diff options
author | netblue30 <netblue30@protonmail.com> | 2023-02-24 20:44:48 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-24 20:44:48 -0500 |
commit | d657245f7353f692c22db2801ac64f7d807eb415 (patch) | |
tree | 5494cbde66f9fb6220df8a72415a6160f130a6b9 /src | |
parent | Merge pull request #5677 from kmk3/print-failed-long-arg (diff) | |
parent | editorconfig: add indentation rules (diff) | |
download | firejail-d657245f7353f692c22db2801ac64f7d807eb415.tar.gz firejail-d657245f7353f692c22db2801ac64f7d807eb415.tar.zst firejail-d657245f7353f692c22db2801ac64f7d807eb415.zip |
Merge pull request #5674 from kmk3/fix-ws-add-editorconfig
build: Fix whitespace and add .editorconfig
Diffstat (limited to 'src')
57 files changed, 183 insertions, 183 deletions
diff --git a/src/bash_completion/.editorconfig b/src/bash_completion/.editorconfig new file mode 100644 index 000000000..298a13b5e --- /dev/null +++ b/src/bash_completion/.editorconfig | |||
@@ -0,0 +1,3 @@ | |||
1 | [*.bash_completion{,.in}] | ||
2 | indent_size = 4 | ||
3 | indent_style = space | ||
diff --git a/src/etc-cleanup/main.c b/src/etc-cleanup/main.c index a51043e66..6c7bea6d6 100644 --- a/src/etc-cleanup/main.c +++ b/src/etc-cleanup/main.c | |||
@@ -231,8 +231,8 @@ int main(int argc, char **argv) { | |||
231 | int i; | 231 | int i; |
232 | for (i = 1; i < argc; i++) { | 232 | for (i = 1; i < argc; i++) { |
233 | if (strcmp(argv[i], "-h") == 0 || | 233 | if (strcmp(argv[i], "-h") == 0 || |
234 | strcmp(argv[i], "-?") == 0 || | 234 | strcmp(argv[i], "-?") == 0 || |
235 | strcmp(argv[i], "--help") == 0) { | 235 | strcmp(argv[i], "--help") == 0) { |
236 | usage(); | 236 | usage(); |
237 | return 0; | 237 | return 0; |
238 | } | 238 | } |
@@ -252,4 +252,4 @@ int main(int argc, char **argv) { | |||
252 | process_file(argv[i]); | 252 | process_file(argv[i]); |
253 | 253 | ||
254 | return 0; | 254 | return 0; |
255 | } \ No newline at end of file | 255 | } |
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c index 6d96b69cc..15c54911b 100644 --- a/src/fbuilder/build_home.c +++ b/src/fbuilder/build_home.c | |||
@@ -110,7 +110,7 @@ void process_home(const char *fname, char *home, int home_len) { | |||
110 | strcmp(toadd, ".cache") == 0) { | 110 | strcmp(toadd, ".cache") == 0) { |
111 | if (dir) | 111 | if (dir) |
112 | free(dir); | 112 | free(dir); |
113 | continue; | 113 | continue; |
114 | } | 114 | } |
115 | 115 | ||
116 | // clean .cache entries | 116 | // clean .cache entries |
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c index 4089f3806..5a3b389ae 100644 --- a/src/fbuilder/filedb.c +++ b/src/fbuilder/filedb.c | |||
@@ -38,8 +38,8 @@ FileDB *filedb_find(FileDB *head, const char *fname) { | |||
38 | if (strlen(fname) > ptr->len && | 38 | if (strlen(fname) > ptr->len && |
39 | fname[ptr->len] == '/' && | 39 | fname[ptr->len] == '/' && |
40 | strncmp(ptr->fname, fname, ptr->len) == 0) { | 40 | strncmp(ptr->fname, fname, ptr->len) == 0) { |
41 | found = 1; | 41 | found = 1; |
42 | break; | 42 | break; |
43 | } | 43 | } |
44 | 44 | ||
45 | ptr = ptr->next; | 45 | ptr = ptr->next; |
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c index ebb273f12..7fdf9af68 100644 --- a/src/fbuilder/main.c +++ b/src/fbuilder/main.c | |||
@@ -32,7 +32,7 @@ int main(int argc, char **argv) { | |||
32 | system("cat /proc/self/status"); | 32 | system("cat /proc/self/status"); |
33 | int i; | 33 | int i; |
34 | for (i = 0; i < argc; i++) | 34 | for (i = 0; i < argc; i++) |
35 | printf("*%s* ", argv[i]); | 35 | printf("*%s* ", argv[i]); |
36 | printf("\n"); | 36 | printf("\n"); |
37 | } | 37 | } |
38 | #endif | 38 | #endif |
diff --git a/src/fcopy/main.c b/src/fcopy/main.c index f1deabf2e..ce2efb295 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c | |||
@@ -92,7 +92,7 @@ static void selinux_relabel_path(const char *path, const char *inside_path) { | |||
92 | printf("Cannot relabel %s: %s\n", path, strerror(errno)); | 92 | printf("Cannot relabel %s: %s\n", path, strerror(errno)); |
93 | } | 93 | } |
94 | freecon(fcon); | 94 | freecon(fcon); |
95 | close: | 95 | close: |
96 | close(fd); | 96 | close(fd); |
97 | #else | 97 | #else |
98 | (void) path; | 98 | (void) path; |
@@ -236,7 +236,7 @@ void copy_link(const char *target, const char *linkpath, mode_t mode, uid_t uid, | |||
236 | // if the link is already there, don't create it | 236 | // if the link is already there, don't create it |
237 | struct stat s; | 237 | struct stat s; |
238 | if (lstat(linkpath, &s) == 0) | 238 | if (lstat(linkpath, &s) == 0) |
239 | return; | 239 | return; |
240 | 240 | ||
241 | char *rp = proc_pid_to_self(target); | 241 | char *rp = proc_pid_to_self(target); |
242 | if (rp) { | 242 | if (rp) { |
diff --git a/src/fids/config b/src/fids/config index c18c97260..7828622e8 100644 --- a/src/fids/config +++ b/src/fids/config | |||
@@ -13,4 +13,3 @@ | |||
13 | /home/netblue/Desktop/*.desktop | 13 | /home/netblue/Desktop/*.desktop |
14 | /home/netblue/.ssh | 14 | /home/netblue/.ssh |
15 | /home/netblue/.gnupg | 15 | /home/netblue/.gnupg |
16 | |||
diff --git a/src/fids/db.c b/src/fids/db.c index 6a21a4e14..7cad11cca 100644 --- a/src/fids/db.c +++ b/src/fids/db.c | |||
@@ -155,4 +155,3 @@ errexit: | |||
155 | fprintf(stderr, "Error fids: database corrupted\n"); | 155 | fprintf(stderr, "Error fids: database corrupted\n"); |
156 | exit(1); | 156 | exit(1); |
157 | } | 157 | } |
158 | |||
diff --git a/src/fids/db_exclude.c b/src/fids/db_exclude.c index 18a05209a..aedb95e4f 100644 --- a/src/fids/db_exclude.c +++ b/src/fids/db_exclude.c | |||
@@ -53,4 +53,3 @@ int db_exclude_check(const char *fname) { | |||
53 | 53 | ||
54 | return 0; | 54 | return 0; |
55 | } | 55 | } |
56 | |||
diff --git a/src/firecfg/util.c b/src/firecfg/util.c index dc24d4e68..4185b52dd 100644 --- a/src/firecfg/util.c +++ b/src/firecfg/util.c | |||
@@ -30,8 +30,8 @@ static int find(const char *program, const char *directory) { | |||
30 | 30 | ||
31 | struct stat s; | 31 | struct stat s; |
32 | if (stat(fname, &s) == 0) { | 32 | if (stat(fname, &s) == 0) { |
33 | if (arg_debug) | 33 | if (arg_debug) |
34 | printf("found %s in directory %s\n", program, directory); | 34 | printf("found %s in directory %s\n", program, directory); |
35 | retval = 1; | 35 | retval = 1; |
36 | } | 36 | } |
37 | 37 | ||
@@ -44,8 +44,8 @@ static int find(const char *program, const char *directory) { | |||
44 | int which(const char *program) { | 44 | int which(const char *program) { |
45 | // check some well-known paths | 45 | // check some well-known paths |
46 | if (find(program, "/bin") || find(program, "/usr/bin") || | 46 | if (find(program, "/bin") || find(program, "/usr/bin") || |
47 | find(program, "/sbin") || find(program, "/usr/sbin") || | 47 | find(program, "/sbin") || find(program, "/usr/sbin") || |
48 | find(program, "/usr/games")) | 48 | find(program, "/usr/games")) |
