Merge branch 'master' of ssh://github.com/netblue30/firejail

author: netblue30 <netblue30@protonmail.com> 2023-07-16 11:24:12 -0400
committer: netblue30 <netblue30@protonmail.com> 2023-07-16 11:24:12 -0400
commit: cb39a0eafd030829c0081e698cb934fd4f09692f (patch)
tree: 755ee6a74cd9fee380c4fd1c6a5cb2a4361c4b66 /src
parent: fnettrace cleanup (diff)
parent: Merge pull request #5900 from kmk3/firecfg-support-doas (diff)
download: firejail-cb39a0eafd030829c0081e698cb934fd4f09692f.tar.gz
firejail-cb39a0eafd030829c0081e698cb934fd4f09692f.tar.zst
firejail-cb39a0eafd030829c0081e698cb934fd4f09692f.zip
8 files changed, 23 insertions, 15 deletions
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
index 963e05ff3..7ac60f70c 100644
--- a/src/firecfg/desktop_files.c
+++ b/src/firecfg/desktop_files.c
@@ -108,7 +108,7 @@ static int have_profile(const char *filename, const char *homedir) {
        return rv;
 }
-void fix_desktop_files(char *homedir) {
+void fix_desktop_files(const char *homedir) {
        assert(homedir);
        struct stat sb;
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index dac5794b4..2755968c9 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -734,6 +734,7 @@ ripperx
 ristretto
 rocketchat
 rpcs3
+rssguard
 rtorrent
 runenpass.sh
 sayonara
diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h
index 825bf8d03..8f74a1198 100644
--- a/src/firecfg/firecfg.h
+++ b/src/firecfg/firecfg.h
@@ -49,6 +49,6 @@ int is_link(const char *fname);
 void sound(void);
 // desktop_files.c
-void fix_desktop_files(char *homedir);
+void fix_desktop_files(const char *homedir);
 #endif
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index da962c35d..4ec81c5b3 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -288,8 +288,11 @@ static void set_links_homedir(const char *homedir) {
        free(firejail_exec);
 }
-static char *get_user(void) {
+static const char *get_sudo_user(void) {
-        char *user = getenv("SUDO_USER");
+        const char *doas_user = getenv("DOAS_USER");
+        const char *sudo_user = getenv("SUDO_USER");
+        const char *user = doas_user ? doas_user : sudo_user;
        if (!user) {
                user = getpwuid(getuid())->pw_name;
                if (!user) {
@@ -301,13 +304,13 @@ static char *get_user(void) {
        return user;
 }
-static char *get_homedir(const char *user, uid_t *uid, gid_t *gid) {
+static const char *get_homedir(const char *user, uid_t *uid, gid_t *gid) {
        // find home directory
        struct passwd *pw = getpwnam(user);
        if (!pw)
                goto errexit;
-        char *home = pw->pw_dir;
+        const char *home = pw->pw_dir;
        if (!home)
                goto errexit;
@@ -326,12 +329,11 @@ int main(int argc, char **argv) {
        int bindir_set = 0;
        // user setup
-        char *user = get_user();
+        const char *user = get_sudo_user();
        assert(user);
        uid_t uid;
        gid_t gid;
-        char *home = get_homedir(user, &uid, &gid);
+        const char *home = get_homedir(user, &uid, &gid);
        // check for --bindir
        for (i = 1; i < argc; i++) {
diff --git a/src/jailcheck/main.c b/src/jailcheck/main.c
index 27da309ea..6cc5cf904 100644
--- a/src/jailcheck/main.c
+++ b/src/jailcheck/main.c
@@ -86,7 +86,7 @@ int main(int argc, char **argv) {
        // user setup
        if (getuid() != 0) {
-                fprintf(stderr, "Error: you need to be root (via sudo) to run this program\n");
+                fprintf(stderr, "Error: you need to be root (via sudo or doas) to run this program\n");
                exit(1);
        }
        user_name = get_sudo_user();
@@ -120,6 +120,7 @@ int main(int argc, char **argv) {
        // basic sysfiles
        sysfiles_setup("/etc/shadow");
        sysfiles_setup("/etc/gshadow");
+        sysfiles_setup("/usr/bin/doas");
        sysfiles_setup("/usr/bin/mount");
        sysfiles_setup("/usr/bin/su");
        sysfiles_setup("/usr/bin/ksu");
diff --git a/src/jailcheck/utils.c b/src/jailcheck/utils.c
index 97fe8833b..930820604 100644
--- a/src/jailcheck/utils.c
+++ b/src/jailcheck/utils.c
@@ -26,7 +26,10 @@
 #define BUFLEN 4096
 char *get_sudo_user(void) {
-        char *user = getenv("SUDO_USER");
+        char *doas_user = getenv("DOAS_USER");
+        char *sudo_user = getenv("SUDO_USER");
+        char *user = doas_user ? doas_user : sudo_user;
        if (!user) {
                user = getpwuid(getuid())->pw_name;
                if (!user) {
diff --git a/src/man/firecfg.1.in b/src/man/firecfg.1.in
index 42add6a41..a85fbc5da 100644
--- a/src/man/firecfg.1.in
+++ b/src/man/firecfg.1.in
@@ -23,7 +23,9 @@ The integration covers:
 - programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE/LXQT, MATE and XFCE
 desktop managers are supported in this moment
 .RE
+.PP
+Note: The examples use \fBsudo\fR, but \fBdoas\fR is also supported.
+.PP
 To set it up, run "sudo firecfg" after installing Firejail software.
 The same command should also be run after
 installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin
diff --git a/src/man/jailcheck.1.in b/src/man/jailcheck.1.in
index e889ea91b..eea5987b7 100644
--- a/src/man/jailcheck.1.in
+++ b/src/man/jailcheck.1.in
@@ -24,9 +24,8 @@ them from inside the sandbox.
 \fB5. Seccomp test
 .TP
 \fB6. Networking test
-.TP
+.PP
-The program is started as root using sudo.
+The program should be started using \fBsudo\fR or \fBdoas\fR.
 .SH OPTIONS
 .TP
 \fB\-\-debug
author	netblue30 <netblue30@protonmail.com>	2023-07-16 11:24:12 -0400
committer	netblue30 <netblue30@protonmail.com>	2023-07-16 11:24:12 -0400
commit	cb39a0eafd030829c0081e698cb934fd4f09692f (patch)
tree	755ee6a74cd9fee380c4fd1c6a5cb2a4361c4b66 /src
parent	fnettrace cleanup (diff)
parent	Merge pull request #5900 from kmk3/firecfg-support-doas (diff)
download	firejail-cb39a0eafd030829c0081e698cb934fd4f09692f.tar.gz firejail-cb39a0eafd030829c0081e698cb934fd4f09692f.tar.zst firejail-cb39a0eafd030829c0081e698cb934fd4f09692f.zip

diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index 963e05ff3..7ac60f70c 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c
@@ -108,7 +108,7 @@ static int have_profile(const char filename, const char homedir) {
108	return rv;	108	return rv;
109	}	109	}
110		110
111	void fix_desktop_files(char *homedir) {	111	void fix_desktop_files(const char *homedir) {
112	assert(homedir);	112	assert(homedir);
113	struct stat sb;	113	struct stat sb;
114		114


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index dac5794b4..2755968c9 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -734,6 +734,7 @@ ripperx
734	ristretto	734	ristretto
735	rocketchat	735	rocketchat
736	rpcs3	736	rpcs3
		737	rssguard
737	rtorrent	738	rtorrent
738	runenpass.sh	739	runenpass.sh
739	sayonara	740	sayonara


diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h index 825bf8d03..8f74a1198 100644 --- a/src/firecfg/firecfg.h +++ b/src/firecfg/firecfg.h
@@ -49,6 +49,6 @@ int is_link(const char *fname);
49	void sound(void);	49	void sound(void);
50		50
51	// desktop_files.c	51	// desktop_files.c
52	void fix_desktop_files(char *homedir);	52	void fix_desktop_files(const char *homedir);
53		53
54	#endif	54	#endif


diff --git a/src/firecfg/main.c b/src/firecfg/main.c index da962c35d..4ec81c5b3 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c
@@ -288,8 +288,11 @@ static void set_links_homedir(const char *homedir) {
288	free(firejail_exec);	288	free(firejail_exec);
289	}	289	}
290		290
291	static char *get_user(void) {	291	static const char *get_sudo_user(void) {
292	char *user = getenv("SUDO_USER");	292	const char *doas_user = getenv("DOAS_USER");
		293	const char *sudo_user = getenv("SUDO_USER");
		294	const char *user = doas_user ? doas_user : sudo_user;
		295
293	if (!user) {	296	if (!user) {
294	user = getpwuid(getuid())->pw_name;	297	user = getpwuid(getuid())->pw_name;
295	if (!user) {	298	if (!user) {
@@ -301,13 +304,13 @@ static char *get_user(void) {
301	return user;	304	return user;
302	}	305	}
303		306
304	static char get_homedir(const char user, uid_t uid, gid_t gid) {	307	static const char get_homedir(const char user, uid_t uid, gid_t gid) {
305	// find home directory	308	// find home directory
306	struct passwd *pw = getpwnam(user);	309	struct passwd *pw = getpwnam(user);
307	if (!pw)	310	if (!pw)
308	goto errexit;	311	goto errexit;
309		312
310	char *home = pw->pw_dir;	313	const char *home = pw->pw_dir;
311	if (!home)	314	if (!home)
312	goto errexit;	315	goto errexit;
313		316
@@ -326,12 +329,11 @@ int main(int argc, char **argv) {
326	int bindir_set = 0;	329	int bindir_set = 0;
327		330
328	// user setup	331	// user setup
329	char *user = get_user();	332	const char *user = get_sudo_user();
330	assert(user);	333	assert(user);
331	uid_t uid;	334	uid_t uid;
332	gid_t gid;	335	gid_t gid;
333	char *home = get_homedir(user, &uid, &gid);	336	const char *home = get_homedir(user, &uid, &gid);
334
335		337
336	// check for --bindir	338	// check for --bindir
337	for (i = 1; i < argc; i++) {	339	for (i = 1; i < argc; i++) {


