firecfg: parse config files in /etc/firejail/firecfg.d

As suggested by @WhyNotHugo[1]. [1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-06-29 18:22:10 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-08-04 17:25:20 -0300
commit: 2993298aaa7b6e70dd1bfc1b698db77390f397fd (patch)
tree: fb81818fefc587f3cbcd6a15c6a72fe6dfaf0731 /src
parent: firecfg: turn constant strings into constants (diff)
download: firejail-2993298aaa7b6e70dd1bfc1b698db77390f397fd.tar.gz
firejail-2993298aaa7b6e70dd1bfc1b698db77390f397fd.tar.zst
firejail-2993298aaa7b6e70dd1bfc1b698db77390f397fd.zip
2 files changed, 33 insertions, 1 deletions
diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h
index 6e17c20cf..11e3ebc67 100644
--- a/src/firecfg/firecfg.h
+++ b/src/firecfg/firecfg.h
@@ -37,7 +37,11 @@
 #include "../include/common.h"
 #define MAX_BUF 4096
+// config files
 #define FIRECFG_CFGFILE SYSCONFDIR "/firecfg.config"
+#define FIRECFG_CONF_GLOB SYSCONFDIR "/firecfg.d/*.conf"
+// programs
 #define FIREJAIL_EXEC PREFIX "/bin/firejail"
 #define FIREJAIL_WELCOME_SH LIBDIR "/firejail/firejail-welcome.sh"
 #define FZENITY_EXEC        LIBDIR "/firejail/fzenity"
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index 0d995a6dd..35fa850f1 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -20,6 +20,8 @@
 #include "firecfg.h"
 #include "../include/firejail_user.h"
+#include <glob.h>
 int arg_debug = 0;
 char *arg_bindir = "/usr/local/bin";
 int arg_guide = 0;
@@ -209,6 +211,29 @@ static void set_links_firecfg(const char *cfgfile) {
        }
        fclose(fp);
+        printf("\n");
+}
+// parse all config files matching pattern
+static void set_links_firecfg_glob(const char *pattern) {
+        printf("Looking for config files in %s\n", pattern);
+        glob_t globbuf;
+        int globerr = glob(pattern, 0, NULL, &globbuf);
+        if (globerr == GLOB_NOMATCH) {
+                fprintf(stderr, "No matches for glob pattern %s\n", pattern);
+                goto out;
+        } else if (globerr != 0) {
+                fprintf(stderr, "Warning: Failed to match glob pattern %s: %s\n",
+                        pattern, strerror(errno));
+                goto out;
+        }
+        size_t i;
+        for (i = 0; i < globbuf.gl_pathc; i++)
+                set_links_firecfg(globbuf.gl_pathv[i]);
+out:
+        globfree(&globbuf);
 }
 // parse ~/.config/firejail/ directory
@@ -450,12 +475,15 @@ int main(int argc, char **argv) {
        // clear all symlinks
        clean();
+        // set new symlinks based on .conf files
+        set_links_firecfg_glob(FIRECFG_CONF_GLOB);
        // set new symlinks based on firecfg.config
        set_links_firecfg(FIRECFG_CFGFILE);
        if (getuid() == 0) {
                // add user to firejail access database - only for root
-                printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
+                printf("Adding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
                // temporarily set the umask, access database must be world-readable
                mode_t orig_umask = umask(022);
                firejail_user_add(user);
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-06-29 18:22:10 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-08-04 17:25:20 -0300
commit	2993298aaa7b6e70dd1bfc1b698db77390f397fd (patch)
tree	fb81818fefc587f3cbcd6a15c6a72fe6dfaf0731 /src
parent	firecfg: turn constant strings into constants (diff)
download	firejail-2993298aaa7b6e70dd1bfc1b698db77390f397fd.tar.gz firejail-2993298aaa7b6e70dd1bfc1b698db77390f397fd.tar.zst firejail-2993298aaa7b6e70dd1bfc1b698db77390f397fd.zip

diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h index 6e17c20cf..11e3ebc67 100644 --- a/src/firecfg/firecfg.h +++ b/src/firecfg/firecfg.h
@@ -37,7 +37,11 @@
37	#include "../include/common.h"	37	#include "../include/common.h"
38	#define MAX_BUF 4096	38	#define MAX_BUF 4096
39		39
		40	// config files
40	#define FIRECFG_CFGFILE SYSCONFDIR "/firecfg.config"	41	#define FIRECFG_CFGFILE SYSCONFDIR "/firecfg.config"
		42	#define FIRECFG_CONF_GLOB SYSCONFDIR "/firecfg.d/*.conf"
		43
		44	// programs
41	#define FIREJAIL_EXEC PREFIX "/bin/firejail"	45	#define FIREJAIL_EXEC PREFIX "/bin/firejail"
42	#define FIREJAIL_WELCOME_SH LIBDIR "/firejail/firejail-welcome.sh"	46	#define FIREJAIL_WELCOME_SH LIBDIR "/firejail/firejail-welcome.sh"
43	#define FZENITY_EXEC LIBDIR "/firejail/fzenity"	47	#define FZENITY_EXEC LIBDIR "/firejail/fzenity"


diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 0d995a6dd..35fa850f1 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c
@@ -20,6 +20,8 @@
20		20
21	#include "firecfg.h"	21	#include "firecfg.h"
22	#include "../include/firejail_user.h"	22	#include "../include/firejail_user.h"
		23	#include <glob.h>
		24
23	int arg_debug = 0;	25	int arg_debug = 0;
24	char *arg_bindir = "/usr/local/bin";	26	char *arg_bindir = "/usr/local/bin";
25	int arg_guide = 0;	27	int arg_guide = 0;
@@ -209,6 +211,29 @@ static void set_links_firecfg(const char *cfgfile) {
209	}	211	}
210		212
211	fclose(fp);	213	fclose(fp);
		214	printf("\n");
		215	}
		216
		217	// parse all config files matching pattern
		218	static void set_links_firecfg_glob(const char *pattern) {
		219	printf("Looking for config files in %s\n", pattern);
		220
		221	glob_t globbuf;
		222	int globerr = glob(pattern, 0, NULL, &globbuf);
		223	if (globerr == GLOB_NOMATCH) {
		224	fprintf(stderr, "No matches for glob pattern %s\n", pattern);
		225	goto out;
		226	} else if (globerr != 0) {
		227	fprintf(stderr, "Warning: Failed to match glob pattern %s: %s\n",
		228	pattern, strerror(errno));
		229	goto out;
		230	}
		231
		232	size_t i;
		233	for (i = 0; i < globbuf.gl_pathc; i++)
		234	set_links_firecfg(globbuf.gl_pathv[i]);
		235	out:
		236	globfree(&globbuf);
212	}	237	}
213		238
214	// parse ~/.config/firejail/ directory	239	// parse ~/.config/firejail/ directory
@@ -450,12 +475,15 @@ int main(int argc, char **argv) {
450	// clear all symlinks	475	// clear all symlinks
451	clean();	476	clean();
452		477
		478	// set new symlinks based on .conf files
		479	set_links_firecfg_glob(FIRECFG_CONF_GLOB);
		480
453	// set new symlinks based on firecfg.config	481	// set new symlinks based on firecfg.config
454	set_links_firecfg(FIRECFG_CFGFILE);	482	set_links_firecfg(FIRECFG_CFGFILE);
455		483
456	if (getuid() == 0) {	484	if (getuid() == 0) {
457	// add user to firejail access database - only for root	485	// add user to firejail access database - only for root
458	printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);	486	printf("Adding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
459	// temporarily set the umask, access database must be world-readable	487	// temporarily set the umask, access database must be world-readable
460	mode_t orig_umask = umask(022);	488	mode_t orig_umask = umask(022);
461	firejail_user_add(user);	489	firejail_user_add(user);