diff options
author | curiosity-seeker <seeker@posteo.org> | 2016-12-15 12:58:32 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-12-15 12:58:32 +0100 |
commit | d8ee390a6ca56fde4baad57dea7572c39d595809 (patch) | |
tree | 255252b15232086e6f65203cda676859ab4117a0 /src/tools | |
parent | Update quiterss.profile (diff) | |
parent | added a 1 second delay after xpra server is started (diff) | |
download | firejail-d8ee390a6ca56fde4baad57dea7572c39d595809.tar.gz firejail-d8ee390a6ca56fde4baad57dea7572c39d595809.tar.zst firejail-d8ee390a6ca56fde4baad57dea7572c39d595809.zip |
Merge pull request #1 from netblue30/master
Bring fork up-to-date
Diffstat (limited to 'src/tools')
-rwxr-xr-x | src/tools/mkcoverit.sh | 6 | ||||
-rwxr-xr-x | src/tools/syscall_test | bin | 9552 -> 0 bytes | |||
-rw-r--r-- | src/tools/syscall_test.c | 78 | ||||
-rwxr-xr-x | src/tools/syscall_test32 | bin | 6868 -> 0 bytes | |||
-rwxr-xr-x | src/tools/unchroot | bin | 9720 -> 0 bytes | |||
-rw-r--r-- | src/tools/unchroot.c | 125 |
6 files changed, 3 insertions, 206 deletions
diff --git a/src/tools/mkcoverit.sh b/src/tools/mkcoverit.sh index 4af84a7a1..65b06f9fa 100755 --- a/src/tools/mkcoverit.sh +++ b/src/tools/mkcoverit.sh | |||
@@ -1,13 +1,13 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | # unpack firejail archive | 3 | # unpack firejail archive |
4 | ARCFIREJAIL=`ls *.tar.bz2| grep firejail` | 4 | ARCFIREJAIL=`ls *.tar.xz| grep firejail` |
5 | if [ "$?" -eq 0 ]; | 5 | if [ "$?" -eq 0 ]; |
6 | then | 6 | then |
7 | echo "preparing $ARCFIREJAIL" | 7 | echo "preparing $ARCFIREJAIL" |
8 | DIRFIREJAIL=`basename $ARCFIREJAIL .tar.bz2` | 8 | DIRFIREJAIL=`basename $ARCFIREJAIL .tar.xz` |
9 | rm -fr $DIRFIREJAIL | 9 | rm -fr $DIRFIREJAIL |
10 | tar -xjvf $ARCFIREJAIL | 10 | tar -xJvf $ARCFIREJAIL |
11 | cd $DIRFIREJAIL | 11 | cd $DIRFIREJAIL |
12 | ./configure --prefix=/usr | 12 | ./configure --prefix=/usr |
13 | cd .. | 13 | cd .. |
diff --git a/src/tools/syscall_test b/src/tools/syscall_test deleted file mode 100755 index bf29c5b99..000000000 --- a/src/tools/syscall_test +++ /dev/null | |||
Binary files differ | |||
diff --git a/src/tools/syscall_test.c b/src/tools/syscall_test.c deleted file mode 100644 index b3f43c755..000000000 --- a/src/tools/syscall_test.c +++ /dev/null | |||
@@ -1,78 +0,0 @@ | |||
1 | #include <stdlib.h> | ||
2 | #include <stdio.h> | ||
3 | #include <unistd.h> | ||
4 | #include <sys/types.h> | ||
5 | #include <sys/socket.h> | ||
6 | #include <linux/netlink.h> | ||
7 | #include <net/ethernet.h> | ||
8 | #include <sys/mount.h> | ||
9 | |||
10 | int main(int argc, char **argv) { | ||
11 | if (argc != 2) { | ||
12 | printf("Usage: test [sleep|socket|mkdir|mount]\n"); | ||
13 | return 1; | ||
14 | } | ||
15 | |||
16 | if (strcmp(argv[1], "sleep") == 0) { | ||
17 | printf("before sleep\n"); | ||
18 | sleep(1); | ||
19 | printf("after sleep\n"); | ||
20 | } | ||
21 | else if (strcmp(argv[1], "socket") == 0) { | ||
22 | int sock; | ||
23 | |||
24 | printf("testing socket AF_INET\n"); | ||
25 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { | ||
26 | perror("socket"); | ||
27 | } | ||
28 | else | ||
29 | close(sock); | ||
