fix previous commit, more seccomp testing

author: netblue30 <netblue30@yahoo.com> 2019-04-09 16:56:58 -0400
committer: netblue30 <netblue30@yahoo.com> 2019-04-09 16:56:58 -0400
commit: a5a02b708e871086854fc5da3d8d69beb4acf490 (patch)
tree: c11cbcb1c45a93d3b705ebbce977e905aea4b091 /src
parent: seccomp fixes (diff)
download: firejail-a5a02b708e871086854fc5da3d8d69beb4acf490.tar.gz
firejail-a5a02b708e871086854fc5da3d8d69beb4acf490.tar.zst
firejail-a5a02b708e871086854fc5da3d8d69beb4acf490.zip
5 files changed, 105 insertions, 28 deletions
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in
index d0f43041c..8cb994aca 100644
--- a/src/firejail/Makefile.in
+++ b/src/firejail/Makefile.in
@@ -2,7 +2,7 @@ all: firejail
 include ../common.mk
-%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h
+%.o : %.c $(H_FILE_LIST) ../include/rundefs.h ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h
        $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
 firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o
diff --git a/src/include/rundefs.h b/src/include/rundefs.h
new file mode 100644
index 000000000..67d7cfa4f
--- /dev/null
+++ b/src/include/rundefs.h
@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2014-2019 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#ifndef RUNDEFS_H
+#define RUNDEFS_H
+// filesystem
+#define RUN_FIREJAIL_BASEDIR    "/run"
+#define RUN_FIREJAIL_DIR        "/run/firejail"
+#define RUN_FIREJAIL_APPIMAGE_DIR       "/run/firejail/appimage"
+#define RUN_FIREJAIL_NAME_DIR   "/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place
+#define RUN_FIREJAIL_LIB_DIR            "/run/firejail/lib"
+#define RUN_FIREJAIL_X11_DIR    "/run/firejail/x11"
+#define RUN_FIREJAIL_NETWORK_DIR        "/run/firejail/network"
+#define RUN_FIREJAIL_BANDWIDTH_DIR      "/run/firejail/bandwidth"
+#define RUN_FIREJAIL_PROFILE_DIR                "/run/firejail/profile"
+#define RUN_NETWORK_LOCK_FILE   "/run/firejail/firejail-network.lock"
+#define RUN_DIRECTORY_LOCK_FILE "/run/firejail/firejail-run.lock"
+#define RUN_RO_DIR      "/run/firejail/firejail.ro.dir"
+#define RUN_RO_FILE     "/run/firejail/firejail.ro.file"
+#define RUN_MNT_DIR     "/run/firejail/mnt"     // a tmpfs is mounted on this directory before any of the files below are created
+#define RUN_CGROUP_CFG  "/run/firejail/mnt/cgroup"
+#define RUN_CPU_CFG     "/run/firejail/mnt/cpu"
+#define RUN_GROUPS_CFG  "/run/firejail/mnt/groups"
+#define RUN_PROTOCOL_CFG        "/run/firejail/mnt/protocol"
+#define RUN_NONEWPRIVS_CFG      "/run/firejail/mnt/nonewprivs"
+#define RUN_HOME_DIR    "/run/firejail/mnt/home"
+#define RUN_ETC_DIR     "/run/firejail/mnt/etc"
+#define RUN_OPT_DIR     "/run/firejail/mnt/opt"
+#define RUN_SRV_DIR     "/run/firejail/mnt/srv"
+#define RUN_BIN_DIR     "/run/firejail/mnt/bin"
+#define RUN_PULSE_DIR   "/run/firejail/mnt/pulse"
+#define RUN_LIB_DIR     "/run/firejail/mnt/lib"
+#define RUN_LIB_FILE    "/run/firejail/mnt/libfiles"
+#define RUN_DNS_ETC     "/run/firejail/mnt/dns-etc"
+#define RUN_SECCOMP_DIR "/run/firejail/mnt/seccomp"
+#define RUN_SECCOMP_LIST        "/run/firejail/mnt/seccomp/seccomp.list"        // list of seccomp files installed
+#define RUN_SECCOMP_PROTOCOL    "/run/firejail/mnt/seccomp/seccomp.protocol"    // protocol filter
+#define RUN_SECCOMP_CFG "/run/firejail/mnt/seccomp/seccomp"                     // configured filter