diff --git a/src/jailcheck/main.c b/src/jailcheck/main.c index 27da309ea..6cc5cf904 100644 --- a/src/jailcheck/main.c +++ b/src/jailcheck/main.c
@@ -86,7 +86,7 @@ int main(int argc, char **argv) {
86		86
87	// user setup	87	// user setup
88	if (getuid() != 0) {	88	if (getuid() != 0) {
89	fprintf(stderr, "Error: you need to be root (via sudo) to run this program\n");	89	fprintf(stderr, "Error: you need to be root (via sudo or doas) to run this program\n");
90	exit(1);	90	exit(1);
91	}	91	}
92	user_name = get_sudo_user();	92	user_name = get_sudo_user();
@@ -120,6 +120,7 @@ int main(int argc, char **argv) {
120	// basic sysfiles	120	// basic sysfiles
121	sysfiles_setup("/etc/shadow");	121	sysfiles_setup("/etc/shadow");
122	sysfiles_setup("/etc/gshadow");	122	sysfiles_setup("/etc/gshadow");
		123	sysfiles_setup("/usr/bin/doas");
123	sysfiles_setup("/usr/bin/mount");	124	sysfiles_setup("/usr/bin/mount");
124	sysfiles_setup("/usr/bin/su");	125	sysfiles_setup("/usr/bin/su");
125	sysfiles_setup("/usr/bin/ksu");	126	sysfiles_setup("/usr/bin/ksu");


diff --git a/src/jailcheck/utils.c b/src/jailcheck/utils.c index 97fe8833b..930820604 100644 --- a/src/jailcheck/utils.c +++ b/src/jailcheck/utils.c
@@ -26,7 +26,10 @@
26	#define BUFLEN 4096	26	#define BUFLEN 4096
27		27
28	char *get_sudo_user(void) {	28	char *get_sudo_user(void) {
29	char *user = getenv("SUDO_USER");	29	char *doas_user = getenv("DOAS_USER");
		30	char *sudo_user = getenv("SUDO_USER");
		31	char *user = doas_user ? doas_user : sudo_user;
		32
30	if (!user) {	33	if (!user) {
31	user = getpwuid(getuid())->pw_name;	34	user = getpwuid(getuid())->pw_name;
32	if (!user) {	35	if (!user) {


diff --git a/src/man/firecfg.1.in b/src/man/firecfg.1.in index 42add6a41..a85fbc5da 100644 --- a/src/man/firecfg.1.in +++ b/src/man/firecfg.1.in
@@ -23,7 +23,9 @@ The integration covers:
23	- programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE/LXQT, MATE and XFCE	23	- programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE/LXQT, MATE and XFCE
24	desktop managers are supported in this moment	24	desktop managers are supported in this moment
25	.RE	25	.RE
26		26	.PP
		27	Note: The examples use \fBsudo\fR, but \fBdoas\fR is also supported.
		28	.PP
27	To set it up, run "sudo firecfg" after installing Firejail software.	29	To set it up, run "sudo firecfg" after installing Firejail software.
28	The same command should also be run after	30	The same command should also be run after
29	installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin	31	installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin


diff --git a/src/man/jailcheck.1.in b/src/man/jailcheck.1.in index e889ea91b..eea5987b7 100644 --- a/src/man/jailcheck.1.in +++ b/src/man/jailcheck.1.in
@@ -24,9 +24,8 @@ them from inside the sandbox.
24	\fB5. Seccomp test	24	\fB5. Seccomp test
25	.TP	25	.TP
26	\fB6. Networking test	26	\fB6. Networking test
27	.TP	27	.PP
28	The program is started as root using sudo.	28	The program should be started using \fBsudo\fR or \fBdoas\fR.
29
30	.SH OPTIONS	29	.SH OPTIONS
31	.TP	30	.TP
32	\fB\-\-debug	31	\fB\-\-debug