49 | return 1; | 49 | return 1; |
50 | 50 | ||
51 | // check environment | 51 | // check environment |
diff --git a/src/firejail/appimage_size.c b/src/firejail/appimage_size.c index 6bb530d12..60c4c0364 100644 --- a/src/firejail/appimage_size.c +++ b/src/firejail/appimage_size.c | |||
@@ -17,8 +17,9 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | |||
20 | /* | 21 | /* |
21 | This code borrows heavily from src/libappimage_shared/elf.c in libappimage | 22 | * This code borrows heavily from src/libappimage_shared/elf.c in libappimage |
22 | */ | 23 | */ |
23 | /* | 24 | /* |
24 | Compile with: | 25 | Compile with: |
@@ -144,7 +145,7 @@ long unsigned int appimage2_size(int fd) { | |||
144 | return 0; | 145 | return 0; |
145 | 146 | ||
146 | if ((ehdr.e_ident[EI_DATA] != ELFDATA2LSB) && | 147 | if ((ehdr.e_ident[EI_DATA] != ELFDATA2LSB) && |
147 | (ehdr.e_ident[EI_DATA] != ELFDATA2MSB)) | 148 | (ehdr.e_ident[EI_DATA] != ELFDATA2MSB)) |
148 | return 0; | 149 | return 0; |
149 | 150 | ||
150 | if(ehdr.e_ident[EI_CLASS] == ELFCLASS32) { | 151 | if(ehdr.e_ident[EI_CLASS] == ELFCLASS32) { |
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index fef7eb724..132ac94ba 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
@@ -280,7 +280,7 @@ void fs_chroot(const char *rootdir) { | |||
280 | // fs_dev_shm(); | 280 | // fs_dev_shm(); |
281 | fs_var_lock(); | 281 | fs_var_lock(); |
282 | if (!arg_keep_var_tmp) | 282 | if (!arg_keep_var_tmp) |
283 | fs_var_tmp(); | 283 | fs_var_tmp(); |
284 | if (!arg_writable_var_log) | 284 | if (!arg_writable_var_log) |
285 | fs_var_log(); | 285 | fs_var_log(); |
286 | 286 | ||
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c index ada76bc76..804d51caa 100644 --- a/src/firejail/cpu.c +++ b/src/firejail/cpu.c | |||
@@ -103,17 +103,17 @@ void set_cpu_affinity(void) { | |||
103 | if (sched_setaffinity(0, sizeof(mask), &mask) == -1) | 103 | if (sched_setaffinity(0, sizeof(mask), &mask) == -1) |
104 | fwarning("cannot set cpu affinity\n"); | 104 | fwarning("cannot set cpu affinity\n"); |
105 | 105 | ||
106 | // verify cpu affinity | 106 | // verify cpu affinity |
107 | cpu_set_t mask2; | 107 | cpu_set_t mask2; |
108 | CPU_ZERO(&mask2); | 108 | CPU_ZERO(&mask2); |
109 | if (sched_getaffinity(0, sizeof(mask2), &mask2) == -1) | 109 | if (sched_getaffinity(0, sizeof(mask2), &mask2) == -1) |
110 | fwarning("cannot verify cpu affinity\n"); | 110 | fwarning("cannot verify cpu affinity\n"); |
111 | else if (arg_debug) { | 111 | else if (arg_debug) { |
112 | if (CPU_EQUAL(&mask, &mask2)) | 112 | if (CPU_EQUAL(&mask, &mask2)) |
113 | printf("CPU affinity set\n"); | 113 | printf("CPU affinity set\n"); |
114 | else | 114 | else |
115 | printf("CPU affinity not set\n"); | 115 | printf("CPU affinity not set\n"); |
116 | } | 116 | } |
117 | } | 117 | } |
118 | 118 | ||
119 | static void print_cpu(ProcessHandle process) { | 119 | static void print_cpu(ProcessHandle process) { |
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c index a41071305..b2f9fe2d2 100644 --- a/src/firejail/dbus.c +++ b/src/firejail/dbus.c | |||
@@ -263,7 +263,7 @@ static char *find_user_socket_by_format(char *format) { | |||
263 | if (!S_ISSOCK(s.st_mode)) | 263 | if (!S_ISSOCK(s.st_mode)) |
264 | goto fail; | 264 | goto fail; |
265 | return dbus_user_socket; | 265 | return dbus_user_socket; |
266 | fail: | 266 | fail: |
267 | free(dbus_user_socket); | 267 | free(dbus_user_socket); |
268 | return NULL; | 268 | return NULL; |
269 | } | 269 | } |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 30c1b441c..824164c8a 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -266,7 +266,7 @@ static inline int any_ip6_dhcp(void) { | |||
266 | } | 266 | } |
267 | 267 | ||
268 | static inline int any_dhcp(void) { | 268 | static inline int any_dhcp(void) { |
269 | return any_ip_dhcp() || any_ip6_dhcp(); | 269 | return any_ip_dhcp() || any_ip6_dhcp(); |
270 | } | 270 | } |
271 | 271 | ||
272 | extern int arg_private; // mount private /home | 272 | extern int arg_private; // mount private /home |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index d7a2edc3b..182f26e53 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -123,8 +123,8 @@ static void disable_file(OPERATION op, const char *filename) { | |||
123 | if (op == BLACKLIST_FILE || op == BLACKLIST_NOLOG) { | 123 | if (op == BLACKLIST_FILE || op == BLACKLIST_NOLOG) { |
124 | // some distros put all executables under /usr/bin and make /bin a symbolic link | 124 | // some distros put all executables under /usr/bin and make /bin a symbolic link |
125 | if ((strcmp(fname, "/bin") == 0 || strcmp(fname, "/usr/bin") == 0) && | 125 | if ((strcmp(fname, "/bin") == 0 || strcmp(fname, "/usr/bin") == 0) && |
126 | is_link(filename) && | 126 | is_link(filename) && |
127 | S_ISDIR(s.st_mode)) { | 127 | S_ISDIR(s.st_mode)) { |
128 | fwarning("%s directory link was not blacklisted\n", filename); | 128 | fwarning("%s directory link was not blacklisted\n", filename); |
129 | } | 129 | } |
130 | else { | 130 | else { |
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 6c4d4c0c6..3b7369ea8 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c | |||
@@ -402,4 +402,3 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c | |||
402 | fs_private_dir_mount(private_dir, private_run_dir); | 402 | fs_private_dir_mount(private_dir, private_run_dir); |
403 | fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); | 403 | fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); |
404 | } | 404 | } |
405 | |||
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index f2782de35..ea85fabfd 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -178,7 +178,7 @@ static void print_directory(const char *path) { | |||
178 | 178 | ||
179 | n = scandir(path, &namelist, 0, alphasort); | 179 | n = scandir(path, &namelist, 0, alphasort); |
180 | if (n < 0) | 180 | if (n < 0) |
181 | errExit("scandir"); | 181 | errExit("scandir"); |
182 | else { | 182 | else { |
183 | for (i = 0; i < n; i++) | 183 | for (i = 0; i < n; i++) |
184 | print_file_or_dir(path, namelist[i]->d_name); | 184 | print_file_or_dir(path, namelist[i]->d_name); |
diff --git a/src/firejail/macros.c b/src/firejail/macros.c index 27bb4227a..af7d02c2a 100644 --- a/src/firejail/macros.c +++ b/src/firejail/macros.c | |||
@@ -38,19 +38,19 @@ Macro macro[] = { | |||
38 | }, | 38 | }, |
39 | 39 | ||
40 | { | 40 | { |
41 | "${MUSIC}", | 41 | "${MUSIC}", |
42 | "XDG_MUSIC_DIR=\"$HOME/", | 42 | "XDG_MUSIC_DIR=\"$HOME/", |
43 | {"Music", "Музыка", "Musique", "Musica", "Música", "Musik"} | 43 | {"Music", "Музыка", "Musique", "Musica", "Música", "Musik"} |
44 | }, | 44 | }, |
45 | 45 | ||
46 | { | 46 | { |
47 | "${VIDEOS}", | 47 | "${VIDEOS}", |
48 | "XDG_VIDEOS_DIR=\"$HOME/", | 48 | "XDG_VIDEOS_DIR=\"$HOME/", |
49 | {"Videos", "Видео", "Vidéos", "Video", "Vídeos"} | 49 | {"Videos", "Видео", "Vidéos", "Video", "Vídeos"} |