30 | |||
31 | printf("testing socket AF_INET6\n"); | ||
32 | if ((sock = socket(AF_INET6, SOCK_STREAM, 0)) < 0) { | ||
33 | perror("socket"); | ||
34 | } | ||
35 | else | ||
36 | close(sock); | ||
37 | |||
38 | printf("testing socket AF_NETLINK\n"); | ||
39 | if ((sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE)) < 0) { | ||
40 | perror("socket"); | ||
41 | } | ||
42 | else | ||
43 | close(sock); | ||
44 | |||
45 | printf("testing socket AF_UNIX\n"); | ||
46 | if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { | ||
47 | perror("socket"); | ||
48 | } | ||
49 | else | ||
50 | close(sock); | ||
51 | |||
52 | // root needed to be able to handle this | ||
53 | printf("testing socket AF_PACKETX\n"); | ||
54 | if ((sock = socket(AF_PACKET, SOCK_DGRAM, htons(ETH_P_ARP))) < 0) { | ||
55 | perror("socket"); | ||
56 | } | ||
57 | else | ||
58 | close(sock); | ||
59 | printf("after socket\n"); | ||
60 | } | ||
61 | else if (strcmp(argv[1], "mkdir") == 0) { | ||
62 | printf("before mkdir\n"); | ||
63 | mkdir("tmp", 0777); | ||
64 | printf("after mkdir\n"); | ||
65 | } | ||
66 | else if (strcmp(argv[1], "mount") == 0) { | ||
67 | printf("before mount\n"); | ||
68 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) { | ||
69 | perror("mount"); | ||
70 | } | ||
71 | printf("after mount\n"); | ||
72 | } | ||
73 | else { | ||
74 | fprintf(stderr, "Error: invalid argument\n"); | ||
75 | return 1; | ||
76 | } | ||
77 | return 0; | ||
78 | } | ||
diff --git a/src/tools/syscall_test32 b/src/tools/syscall_test32 deleted file mode 100755 index 8d72f58c4..000000000 --- a/src/tools/syscall_test32 +++ /dev/null | |||
Binary files differ | |||
diff --git a/src/tools/unchroot b/src/tools/unchroot deleted file mode 100755 index d32ce2682..000000000 --- a/src/tools/unchroot +++ /dev/null | |||
Binary files differ | |||
diff --git a/src/tools/unchroot.c b/src/tools/unchroot.c deleted file mode 100644 index 21731296e..000000000 --- a/src/tools/unchroot.c +++ /dev/null | |||
@@ -1,125 +0,0 @@ | |||
1 | #include <stdio.h> | ||
2 | #include <stdlib.h> | ||
3 | #include <errno.h> | ||
4 | #include <fcntl.h> | ||
5 | #include <string.h> | ||
6 | #include <unistd.h> | ||
7 | #include <sys/stat.h> | ||
8 | #include <sys/types.h> | ||
9 | |||
10 | /* | ||
11 | ** You should set NEED_FCHDIR to 1 if the chroot() on your | ||
12 | ** system changes the working directory of the calling | ||
13 | ** process to the same directory as the process was chroot()ed | ||
14 | ** to. | ||
15 | ** | ||
16 | ** It is known that you do not need to set this value if you | ||
17 | ** running on Solaris 2.7 and below. | ||
18 | ** | ||
19 | */ | ||
20 | #define NEED_FCHDIR 0 | ||
21 | |||
22 | #define TEMP_DIR "waterbuffalo" | ||
23 | |||
24 | /* Break out of a chroot() environment in C */ | ||
25 | |||
26 | int main() { | ||
27 | int x; /* Used to move up a directory tree */ | ||
28 | int done=0; /* Are we done yet ? */ | ||
29 | #ifdef NEED_FCHDIR | ||
30 | int dir_fd; /* File descriptor to directory */ | ||
31 | #endif | ||
32 | struct stat sbuf; /* The stat() buffer */ | ||
33 | |||
34 | /* | ||
35 | ** First we create the temporary directory if it doesn't exist | ||
