIL=`ls *.tar.xz\| grep firejail`
5	if [ "$?" -eq 0 ];	5	if [ "$?" -eq 0 ];
6	then	6	then
7	echo "preparing $ARCFIREJAIL"	7	echo "preparing $ARCFIREJAIL"
8	DIRFIREJAIL=`basename $ARCFIREJAIL .tar.bz2`	8	DIRFIREJAIL=`basename $ARCFIREJAIL .tar.xz`
9	rm -fr $DIRFIREJAIL	9	rm -fr $DIRFIREJAIL
10	tar -xjvf $ARCFIREJAIL	10	tar -xJvf $ARCFIREJAIL
11	cd $DIRFIREJAIL	11	cd $DIRFIREJAIL
12	./configure --prefix=/usr	12	./configure --prefix=/usr
13	cd ..	13	cd ..


diff --git a/src/tools/syscall_test b/src/tools/syscall_test deleted file mode 100755 index bf29c5b99..000000000 --- a/src/tools/syscall_test +++ /dev/null
Binary files differ


diff --git a/src/tools/syscall_test.c b/src/tools/syscall_test.c deleted file mode 100644 index b3f43c755..000000000 --- a/src/tools/syscall_test.c +++ /dev/null
@@ -1,78 +0,0 @@
1	#include <stdlib.h>
2	#include <stdio.h>
3	#include <unistd.h>
4	#include <sys/types.h>
5	#include <sys/socket.h>
6	#include <linux/netlink.h>
7	#include <net/ethernet.h>
8	#include <sys/mount.h>
9
10	int main(int argc, char **argv) {
11	if (argc != 2) {
12	printf("Usage: test [sleep\|socket\|mkdir\|mount]\n");
13	return 1;
14	}
15
16	if (strcmp(argv[1], "sleep") == 0) {
17	printf("before sleep\n");
18	sleep(1);
19	printf("after sleep\n");
20	}
21	else if (strcmp(argv[1], "socket") == 0) {
22	int sock;
23
24	printf("testing socket AF_INET\n");
25	if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
26	perror("socket");
27	}
28	else
29	close(sock);
30
31	printf("testing socket AF_INET6\n");
32	if ((sock = socket(AF_INET6, SOCK_STREAM, 0)) < 0) {
33	perror("socket");
34	}
35	else
36	close(sock);
37
38	printf("testing socket AF_NETLINK\n");
39	if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) {
40	perror("socket");
41	}
42	else
43	close(sock);
44
45	printf("testing socket AF_UNIX\n");
46	if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
47	perror("socket");
48	}
49	else
50	close(sock);
51
52	// root needed to be able to handle this
53	printf("testing socket AF_PACKETX\n");
54	if ((sock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP))) < 0) {
55	perror("socket");
56	}
57	else
58	close(sock);
59	printf("after socket\n");
60	}
61	else if (strcmp(argv[1], "mkdir") == 0) {
62	printf("before mkdir\n");
63	mkdir("tmp", 0777);
64	printf("after mkdir\n");
65	}
66	else if (strcmp(argv[1], "mount") == 0) {
67	printf("before mount\n");
68	if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID \| MS_STRICTATIME \| MS_REC, "mode=755,gid=0") < 0) {
69	perror("mount");
70	}
71	printf("after mount\n");
72	}
73	else {
74	fprintf(stderr, "Error: invalid argument\n");
75	return 1;
76	}
77	return 0;
78	}


diff --git a/src/tools/syscall_test32 b/src/tools/syscall_test32 deleted file mode 100755 index 8d72f58c4..000000000 --- a/src/tools/syscall_test32 +++ /dev/null
Binary files differ


diff --git a/src/tools/unchroot b/src/tools/unchroot deleted file mode 100755 index d32ce2682..000000000 --- a/src/tools/unchroot +++ /dev/null
Binary files differ