50 | }, | 50 | }, |
51 | 51 | ||
52 | { | 52 | { |
53 | "${PICTURES}", | 53 | "${PICTURES}", |
54 | "XDG_PICTURES_DIR=\"$HOME/", | 54 | "XDG_PICTURES_DIR=\"$HOME/", |
55 | {"Pictures", "Изображения", "Photos", "Immagini", "Imágenes", "Imagens", "Bilder"} | 55 | {"Pictures", "Изображения", "Photos", "Immagini", "Imágenes", "Imagens", "Bilder"} |
56 | }, | 56 | }, |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 54978570e..ac84f00c9 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -47,12 +47,12 @@ | |||
47 | #endif | 47 | #endif |
48 | 48 | ||
49 | #ifdef __ia64__ | 49 | #ifdef __ia64__ |
50 | /* clone(2) has a different interface on ia64, as it needs to know | 50 | /* clone(2) has a different interface on ia64, as it needs to know the size of |
51 | the size of the stack */ | 51 | * the stack */ |
52 | int __clone2(int (*fn)(void *), | 52 | int __clone2(int (*fn)(void *), |
53 | void *child_stack_base, size_t stack_size, | 53 | void *child_stack_base, size_t stack_size, |
54 | int flags, void *arg, ... | 54 | int flags, void *arg, ... |
55 | /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ ); | 55 | /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ ); |
56 | #endif | 56 | #endif |
57 | 57 | ||
58 | uid_t firejail_uid = 0; | 58 | uid_t firejail_uid = 0; |
@@ -106,7 +106,7 @@ char *arg_netfilter6_file = NULL; // netfilter6 file | |||
106 | char *arg_netns = NULL; // "ip netns"-created network namespace to use | 106 | char *arg_netns = NULL; // "ip netns"-created network namespace to use |
107 | int arg_doubledash = 0; // double dash | 107 | int arg_doubledash = 0; // double dash |
108 | int arg_private_dev = 0; // private dev directory | 108 | int arg_private_dev = 0; // private dev directory |
109 | int arg_keep_dev_shm = 0; // preserve /dev/shm | 109 | int arg_keep_dev_shm = 0; // preserve /dev/shm |
110 | int arg_private_etc = 0; // private etc directory | 110 | int arg_private_etc = 0; // private etc directory |
111 | int arg_private_opt = 0; // private opt directory | 111 | int arg_private_opt = 0; // private opt directory |
112 | int arg_private_srv = 0; // private srv directory | 112 | int arg_private_srv = 0; // private srv directory |
@@ -129,7 +129,7 @@ int arg_writable_etc = 0; // writable etc | |||
129 | int arg_keep_config_pulse = 0; // disable automatic ~/.config/pulse init | 129 | int arg_keep_config_pulse = 0; // disable automatic ~/.config/pulse init |
130 | int arg_keep_shell_rc = 0; // do not copy shell configuration from /etc/skel | 130 | int arg_keep_shell_rc = 0; // do not copy shell configuration from /etc/skel |
131 | int arg_writable_var = 0; // writable var | 131 | int arg_writable_var = 0; // writable var |
132 | int arg_keep_var_tmp = 0; // don't overwrite /var/tmp | 132 | int arg_keep_var_tmp = 0; // don't overwrite /var/tmp |
133 | int arg_writable_run_user = 0; // writable /run/user | 133 | int arg_writable_run_user = 0; // writable /run/user |
134 | int arg_writable_var_log = 0; // writable /var/log | 134 | int arg_writable_var_log = 0; // writable /var/log |
135 | int arg_appimage = 0; // appimage | 135 | int arg_appimage = 0; // appimage |
@@ -141,7 +141,7 @@ int arg_x11_block = 0; // block X11 | |||
141 | int arg_x11_xorg = 0; // use X11 security extension | 141 | int arg_x11_xorg = 0; // use X11 security extension |
142 | int arg_allusers = 0; // all user home directories visible | 142 | int arg_allusers = 0; // all user home directories visible |
143 | int arg_machineid = 0; // spoof /etc/machine-id | 143 | int arg_machineid = 0; // spoof /etc/machine-id |
144 | int arg_allow_private_blacklist = 0; // blacklist things in private directories | 144 | int arg_allow_private_blacklist = 0; // blacklist things in private directories |
145 | int arg_disable_mnt = 0; // disable /mnt and /media | 145 | int arg_disable_mnt = 0; // disable /mnt and /media |
146 | int arg_noprofile = 0; // use default.profile if none other found/specified | 146 | int arg_noprofile = 0; // use default.profile if none other found/specified |
147 | int arg_memory_deny_write_execute = 0; // block writable and executable memory | 147 | int arg_memory_deny_write_execute = 0; // block writable and executable memory |
@@ -150,7 +150,7 @@ int arg_nodvd = 0; // --nodvd | |||
150 | int arg_nou2f = 0; // --nou2f | 150 | int arg_nou2f = 0; // --nou2f |
151 | int arg_noinput = 0; // --noinput | 151 | int arg_noinput = 0; // --noinput |
152 | int arg_deterministic_exit_code = 0; // always exit with first child's exit status | 152 | int arg_deterministic_exit_code = 0; // always exit with first child's exit status |
153 | int arg_deterministic_shutdown = 0; // shut down the sandbox if first child dies | 153 | int arg_deterministic_shutdown = 0; // shut down the sandbox if first child dies |
154 | int arg_keep_fd_all = 0; // inherit all file descriptors to sandbox | 154 | int arg_keep_fd_all = 0; // inherit all file descriptors to sandbox |
155 | DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW; // --dbus-user | 155 | DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW; // --dbus-user |
156 | DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system | 156 | DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system |
@@ -768,11 +768,11 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
768 | exit(1); | 768 | exit(1); |
769 | } | 769 | } |
770 | char *path = argv[i + 1]; | 770 | char *path = argv[i + 1]; |
771 | invalid_filename(path, 0); // no globbing | 771 | invalid_filename(path, 0); // no globbing |
772 | if (strstr(path, "..")) { | 772 | if (strstr(path, "..")) { |
773 | fprintf(stderr, "Error: invalid file name %s\n", path); | 773 | fprintf(stderr, "Error: invalid file name %s\n", path); |
774 | exit(1); | 774 | exit(1); |
775 | } | 775 | } |
776 | 776 | ||
777 | // get file | 777 | // get file |
778 | pid_t pid = require_pid(argv[i] + 6); | 778 | pid_t pid = require_pid(argv[i] + 6); |
@@ -796,17 +796,17 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
796 | exit(1); | 796 | exit(1); |
797 | } | 797 | } |
798 | char *path1 = argv[i + 1]; | 798 | char *path1 = argv[i + 1]; |
799 | invalid_filename(path1, 0); // no globbing | 799 | invalid_filename(path1, 0); // no globbing |
800 | if (strstr(path1, "..")) { | 800 | if (strstr(path1, "..")) { |
801 | fprintf(stderr, "Error: invalid file name %s\n", path1); | 801 | fprintf(stderr, "Error: invalid file name %s\n", path1); |
802 | exit(1); | 802 | exit(1); |
803 | } | 803 | } |
804 | char *path2 = argv[i + 2]; | 804 | char *path2 = argv[i + 2]; |
805 | invalid_filename(path2, 0); // no globbing | 805 | invalid_filename(path2, 0); // no globbing |
806 | if (strstr(path2, "..")) { | 806 | if (strstr(path2, "..")) { |
807 | fprintf(stderr, "Error: invalid file name %s\n", path2); | 807 | fprintf(stderr, "Error: invalid file name %s\n", path2); |