36 | */ | ||
37 | if (stat(TEMP_DIR,&sbuf)<0) { | ||
38 | if (errno==ENOENT) { | ||
39 | if (mkdir(TEMP_DIR,0755)<0) { | ||
40 | fprintf(stderr,"Failed to create %s - %s\n", TEMP_DIR, | ||
41 | strerror(errno)); | ||
42 | exit(1); | ||
43 | } | ||
44 | } | ||
45 | else { | ||
46 | fprintf(stderr,"Failed to stat %s - %s\n", TEMP_DIR, | ||
47 | strerror(errno)); | ||
48 | exit(1); | ||
49 | } | ||
50 | } | ||
51 | else if (!S_ISDIR(sbuf.st_mode)) { | ||
52 | fprintf(stderr,"Error - %s is not a directory!\n",TEMP_DIR); | ||
53 | exit(1); | ||
54 | } | ||
55 | |||
56 | #ifdef NEED_FCHDIR | ||
57 | /* | ||
58 | ** Now we open the current working directory | ||
59 | ** | ||
60 | ** Note: Only required if chroot() changes the calling program's | ||
61 | ** working directory to the directory given to chroot(). | ||
62 | ** | ||
63 | */ | ||
64 | if ((dir_fd=open(".",O_RDONLY))<0) { | ||
65 | fprintf(stderr,"Failed to open \".\" for reading - %s\n", | ||
66 | strerror(errno)); | ||
67 | exit(1); | ||
68 | } | ||
69 | #endif | ||
70 | |||
71 | /* | ||
72 | ** Next we chroot() to the temporary directory | ||
73 | */ | ||
74 | if (chroot(TEMP_DIR)<0) { | ||
75 | fprintf(stderr,"Failed to chroot to %s - %s\n",TEMP_DIR, | ||
76 | strerror(errno)); | ||
77 | exit(1); | ||
78 | } | ||
79 | |||
80 | #ifdef NEED_FCHDIR | ||
81 | /* | ||
82 | ** Partially break out of the chroot by doing an fchdir() | ||
83 | ** | ||
84 | ** This only partially breaks out of the chroot() since whilst | ||
85 | ** our current working directory is outside of the chroot() jail, | ||
86 | ** our root directory is still within it. Thus anything which refers | ||
87 | ** to "/" will refer to files under the chroot() point. | ||
88 | ** | ||
89 | ** Note: Only required if chroot() changes the calling program's | ||
90 | ** working directory to the directory given to chroot(). | ||
91 | ** | ||
92 | */ | ||
93 | if (fchdir(dir_fd)<0) { | ||
94 | fprintf(stderr,"Failed to fchdir - %s\n", | ||
95 | strerror(errno)); | ||
96 | exit(1); | ||
97 | } | ||
98 | close(dir_fd); | ||
99 | #endif | ||
100 | |||
101 | /* | ||
102 | ** Completely break out of the chroot by recursing up the directory | ||
103 | ** tree and doing a chroot to the current working directory (which will | ||
104 | ** be the real "/" at that point). We just do a chdir("..") lots of | ||
105 | ** times (1024 times for luck :). If we hit the real root directory before | ||
106 | ** we have finished the loop below it doesn't matter as .. in the root | ||
107 | ** directory is the same as . in the root. | ||
108 | ** | ||
109 | ** We do the final break out by doing a chroot(".") which sets the root | ||
110 | ** directory to the current working directory - at this point the real | ||
111 | ** root directory. | ||
112 | */ | ||
113 | for(x=0;x<1024;x++) { | ||
114 | chdir(".."); | ||
115 | } | ||
116 | chroot("."); | ||
117 | |||
118 | /* | ||
119 | ** We're finally out - so exec a shell in interactive mode | ||
120 | */ | ||
121 | if (execl("/bin/sh","-i",NULL)<0) { | ||
122 | fprintf(stderr,"Failed to exec - %s\n",strerror(errno)); | ||
123 | exit(1); | ||
124 | } | ||
125 | } | ||