diff --git a/src/tools/unchroot.c b/src/tools/unchroot.c deleted file mode 100644 index 21731296e..000000000 --- a/src/tools/unchroot.c +++ /dev/null
@@ -1,125 +0,0 @@
1	#include <stdio.h>
2	#include <stdlib.h>
3	#include <errno.h>
4	#include <fcntl.h>
5	#include <string.h>
6	#include <unistd.h>
7	#include <sys/stat.h>
8	#include <sys/types.h>
9
10	/*
11	** You should set NEED_FCHDIR to 1 if the chroot() on your
12	** system changes the working directory of the calling
13	** process to the same directory as the process was chroot()ed
14	** to.
15	**
16	** It is known that you do not need to set this value if you
17	** running on Solaris 2.7 and below.
18	**
19	*/
20	#define NEED_FCHDIR 0
21
22	#define TEMP_DIR "waterbuffalo"
23
24	/* Break out of a chroot() environment in C */
25
26	int main() {
27	int x; /* Used to move up a directory tree */
28	int done=0; /* Are we done yet ? */
29	#ifdef NEED_FCHDIR
30	int dir_fd; /* File descriptor to directory */
31	#endif
32	struct stat sbuf; /* The stat() buffer */
33
34	/*
35	** First we create the temporary directory if it doesn't exist
36	*/
37	if (stat(TEMP_DIR,&sbuf)<0) {
38	if (errno==ENOENT) {
39	if (mkdir(TEMP_DIR,0755)<0) {
40	fprintf(stderr,"Failed to create %s - %s\n", TEMP_DIR,
41	strerror(errno));
42	exit(1);
43	}
44	}
45	else {
46	fprintf(stderr,"Failed to stat %s - %s\n", TEMP_DIR,
47	strerror(errno));
48	exit(1);
49	}
50	}
51	else if (!S_ISDIR(sbuf.st_mode)) {
52	fprintf(stderr,"Error - %s is not a directory!\n",TEMP_DIR);
53	exit(1);
54	}
55
56	#ifdef NEED_FCHDIR
57	/*
58	** Now we open the current working directory
59	**
60	** Note: Only required if chroot() changes the calling program's
61	** working directory to the directory given to chroot().
62	**
63	*/
64	if ((dir_fd=open(".",O_RDONLY))<0) {
65	fprintf(stderr,"Failed to open \".\" for reading - %s\n",
66	strerror(errno));
67	exit(1);
68	}
69	#endif
70
71	/*
72	** Next we chroot() to the temporary directory
73	*/
74	if (chroot(TEMP_DIR)<0) {
75	fprintf(stderr,"Failed to chroot to %s - %s\n",TEMP_DIR,
76	strerror(errno));
77	exit(1);
78	}
79
80	#ifdef NEED_FCHDIR
81	/*
82	** Partially break out of the chroot by doing an fchdir()
83	**
84	** This only partially breaks out of the chroot() since whilst
85	** our current working directory is outside of the chroot() jail,
86	** our root directory is still within it. Thus anything which refers
87	** to "/" will refer to files under the chroot() point.
88	**
89	** Note: Only required if chroot() changes the calling program's
90	** working directory to the directory given to chroot().
91	**
92	*/
93	if (fchdir(dir_fd)<0) {
94	fprintf(stderr,"Failed to fchdir - %s\n",
95	strerror(errno));
96	exit(1);
97	}
98	close(dir_fd);
99	#endif
100
101	/*
102	** Completely break out of the chroot by recursing up the directory
103	** tree and doing a chroot to the current working directory (which will
104	** be the real "/" at that point). We just do a chdir("..") lots of
105	** times (1024 times for luck :). If we hit the real root directory before
106	** we have finished the loop below it doesn't matter as .. in the root
107	** directory is the same as . in the root.
108	**
109	** We do the final break out by doing a chroot(".") which sets the root
110	** directory to the current working directory - at this point the real
111	** root directory.
112	*/
113	for(x=0;x<1024;x++) {
114	chdir("..");
115	}
116	chroot(".");
117
118	/*
119	** We're finally out - so exec a shell in interactive mode
120	*/
121	if (execl("/bin/sh","-i",NULL)<0) {
122	fprintf(stderr,"Failed to exec - %s\n",strerror(errno));
123	exit(1);
124	}
125	}