808 | exit(1); | 808 | exit(1); |
809 | } | 809 | } |
810 | 810 | ||
811 | // get file | 811 | // get file |
812 | pid_t pid = require_pid(argv[i] + 6); | 812 | pid_t pid = require_pid(argv[i] + 6); |
@@ -830,15 +830,15 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
830 | exit(1); | 830 | exit(1); |
831 | } | 831 | } |
832 | char *path = argv[i + 1]; | 832 | char *path = argv[i + 1]; |
833 | invalid_filename(path, 0); // no globbing | 833 | invalid_filename(path, 0); // no globbing |
834 | if (strstr(path, "..")) { | 834 | if (strstr(path, "..")) { |
835 | fprintf(stderr, "Error: invalid file name %s\n", path); | 835 | fprintf(stderr, "Error: invalid file name %s\n", path); |
836 | exit(1); | 836 | exit(1); |
837 | } | 837 | } |
838 | 838 | ||
839 | // list directory contents | 839 | // list directory contents |
840 | if (!arg_debug) | 840 | if (!arg_debug) |
841 | arg_quiet = 1; | 841 | arg_quiet = 1; |
842 | pid_t pid = require_pid(argv[i] + 5); | 842 | pid_t pid = require_pid(argv[i] + 5); |
843 | sandboxfs(SANDBOX_FS_LS, pid, path, NULL); | 843 | sandboxfs(SANDBOX_FS_LS, pid, path, NULL); |
844 | exit(0); | 844 | exit(0); |
@@ -867,7 +867,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
867 | 867 | ||
868 | // write file contents to stdout | 868 | // write file contents to stdout |
869 | if (!arg_debug) | 869 | if (!arg_debug) |
870 | arg_quiet = 1; | 870 | arg_quiet = 1; |
871 | pid_t pid = require_pid(argv[i] + 6); | 871 | pid_t pid = require_pid(argv[i] + 6); |
872 | sandboxfs(SANDBOX_FS_CAT, pid, path, NULL); | 872 | sandboxfs(SANDBOX_FS_CAT, pid, path, NULL); |
873 | exit(0); | 873 | exit(0); |
@@ -894,8 +894,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
894 | 894 | ||
895 | } | 895 | } |
896 | else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { | 896 | else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { |
897 | // NOTE: this is first part of option handler, | 897 | // Note: This is the first part of the option handler; the |
898 | // sandbox name is set in other part | 898 | // sandbox name is set in the other part |
899 | if (checkcfg(CFG_JOIN) || getuid() == 0) { | 899 | if (checkcfg(CFG_JOIN) || getuid() == 0) { |
900 | logargs(argc, argv); | 900 | logargs(argc, argv); |
901 | 901 | ||
@@ -1050,11 +1050,11 @@ static int check_postexec(const char *list) { | |||
1050 | //******************************************* | 1050 | //******************************************* |
1051 | int main(int argc, char **argv, char **envp) { | 1051 | int main(int argc, char **argv, char **envp) { |
1052 | int i; | 1052 | int i; |
1053 | int prog_index = -1; // index in argv where the program command starts | 1053 | int prog_index = -1; // index in argv where the program command starts |
1054 | int lockfd_network = -1; | 1054 | int lockfd_network = -1; |
1055 | int lockfd_directory = -1; | 1055 | int lockfd_directory = -1; |
1056 | int custom_profile = 0; // custom profile loaded | 1056 | int custom_profile = 0; // custom profile loaded |
1057 | int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot) | 1057 | int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot) |
1058 | char **ptr; | 1058 | char **ptr; |
1059 | 1059 | ||
1060 | 1060 | ||
@@ -1984,7 +1984,7 @@ int main(int argc, char **argv, char **envp) { | |||
1984 | arg_writable_var = 1; | 1984 | arg_writable_var = 1; |
1985 | } | 1985 | } |
1986 | else if (strcmp(argv[i], "--keep-var-tmp") == 0) { | 1986 | else if (strcmp(argv[i], "--keep-var-tmp") == 0) { |
1987 | arg_keep_var_tmp = 1; | 1987 | arg_keep_var_tmp = 1; |
1988 | } | 1988 | } |
1989 | else if (strcmp(argv[i], "--writable-run-user") == 0) { | 1989 | else if (strcmp(argv[i], "--writable-run-user") == 0) { |
1990 | arg_writable_run_user = 1; | 1990 | arg_writable_run_user = 1; |
@@ -2819,8 +2819,9 @@ int main(int argc, char **argv, char **envp) { | |||
2819 | } | 2819 | } |
2820 | #endif | 2820 | #endif |
2821 | else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { | 2821 | else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { |
2822 | // NOTE: this is second part of option handler, | 2822 | // Note: This is the second part of the option handler; |
2823 | // atempt to find and join sandbox is done in other one | 2823 | // the attempt to find and join the sandbox is done in |
2824 | // the other one | ||
2824 | 2825 | ||
2825 | // set sandbox name and start normally | 2826 | // set sandbox name and start normally |
2826 | cfg.name = argv[i] + 16; | 2827 | cfg.name = argv[i] + 16; |
diff --git a/src/firejail/network.c b/src/firejail/network.c index 5163035fa..c1adf87cc 100644 --- a/src/firejail/network.c +++ b/src/firejail/network.c | |||
@@ -265,7 +265,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) { | |||
265 | int sock; | 265 | int sock; |
266 | 266 | ||
267 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) | 267 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) |
268 | errExit("socket"); | 268 | errExit("socket"); |
269 | 269 | ||
270 | memset(&ifr, 0, sizeof(ifr)); | 270 | memset(&ifr, 0, sizeof(ifr)); |
271 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); | 271 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); |
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 3997d8f86..22ee9dc3c 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -29,10 +29,10 @@ | |||
29 | int is_container(const char *str) { | 29 | int is_container(const char *str) { |
30 | assert(str); | 30 | assert(str); |
31 | if (strcmp(str, "lxc") == 0 || | 31 | if (strcmp(str, "lxc") == 0 || |
32 | strcmp(str, "docker") == 0 || | 32 | strcmp(str, "docker") == 0 || |
33 | strcmp(str, "lxc-libvirt") == 0 || | 33 | strcmp(str, "lxc-libvirt") == 0 || |
34 | strcmp(str, "systemd-nspawn") == 0 || | 34 | strcmp(str, "systemd-nspawn") == 0 || |
35 | strcmp(str, "rkt") == 0) | 35 | strcmp(str, "rkt") == 0) |
36 | return 1; | 36 | return 1; |
37 | return 0; | 37 | return 0; |
38 | } | 38 | } |
diff --git a/src/firejail/oom.c b/src/firejail/oom.c index f4df3538c..482fc0ad0 100644 --- a/src/firejail/oom.c +++ b/src/firejail/oom.c | |||
@@ -84,4 +84,3 @@ void oom_set(const char *oom_string) { | |||
84 | if (waitpid(child, &status, 0) == -1 ) | 84 | if (waitpid(child, &status, 0) == -1 ) |
85 | errExit("waitpid"); | 85 | errExit("waitpid"); |
86 | } | 86 | } |
87 | |||
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c index a22e63ab3..79e0bd9df 100644 --- a/src/firejail/restricted_shell.c +++ b/src/firejail/restricted_shell.c | |||
@@ -84,16 +84,16 @@ int restricted_shell(const char *user) { | |||
84 | 84 | ||
85 | // user name globbing | 85 | // user name globbing |
86 | if (fnmatch(usr, user, 0) == 0) { | 86 | if (fnmatch(usr, user, 0) == 0) { |
87 | // process program arguments | 87 | // process program arguments |
88 | 88 | ||
