diff options
author | netblue30 <netblue30@yahoo.com> | 2017-02-14 11:38:19 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-02-14 11:38:19 -0500 |
commit | b286a6bc3a13161038dc918660722628057d28d7 (patch) | |
tree | 49a4d537e0d41b43501cec367ceaee9bcc132fc1 /src | |
parent | profile merges (diff) | |
download | firejail-b286a6bc3a13161038dc918660722628057d28d7.tar.gz firejail-b286a6bc3a13161038dc918660722628057d28d7.tar.zst firejail-b286a6bc3a13161038dc918660722628057d28d7.zip |
merge #1100 from zackw: removed libconnect
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_trace.c | 3 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 8 | ||||
-rw-r--r-- | src/libconnect/Makefile.in | 25 | ||||
-rw-r--r-- | src/libconnect/libconnect.c | 66 |
4 files changed, 4 insertions, 98 deletions
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 9e1dd546e..2a58d1eb2 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
@@ -60,9 +60,6 @@ void fs_trace(void) { | |||
60 | printf("Blacklist violations are logged to syslog\n"); | 60 | printf("Blacklist violations are logged to syslog\n"); |
61 | } | 61 | } |
62 | 62 | ||
63 | if (mask_x11_abstract_socket) | ||
64 | fprintf(fp, "%s/firejail/libconnect.so\n", LIBDIR); | ||
65 | |||
66 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 63 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); |
67 | fclose(fp); | 64 | fclose(fp); |
68 | 65 | ||
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 3fddc654b..1af9e7286 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -585,7 +585,7 @@ int sandbox(void* sandbox_arg) { | |||
585 | #endif | 585 | #endif |
586 | 586 | ||
587 | // trace pre-install | 587 | // trace pre-install |
588 | if (arg_trace || arg_tracelog || mask_x11_abstract_socket) | 588 | if (arg_trace || arg_tracelog) |
589 | fs_trace_preload(); | 589 | fs_trace_preload(); |
590 | 590 | ||
591 | // store hosts file | 591 | // store hosts file |
@@ -622,7 +622,7 @@ int sandbox(void* sandbox_arg) { | |||
622 | //**************************** | 622 | //**************************** |
623 | // trace pre-install, this time inside chroot | 623 | // trace pre-install, this time inside chroot |
624 | //**************************** | 624 | //**************************** |
625 | if (arg_trace || arg_tracelog || mask_x11_abstract_socket) | 625 | if (arg_trace || arg_tracelog) |
626 | fs_trace_preload(); | 626 | fs_trace_preload(); |
627 | } | 627 | } |
628 | else | 628 | else |
@@ -685,7 +685,7 @@ int sandbox(void* sandbox_arg) { | |||
685 | else { | 685 | else { |
686 | fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep); | 686 | fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep); |
687 | // create /etc/ld.so.preload file again | 687 | // create /etc/ld.so.preload file again |
688 | if (arg_trace || arg_tracelog || mask_x11_abstract_socket) | 688 | if (arg_trace || arg_tracelog) |
689 | fs_trace_preload(); | 689 | fs_trace_preload(); |
690 | } | 690 | } |
691 | } | 691 | } |
@@ -781,7 +781,7 @@ int sandbox(void* sandbox_arg) { | |||
781 | //**************************** | 781 | //**************************** |
782 | // install trace | 782 | // install trace |
783 | //**************************** | 783 | //**************************** |
784 | if (arg_trace || arg_tracelog || mask_x11_abstract_socket) | 784 | if (arg_trace || arg_tracelog) |
785 | fs_trace(); | 785 | fs_trace(); |
786 | 786 | ||
787 | //**************************** | 787 | //**************************** |
diff --git a/src/libconnect/Makefile.in b/src/libconnect/Makefile.in deleted file mode 100644 index 5b7a8d0f1..000000000 --- a/src/libconnect/Makefile.in +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | PREFIX=@prefix@ | ||
2 | VERSION=@PACKAGE_VERSION@ | ||
3 | NAME=@PACKAGE_NAME@ | ||
4 | HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ | ||
5 | |||
6 | H_FILE_LIST = $(sort $(wildcard *.[h])) | ||
7 | C_FILE_LIST = $(sort $(wildcard *.c)) | ||
8 | OBJS = $(C_FILE_LIST:.c=.o) | ||
9 | BINOBJS = $(foreach file, $(OBJS), $file) | ||
10 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security | ||
11 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now | ||
12 | |||
13 | all: libconnect.so | ||
14 | |||
15 | %.o : %.c $(H_FILE_LIST) | ||
16 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | ||
17 | |||
18 | libconnect.so: $(OBJS) | ||
19 | $(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl | ||
20 | |||
21 | |||
22 | clean:; rm -f $(OBJS) libconnect.so | ||
23 | |||
24 | distclean: clean | ||
25 | rm -fr Makefile | ||
diff --git a/src/libconnect/libconnect.c b/src/libconnect/libconnect.c deleted file mode 100644 index d79dcc4cb..000000000 --- a/src/libconnect/libconnect.c +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2017 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #define _GNU_SOURCE | ||
21 | #include <stdio.h> | ||
22 | #include <stdlib.h> | ||
23 | #include <string.h> | ||
24 | #include <dlfcn.h> | ||
25 | #include <sys/types.h> | ||
26 | #include <unistd.h> | ||
27 | #include <sys/socket.h> | ||
28 | #include <netinet/in.h> | ||
29 | #include <arpa/inet.h> | ||
30 | #include <sys/un.h> | ||
31 | #include <sys/stat.h> | ||
32 | #include <dirent.h> | ||
33 | #include <errno.h> | ||
34 | |||
35 | //#define DEBUG | ||
36 | |||
37 | //static int check_sockaddr(int sockfd, const char *call, const struct sockaddr *addr, int rv) { | ||
38 | static int check_sockaddr(const struct sockaddr *addr) { | ||
39 | if (addr->sa_family == AF_UNIX) { | ||
40 | struct sockaddr_un *a = (struct sockaddr_un *) addr; | ||
41 | if (a->sun_path[0] == '\0' && strstr(a->sun_path + 1, "X11-unix")) { | ||
42 | // printf("@%s\n", a->sun_path + 1); | ||
43 | errno = ENOENT; | ||
44 | return -1; | ||
45 | } | ||
46 | } | ||
47 | |||
48 | return 0; | ||
49 | } | ||
50 | |||
51 | // | ||
52 | // syscalls | ||
53 | // | ||
54 | |||
55 | // connect | ||
56 | typedef int (*orig_connect_t)(int sockfd, const struct sockaddr *addr, socklen_t addrlen); | ||
57 | static orig_connect_t orig_connect = NULL; | ||
58 | int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { | ||
59 | if (!orig_connect) | ||
60 | orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect"); | ||
61 | |||
62 | if (check_sockaddr(addr) == -1) | ||
63 | return -1; | ||
64 | |||
65 | return orig_connect(sockfd, addr, addrlen); | ||
66 | } | ||