89 | fullargv[0] = "firejail"; | 89 | fullargv[0] = "firejail"; |
90 | int i; | 90 | int i; |
91 | ptr = args; | 91 | ptr = args; |
92 | for (i = 1; i < MAX_ARGS; i++) { | 92 | for (i = 1; i < MAX_ARGS; i++) { |
93 | // skip blanks | 93 | // skip blanks |
94 | while (*ptr == ' ' || *ptr == '\t') | 94 | while (*ptr == ' ' || *ptr == '\t') |
95 | ptr++; | 95 | ptr++; |
96 | fullargv[i] = ptr; | 96 | fullargv[i] = ptr; |
97 | #ifdef DEBUG_RESTRICTED_SHELL | 97 | #ifdef DEBUG_RESTRICTED_SHELL |
98 | {EUID_ROOT(); | 98 | {EUID_ROOT(); |
99 | FILE *fp = fopen("/firelog", "ae"); | 99 | FILE *fp = fopen("/firelog", "ae"); |
@@ -104,23 +104,23 @@ int restricted_shell(const char *user) { | |||
104 | EUID_USER();} | 104 | EUID_USER();} |
105 | #endif | 105 | #endif |
106 | 106 | ||
107 | if (*ptr != '\0') { | 107 | if (*ptr != '\0') { |
108 | // go to the end of the word | 108 | // go to the end of the word |
109 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') | 109 | while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') |
110 | ptr++; | 110 | ptr++; |
111 | *ptr ='\0'; | 111 | *ptr ='\0'; |
112 | fullargv[i] = strdup(fullargv[i]); | 112 | fullargv[i] = strdup(fullargv[i]); |
113 | if (fullargv[i] == NULL) | 113 | if (fullargv[i] == NULL) |
114 | errExit("strdup"); | 114 | errExit("strdup"); |
115 | ptr++; | 115 | ptr++; |
116 | while (*ptr == ' ' || *ptr == '\t') | 116 | while (*ptr == ' ' || *ptr == '\t') |
117 | ptr++; | 117 | ptr++; |
118 | if (*ptr != '\0') | 118 | if (*ptr != '\0') |
119 | continue; | 119 | continue; |
120 | } | 120 | } |
121 | fullargv[i] = strdup(fullargv[i]); | 121 | fullargv[i] = strdup(fullargv[i]); |
122 | fclose(fp); | 122 | fclose(fp); |
123 | return i + 1; | 123 | return i + 1; |
124 | } | 124 | } |
125 | fprintf(stderr, "Error: too many program arguments in users.conf line %d\n", lineno); | 125 | fprintf(stderr, "Error: too many program arguments in users.conf line %d\n", lineno); |
126 | exit(1); | 126 | exit(1); |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index c4dc0ca78..a4109cc17 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -274,7 +274,7 @@ static void sandbox_if_up(Bridge *br) { | |||
274 | } | 274 | } |
275 | 275 | ||
276 | if (br->ip6sandbox) | 276 | if (br->ip6sandbox) |
277 | net_if_ip6(dev, br->ip6sandbox); | 277 | net_if_ip6(dev, br->ip6sandbox); |
278 | } | 278 | } |
279 | 279 | ||
280 | static void chk_chroot(void) { | 280 | static void chk_chroot(void) { |
@@ -650,12 +650,12 @@ int sandbox(void* sandbox_arg) { | |||
650 | if (arg_debug) | 650 | if (arg_debug) |
651 | printf("Initializing child process\n"); | 651 | printf("Initializing child process\n"); |
652 | 652 | ||
653 | // close each end of the unused pipes | 653 | // close each end of the unused pipes |
654 | close(parent_to_child_fds[1]); | 654 | close(parent_to_child_fds[1]); |
655 | close(child_to_parent_fds[0]); | 655 | close(child_to_parent_fds[0]); |
656 | 656 | ||
657 | // wait for parent to do base setup | 657 | // wait for parent to do base setup |
658 | wait_for_other(parent_to_child_fds[0]); | 658 | wait_for_other(parent_to_child_fds[0]); |
659 | 659 | ||
660 | if (arg_debug && child_pid == 1) | 660 | if (arg_debug && child_pid == 1) |
661 | printf("PID namespace installed\n"); | 661 | printf("PID namespace installed\n"); |
@@ -1259,13 +1259,13 @@ int sandbox(void* sandbox_arg) { | |||
1259 | } | 1259 | } |
1260 | 1260 | ||
1261 | // notify parent that new user namespace has been created so a proper | 1261 | // notify parent that new user namespace has been created so a proper |
1262 | // UID/GID map can be setup | 1262 | // UID/GID map can be setup |
1263 | notify_other(child_to_parent_fds[1]); | 1263 | notify_other(child_to_parent_fds[1]); |
1264 | close(child_to_parent_fds[1]); | 1264 | close(child_to_parent_fds[1]); |
1265 | 1265 | ||
1266 | // wait for parent to finish setting up a proper UID/GID map | 1266 | // wait for parent to finish setting up a proper UID/GID map |
1267 | wait_for_other(parent_to_child_fds[0]); | 1267 | wait_for_other(parent_to_child_fds[0]); |
1268 | close(parent_to_child_fds[0]); | 1268 | close(parent_to_child_fds[0]); |
1269 | 1269 | ||
1270 | // somehow, the new user namespace resets capabilities; | 1270 | // somehow, the new user namespace resets capabilities; |
1271 | // we need to do them again | 1271 | // we need to do them again |
diff --git a/src/firejail/selinux.c b/src/firejail/selinux.c index 5beda294d..08f3b3122 100644 --- a/src/firejail/selinux.c +++ b/src/firejail/selinux.c | |||
@@ -78,7 +78,7 @@ void selinux_relabel_path(const char *path, const char *inside_path) | |||
78 | } | 78 | } |
79 | 79 | ||
80 | freecon(fcon); | 80 | freecon(fcon); |
81 | close: | 81 | close: |
82 | close(fd); | 82 | close(fd); |
83 | #else | 83 | #else |
84 | (void) path; | 84 | (void) path; |
diff --git a/src/firejail/util.c b/src/firejail/util.c index 846c27321..bafcd69ec 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c | |||
@@ -1101,7 +1101,7 @@ void mkdir_attr(const char *fname, mode_t mode, uid_t uid, gid_t gid) { | |||
1101 | if (mkdir(fname, mode) == -1 || | 1101 | if (mkdir(fname, mode) == -1 || |
1102 | chmod(fname, mode) == -1 || | 1102 | chmod(fname, mode) == -1 || |
1103 | chown(fname, uid, gid)) { | 1103 | chown(fname, uid, gid)) { |
1104 | fprintf(stderr, "Error: failed to create %s directory\n", fname); | 1104 | fprintf(stderr, "Error: failed to create %s directory\n", fname); |
1105 | errExit("mkdir/chmod"); | 1105 | errExit("mkdir/chmod"); |
1106 | } | 1106 | } |
1107 | 1107 | ||
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index ff4fdda56..77739c1f3 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -309,7 +309,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my | |||
309 | #endif | 309 | #endif |
310 | if (proc_ev->event_data.fork.child_pid != | 310 | if (proc_ev->event_data.fork.child_pid != |
311 | proc_ev->event_data.fork.child_tgid) | 311 | proc_ev->event_data.fork.child_tgid) |
312 | continue; // this is a thread, not a process | 312 | continue; // this is a thread, not a process |
313 | pid = proc_ev->event_data.fork.parent_tgid; | 313 | pid = proc_ev->event_data.fork.parent_tgid; |
314 | #ifdef DEBUG_PRCTL | 314 | #ifdef DEBUG_PRCTL |
315 | printf("%s: %d, event fork, pid %d\n", __FUNCTION__, __LINE__, pid); | 315 | printf("%s: %d, event fork, pid %d\n", __FUNCTION__, __LINE__, pid); |
diff --git a/src/firemon/top.c b/src/firemon/top.c index c127e2f56..c70bc9424 100644 --- a/src/firemon/top.c +++ b/src/firemon/top.c | |||
@@ -166,7 +166,8 @@ static char *print_top(unsigned index, unsigned parent, unsigned *utime, unsigne | |||
166 | snprintf(prcs_str, 10, "%d", *cnt); | 166 | snprintf(prcs_str, 10, "%d", *cnt); |
167 | 167 | ||
168 | if (asprintf(&rv, "%-7.7s %-9.9s %-8.8s %-8.8s %-5.5s %-4.4s %-9.9s %s", | 168 | if (asprintf(&rv, "%-7.7s %-9.9s %-8.8s %-8.8s %-5.5s %-4.4s %-9.9s %s", |
169 | pidstr, ptruser, rss, shared, cpu_str, prcs_str, uptime_str, ptrcmd) == -1) | 169 | pidstr, ptruser, rss, shared, cpu_str, prcs_str, |
170 | uptime_str, ptrcmd) == -1) | ||
170 | errExit("asprintf"); | 171 | errExit("asprintf"); |
171 | 172 | ||
172 | if (cmd) | 173 | if (cmd) |
diff --git a/src/fldd/main.c b/src/fldd/main.c index 390f7a1bc..4b645b1b3 100644 --- a/src/fldd/main.c +++ b/src/fldd/main.c | |||
@@ -193,9 +193,9 @@ static void parse_elf(const char *exe) { | |||
193 | } | 193 | } |
194 | goto close; | 194 | goto close; |
195 | 195 | ||
196 | error_close: | 196 | error_close: |
197 | perror("copy libs"); | 197 | perror("copy libs"); |
198 | close: | 198 | close: |
199 | if (base) | 199 | if (base) |
200 | munmap(base, s.st_size); | 200 | munmap(base, s.st_size); |
201 | 201 | ||
@@ -295,7 +295,7 @@ int main(int argc, char **argv) { | |||
295 | //system("cat /proc/self/status"); | 295 | //system("cat /proc/self/status"); |
296 | int i; | 296 | int i; |
297 | for (i = 0; i < argc; i++) | 297 | for (i = 0; i < argc; i++) |
298 | printf("*%s* ", argv[i]); | 298 | printf("*%s* ", argv[i]); |
299 | printf("\n"); | 299 | printf("\n"); |
300 | } | 300 | } |
301 | #endif | 301 | #endif |
diff --git a/src/fnet/fnet.h b/src/fnet/fnet.h index c9d40ec1d..f9b09d7ea 100644 --- a/src/fnet/fnet.h +++ b/src/fnet/fnet.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2023 Firejail Authors | 2 | * Copyright (C) 2014-2023 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
diff --git a/src/fnet/interface.c b/src/fnet/interface.c index aa0981269..ca7c744ed 100644 --- a/src/fnet/interface.c +++ b/src/fnet/interface.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2023 Firejail Authors | 2 | * Copyright (C) 2014-2023 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
@@ -57,7 +57,7 @@ void net_bridge_add_interface(const char *bridge, const char *dev) { | |||
57 | 57 | ||
58 | int sock; | 58 | int sock; |
59 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) | 59 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) |
60 | errExit("socket"); | 60 | errExit("socket"); |
61 | 61 | ||
62 | memset(&ifr, 0, sizeof(ifr)); | 62 | memset(&ifr, 0, sizeof(ifr)); |
63 | strncpy(ifr.ifr_name, bridge, IFNAMSIZ - 1); | 63 | strncpy(ifr.ifr_name, bridge, IFNAMSIZ - 1); |
@@ -237,7 +237,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) { | |||
237 | int sock; | 237 | int sock; |
238 | 238 | ||
239 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) | 239 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) |
240 | errExit("socket"); | 240 | errExit("socket"); |
241 | 241 | ||
242 | memset(&ifr, 0, sizeof(ifr)); | 242 | memset(&ifr, 0, sizeof(ifr)); |
243 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); | 243 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); |
@@ -291,7 +291,7 @@ int net_if_mac(const char *ifname, const unsigned char mac[6]) { | |||
291 | int sock; | 291 | int sock; |
292 | 292 | ||
293 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) | 293 | if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) |
294 | errExit("socket"); | 294 | errExit("socket"); |
295 | 295 | ||
296 | memset(&ifr, 0, sizeof(ifr)); | 296 | memset(&ifr, 0, sizeof(ifr)); |
297 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); | 297 | strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); |
diff --git a/src/fnet/main.c b/src/fnet/main.c index 1c48622a0..96c4f1478 100644 --- a/src/fnet/main.c +++ b/src/fnet/main.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2023 Firejail Authors | 2 | * Copyright (C) 2014-2023 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
@@ -47,7 +47,7 @@ static void usage(void) { | |||
47 | printf("\tfnet config mac addr\n"); | 47 | printf("\tfnet config mac addr\n"); |
48 | printf("\tfnet config ipv6 dev ip\n"); | 48 | printf("\tfnet config ipv6 dev ip\n"); |
49 | printf("\tfnet ifup dev\n"); | 49 | printf("\tfnet ifup dev\n"); |
50 | printf("\tfnet waitll dev\n"); | 50 | printf("\tfnet waitll dev\n"); |
51 | } | 51 | } |
52 | 52 | ||
53 | int main(int argc, char **argv) { | 53 | int main(int argc, char **argv) { |
@@ -144,9 +144,9 @@ printf("\n"); | |||
144 | else if (argc == 5 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "ipv6") == 0) { | 144 | else if (argc == 5 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "ipv6") == 0) { |
145 | net_if_ip6(argv[3], argv[4]); | 145 | net_if_ip6(argv[3], argv[4]); |
146 | } | 146 | } |
147 | else if (argc == 3 && strcmp(argv[1], "waitll") == 0) { | 147 | else if (argc == 3 && strcmp(argv[1], "waitll") == 0) { |
148 | net_if_waitll(argv[2]); | 148 | net_if_waitll(argv[2]); |
149 | } | 149 | } |
150 | else { | 150 | else { |
151 | fprintf(stderr, "Error fnet: invalid arguments\n"); | 151 | fprintf(stderr, "Error fnet: invalid arguments\n"); |
152 | return 1; | 152 | return 1; |
diff --git a/src/fnet/veth.c b/src/fnet/veth.c index 2a23c6bd4..2111cfa56 100644 --- a/src/fnet/veth.c +++ b/src/fnet/veth.c | |||
@@ -24,8 +24,8 @@ | |||
24 | * | 24 | * |
25 | * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> | 25 | * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> |
26 | * | 26 | * |
27 | */ | 27 | */ |
28 | /* | 28 | /* |
29 | * Copyright (C) 2014-2023 Firejail Authors | 29 | * Copyright (C) 2014-2023 Firejail Authors |
30 | * | 30 | * |
31 | * This file is part of firejail project | 31 | * This file is part of firejail project |
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c index 978d145b3..8c0f6c297 100644 --- a/src/fnetfilter/main.c +++ b/src/fnetfilter/main.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2023 Firejail Authors | 2 | * Copyright (C) 2014-2023 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
diff --git a/src/fnettrace-dns/fnettrace_dns.h b/src/fnettrace-dns/fnettrace_dns.h index 6d8a3c211..b8f69e9d7 100644 --- a/src/fnettrace-dns/fnettrace_dns.h +++ b/src/fnettrace-dns/fnettrace_dns.h | |||
@@ -31,4 +31,4 @@ | |||
31 | #include <fcntl.h> | 31 | #include <fcntl.h> |
32 | #include <sys/mman.h> | 32 | #include <sys/mman.h> |
33 | 33 | ||
34 | #endif \ No newline at end of file | 34 | #endif |
diff --git a/src/fnettrace-dns/main.c b/src/fnettrace-dns/main.c index 60738147d..64feec5fe 100644 --- a/src/fnettrace-dns/main.c +++ b/src/fnettrace-dns/main.c | |||
@@ -124,7 +124,7 @@ static void print_date(void) { | |||
124 | 124 | ||
125 | static void run_trace(void) { | 125 | static void run_trace(void) { |
126 | // grab all Ethernet packets and use a custom BPF filter to get only UDP from source port 53 | 126 | // grab all Ethernet packets and use a custom BPF filter to get only UDP from source port 53 |
127 | int s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); | 127 | int s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); |
128 | if (s < 0) | 128 | if (s < 0) |
129 | errExit("socket"); | 129 | errExit("socket"); |
130 | custom_bpf(s); | 130 | custom_bpf(s); |
diff --git a/src/fnettrace-icmp/fnettrace_icmp.h b/src/fnettrace-icmp/fnettrace_icmp.h index f535106e1..04c449ff2 100644 --- a/src/fnettrace-icmp/fnettrace_icmp.h +++ b/src/fnettrace-icmp/fnettrace_icmp.h | |||
@@ -31,4 +31,4 @@ | |||
31 | #include <fcntl.h> | 31 | #include <fcntl.h> |
32 | #include <sys/mman.h> | 32 | #include <sys/mman.h> |
33 | 33 | ||
34 | #endif \ No newline at end of file | 34 | #endif |
diff --git a/src/fnettrace-sni/fnettrace_sni.h b/src/fnettrace-sni/fnettrace_sni.h index f535106e1..04c449ff2 100644 --- a/src/fnettrace-sni/fnettrace_sni.h +++ b/src/fnettrace-sni/fnettrace_sni.h | |||
@@ -31,4 +31,4 @@ | |||
31 | #include <fcntl.h> | 31 | #include <fcntl.h> |
32 | #include <sys/mman.h> | 32 | #include <sys/mman.h> |
33 | 33 | ||
34 | #endif \ No newline at end of file | 34 | #endif |
diff --git a/src/fnettrace/fnettrace.h b/src/fnettrace/fnettrace.h index d3bc6439e..629b8ce5b 100644 --- a/src/fnettrace/fnettrace.h +++ b/src/fnettrace/fnettrace.h | |||
@@ -70,4 +70,4 @@ char* retrieve_hostname(uint32_t ip); | |||
70 | // tail.c | 70 | // tail.c |
71 | void tail(const char *logfile); | 71 | void tail(const char *logfile); |
72 | 72 | ||
73 | #endif \ No newline at end of file | 73 | #endif |
diff --git a/src/fnettrace/hostnames.c b/src/fnettrace/hostnames.c index 4f5641dfb..878a67123 100644 --- a/src/fnettrace/hostnames.c +++ b/src/fnettrace/hostnames.c | |||
@@ -121,4 +121,3 @@ errexit: | |||
121 | fprintf(stderr, "Error: invalid line %d in file %s\n", line, fname); | 121 | fprintf(stderr, "Error: invalid line %d in file %s\n", line, fname); |
122 | exit(1); | 122 | exit(1); |
123 | } | 123 | } |
124 | |||
diff --git a/src/fnettrace/radix.c b/src/fnettrace/radix.c index 97e890bec..a1d510a61 100644 --- a/src/fnettrace/radix.c +++ b/src/fnettrace/radix.c | |||
@@ -152,4 +152,3 @@ char *radix_longest_prefix_match(uint32_t ip) { | |||
152 | 152 | ||
153 | return (rv)? rv->name: NULL; | 153 | return (rv)? rv->name: NULL; |
154 | } | 154 | } |
155 | |||
diff --git a/src/fnettrace/radix.h b/src/fnettrace/radix.h index 85a75d0d7..d75fe3999 100644 --- a/src/fnettrace/radix.h +++ b/src/fnettrace/radix.h | |||
@@ -24,4 +24,4 @@ extern int radix_nodes; | |||
24 | char *radix_longest_prefix_match(uint32_t ip); | 24 | char *radix_longest_prefix_match(uint32_t ip); |
25 | char *radix_add(uint32_t ip, uint32_t mask, char *name); | 25 | char *radix_add(uint32_t ip, uint32_t mask, char *name); |
26 | 26 | ||
27 | #endif \ No newline at end of file | 27 | #endif |
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c index 0a9b7c9b9..0bc521c0d 100644 --- a/src/fsec-optimize/main.c +++ b/src/fsec-optimize/main.c | |||
@@ -33,7 +33,7 @@ int main(int argc, char **argv) { | |||
33 | //system("cat /proc/self/status"); | 33 | //system("cat /proc/self/status"); |
34 | int i; | 34 | int i; |
35 | for (i = 0; i < argc; i++) | 35 | for (i = 0; i < argc; i++) |
36 | printf("*%s* ", argv[i]); | 36 | printf("*%s* ", argv[i]); |
37 | printf("\n"); | 37 | printf("\n"); |
38 | } | 38 | } |
39 | #endif | 39 | #endif |
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c index de93f260e..696c6bc0c 100644 --- a/src/fsec-print/main.c +++ b/src/fsec-print/main.c | |||
@@ -47,7 +47,7 @@ int main(int argc, char **argv) { | |||
47 | //system("cat /proc/self/status"); | 47 | //system("cat /proc/self/status"); |
48 | int i; | 48 | int i; |
49 | for (i = 0; i < argc; i++) | 49 | for (i = 0; i < argc; i++) |
50 | printf("*%s* ", argv[i]); | 50 | printf("*%s* ", argv[i]); |
51 | printf("\n"); | 51 | printf("\n"); |
52 | } | 52 | } |
53 | #endif | 53 | #endif |
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index 1edbad764..57a5a6d67 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c | |||
@@ -58,7 +58,7 @@ int main(int argc, char **argv) { | |||
58 | //system("cat /proc/self/status"); | 58 | //system("cat /proc/self/status"); |
59 | int i; | 59 | int i; |
60 | for (i = 0; i < argc; i++) | 60 | for (i = 0; i < argc; i++) |
61 | printf("*%s* ", argv[i]); | 61 | printf("*%s* ", argv[i]); |
62 | printf("\n"); | 62 | printf("\n"); |
63 | } | 63 | } |
64 | #endif | 64 | #endif |
diff --git a/src/fseccomp/namespaces.c b/src/fseccomp/namespaces.c index ffc1dfe4c..e6c63219f 100644 --- a/src/fseccomp/namespaces.c +++ b/src/fseccomp/namespaces.c | |||
@@ -202,8 +202,8 @@ void deny_ns_32(const char *fname, const char *list) { | |||
202 | // 0003: 20 00 00 00000000 ld data.syscall-number | 202 | // 0003: 20 00 00 00000000 ld data.syscall-number |
203 | // 0004: 06 00 00 7fff0000 ret ALLOW | 203 | // 0004: 06 00 00 7fff0000 ret ALLOW |
204 | // | 204 | // |
205 | if (sizeof(filter)) | 205 | if (sizeof(filter)) |
206 | write_to_file(fd, filter, sizeof(filter)); | 206 | write_to_file(fd, filter, sizeof(filter)); |
207 | 207 | ||
208 | filter_end_blacklist(fd); | 208 | filter_end_blacklist(fd); |
209 | 209 | ||
diff --git a/src/include/gcov_wrapper.h b/src/include/gcov_wrapper.h index b56b4e736..7c8f89d59 100644 --- a/src/include/gcov_wrapper.h +++ b/src/include/gcov_wrapper.h | |||
@@ -33,8 +33,8 @@ | |||
33 | */ | 33 | */ |
34 | #if __GNUC__ > 11 || (__GNUC__ == 11 && __GNUC_MINOR__ >= 1) | 34 | #if __GNUC__ > 11 || (__GNUC__ == 11 && __GNUC_MINOR__ >= 1) |
35 | static void __gcov_flush(void) { | 35 | static void __gcov_flush(void) { |
36 | __gcov_dump(); | 36 | __gcov_dump(); |
37 | __gcov_reset(); | 37 | __gcov_reset(); |
38 | } | 38 | } |
39 | #endif | 39 | #endif |
40 | #else | 40 | #else |
diff --git a/src/include/seccomp.h b/src/include/seccomp.h index ef3fe6c3a..fc07b75ce 100644 --- a/src/include/seccomp.h +++ b/src/include/seccomp.h | |||
@@ -194,24 +194,24 @@ | |||
194 | #endif | 194 | #endif |
195 | 195 | ||
196 | #define VALIDATE_ARCHITECTURE \ | 196 | #define VALIDATE_ARCHITECTURE \ |
197 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ | 197 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ |
198 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \ | 198 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \ |
199 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) | 199 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) |
200 | 200 | ||
201 | #define VALIDATE_ARCHITECTURE_KILL \ | 201 | #define VALIDATE_ARCHITECTURE_KILL \ |
202 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ | 202 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ |
203 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \ | 203 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \ |
204 | KILL_OR_RETURN_ERRNO | 204 | KILL_OR_RETURN_ERRNO |
205 | 205 | ||
206 | #define VALIDATE_ARCHITECTURE_64 \ | 206 | #define VALIDATE_ARCHITECTURE_64 \ |
207 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ | 207 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ |
208 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_64, 1, 0), \ | 208 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_64, 1, 0), \ |
209 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) | 209 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) |
210 | 210 | ||
211 | #define VALIDATE_ARCHITECTURE_32 \ | 211 | #define VALIDATE_ARCHITECTURE_32 \ |
212 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ | 212 | BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ |
213 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_32, 1, 0), \ | 213 | BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_32, 1, 0), \ |
214 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) | 214 | BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) |
215 | 215 | ||
216 | #ifndef X32_SYSCALL_BIT | 216 | #ifndef X32_SYSCALL_BIT |
217 | #define X32_SYSCALL_BIT 0x40000000 | 217 | #define X32_SYSCALL_BIT 0x40000000 |
diff --git a/src/jailcheck/apparmor.c b/src/jailcheck/apparmor.c index 9b6b72fb7..658928ed5 100644 --- a/src/jailcheck/apparmor.c +++ b/src/jailcheck/apparmor.c | |||
@@ -37,4 +37,3 @@ void apparmor_test(pid_t pid) { | |||
37 | return; | 37 | return; |
38 | } | 38 | } |
39 | #endif | 39 | #endif |
40 | |||
diff --git a/src/jailcheck/network.c b/src/jailcheck/network.c index 961a66105..a4d5eeec1 100644 --- a/src/jailcheck/network.c +++ b/src/jailcheck/network.c | |||
@@ -52,6 +52,3 @@ void network_test(void) { | |||
52 | else | 52 | else |
53 | printf(" Networking: disabled\n"); | 53 | printf(" Networking: disabled\n"); |
54 | } | 54 | } |
55 | |||
56 | |||
57 | |||
diff --git a/src/jailcheck/noexec.c b/src/jailcheck/noexec.c index a78272591..bfeff9c7f 100644 --- a/src/jailcheck/noexec.c +++ b/src/jailcheck/noexec.c | |||
@@ -76,7 +76,7 @@ void noexec_test(const char *path) { | |||
76 | 76 | ||
77 | if (child == 0) { // child | 77 | if (child == 0) { // child |
78 | // drop privileges | 78 | // drop privileges |
79 | if (setgid(user_gid) != 0) | 79 | if (setgid(user_gid) != 0) |
80 | errExit("setgid"); | 80 | errExit("setgid"); |
81 | if (setuid(user_uid) != 0) | 81 | if (setuid(user_uid) != 0) |
82 | errExit("setuid"); | 82 | errExit("setuid"); |
diff --git a/src/jailcheck/utils.c b/src/jailcheck/utils.c index 8460c1bf7..97fe8833b 100644 --- a/src/jailcheck/utils.c +++ b/src/jailcheck/utils.c | |||
@@ -99,4 +99,3 @@ int find_child(int id) { | |||
99 | // this happens for processes sandboxed with --join | 99 | // this happens for processes sandboxed with --join |
100 | return first_child; | 100 | return first_child; |
101 | } | 101 | } |
102 | |||
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c index 97e36e5c9..25f0cc12e 100644 --- a/src/libtrace/libtrace.c +++ b/src/libtrace/libtrace.c | |||
@@ -35,11 +35,11 @@ | |||
35 | #include "../include/rundefs.h" | 35 | #include "../include/rundefs.h" |
36 | 36 | ||
37 | #define tprintf(fp, args...) \ | 37 | #define tprintf(fp, args...) \ |
38 | do { \ | 38 | do { \ |
39 | if (!fp)\ | 39 | if (!fp)\ |
40 | init(); \ | 40 | init(); \ |
41 | fprintf(fp, args); \ | 41 | fprintf(fp, args); \ |
42 | } while(0) | 42 | } while(0) |
43 | 43 | ||
44 | // break recursivity on fopen call | 44 | // break recursivity on fopen call |
45 | typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode); | 45 | typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode); |
@@ -515,7 +515,7 @@ int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { | |||
515 | if (!orig_connect) | 515 | if (!orig_connect) |
516 | orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect"); | 516 | orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect"); |
517 | 517 | ||
518 | int rv = orig_connect(sockfd, addr, addrlen); | 518 | int rv = orig_connect(sockfd, addr, addrlen); |
519 | print_sockaddr(sockfd, "connect", addr, rv); | 519 | print_sockaddr(sockfd, "connect", addr, rv); |
520 | 520 | ||
521 | return rv; | 521 | return rv; |
diff --git a/src/profstats/main.c b/src/profstats/main.c index 90a5f405d..d5e57e7cc 100644 --- a/src/profstats/main.c +++ b/src/profstats/main.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* | 1 | /* |
2 | * Copyright (C) 2014-2023 Firejail Authors | 2 | * Copyright (C) 2014-2023 Firejail Authors |
3 | * | 3 | * |
4 | * This file is part of firejail project | 4 | * This file is part of firejail project |
@@ -166,7 +166,7 @@ static void process_file(char *fname) { | |||
166 | else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0) | 166 | else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0) |
167 | cnt_whitelistvar++; | 167 | cnt_whitelistvar++; |
168 | else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 || | 168 | else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 || |
169 | strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0) | 169 | strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0) |
170 | cnt_whitelistrunuser++; | 170 | cnt_whitelistrunuser++; |
171 | else if (strncmp(ptr, "include whitelist-common.inc", 28) == 0) | 171 | else if (strncmp(ptr, "include whitelist-common.inc", 28) == 0) |
172 | cnt_whitelisthome++; | 172 | cnt_whitelisthome++; |
@@ -283,10 +283,10 @@ int main(int argc, char **argv) { | |||
283 | arg_dbus_user_none = 1; | 283 | arg_dbus_user_none = 1; |
284 | else if (*argv[i] == '-') { | 284 | else if (*argv[i] == '-') { |
285 | fprintf(stderr, "Error: invalid option %s\n", argv[i]); | 285 | fprintf(stderr, "Error: invalid option %s\n", argv[i]); |
286 | return 1; | 286 | return 1; |
287 | } | 287 | } |
288 | else | 288 | else |
289 | break; | 289 | break; |
290 | } | 290 | } |
291 | 291 | ||
292 | start = i; | 292 | start = i; |
diff --git a/src/tools/extract_seccomp.c b/src/tools/extract_seccomp.c index 0482dfd88..69e20317a 100644 --- a/src/tools/extract_seccomp.c +++ b/src/tools/extract_seccomp.c | |||
@@ -31,10 +31,13 @@ | |||
31 | #include <linux/filter.h> | 31 | #include <linux/filter.h> |
32 | 32 | ||
33 | #define MAXBUF 1024 | 33 | #define MAXBUF 1024 |
34 | #define errExit(msg) { char msgout[256]; \ | 34 | #define errExit(msg) \ |
35 | snprintf(msgout, 256, "Error %d: %s", __LINE__, (msg)); \ | 35 | do { \ |
36 | perror(msgout); \ | 36 | char msgout[256]; \ |
37 | exit(1); } | 37 | snprintf(msgout, 256, "Error %d: %s", __LINE__, (msg)); \ |
38 | perror(msgout); \ | ||
39 | exit(1); \ | ||
40 | } while (0); | ||
38 | 41 | ||
39 | // dump all seccomp filters of a process | 42 | // dump all seccomp filters of a process |
40 | // for further analysis with fsec-print | 43 | // for further analysis with fsec-print |
diff --git a/src/zsh_completion/.editorconfig b/src/zsh_completion/.editorconfig new file mode 100644 index 000000000..15ca952a4 --- /dev/null +++ b/src/zsh_completion/.editorconfig | |||
@@ -0,0 +1,3 @@ | |||
1 | [_*{,.in}] | ||
2 | indent_size = 4 | ||
3 | indent_style = space | ||