+#define RUN_SECCOMP_32          "/run/firejail/mnt/seccomp/seccomp.32"          // 32bit arch filter installed on 64bit architectures
+#define RUN_SECCOMP_MDWX        "/run/firejail/mnt/seccomp/seccomp.mdwx"                // filter for memory-deny-write-execute
+#define RUN_SECCOMP_BLOCK_SECONDARY     "/run/firejail/mnt/seccomp/seccomp.block_secondary"     // secondary arch blocking filter
+#define RUN_SECCOMP_POSTEXEC    "/run/firejail/mnt/seccomp/seccomp.postexec"            // filter for post-exec library
+#define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp")                       // default filter built during make
+#define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug")   // default filter built during make
+#define PATH_SECCOMP_32 (LIBDIR "/firejail/seccomp.32")                 // 32bit arch filter built during make
+#define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx")             // filter for memory-deny-write-execute built during make
+#define PATH_SECCOMP_BLOCK_SECONDARY (LIBDIR "/firejail/seccomp.block_secondary")       // secondary arch blocking filter built during make
+#define RUN_DEV_DIR             "/run/firejail/mnt/dev"
+#define RUN_DEVLOG_FILE "/run/firejail/mnt/devlog"
+#define RUN_WHITELIST_X11_DIR   "/run/firejail/mnt/orig-x11"
+#define RUN_WHITELIST_HOME_DIR  "/run/firejail/mnt/orig-home"   // default home directory masking
+#define RUN_WHITELIST_RUN_DIR   "/run/firejail/mnt/orig-run"    // default run directory masking
+#define RUN_WHITELIST_HOME_USER_DIR     "/run/firejail/mnt/orig-home-user"      // home directory whitelisting
+#define RUN_WHITELIST_RUN_USER_DIR      "/run/firejail/mnt/orig-run-user"       // run directory whitelisting
+#define RUN_WHITELIST_TMP_DIR   "/run/firejail/mnt/orig-tmp"
+#define RUN_WHITELIST_MEDIA_DIR "/run/firejail/mnt/orig-media"
+#define RUN_WHITELIST_MNT_DIR   "/run/firejail/mnt/orig-mnt"
+#define RUN_WHITELIST_VAR_DIR   "/run/firejail/mnt/orig-var"
+#define RUN_WHITELIST_DEV_DIR   "/run/firejail/mnt/orig-dev"
+#define RUN_WHITELIST_OPT_DIR   "/run/firejail/mnt/orig-opt"
+#define RUN_WHITELIST_SRV_DIR   "/run/firejail/mnt/orig-srv"
+#define RUN_WHITELIST_ETC_DIR   "/run/firejail/mnt/orig-etc"
+#define RUN_WHITELIST_SHARE_DIR   "/run/firejail/mnt/orig-share"
+#define RUN_WHITELIST_MODULE_DIR   "/run/firejail/mnt/orig-module"
+#define RUN_XAUTHORITY_FILE     "/run/firejail/mnt/.Xauthority"
+#define RUN_XAUTHORITY_SEC_FILE "/run/firejail/mnt/sec.Xauthority"
+#define RUN_ASOUNDRC_FILE       "/run/firejail/mnt/.asoundrc"
+#define RUN_HOSTNAME_FILE       "/run/firejail/mnt/hostname"
+#define RUN_HOSTS_FILE  "/run/firejail/mnt/hosts"
+#define RUN_MACHINEID   "/run/firejail/mnt/machine-id"
+#define RUN_LDPRELOAD_FILE      "/run/firejail/mnt/ld.so.preload"
+#define RUN_UTMP_FILE           "/run/firejail/mnt/utmp"
+#define RUN_PASSWD_FILE         "/run/firejail/mnt/passwd"
+#define RUN_GROUP_FILE          "/run/firejail/mnt/group"
+#define RUN_FSLOGGER_FILE               "/run/firejail/mnt/fslogger"
+#define RUN_UMASK_FILE          "/run/firejail/mnt/umask"
+#define RUN_OVERLAY_ROOT        "/run/firejail/mnt/oroot"
+#define RUN_READY_FOR_JOIN      "/run/firejail/mnt/ready-for-join"
+#endif
diff --git a/src/libpostexecseccomp/libpostexecseccomp.h b/src/libpostexecseccomp/libpostexecseccomp.h
deleted file mode 100644
index 908364d43..000000000
--- a/src/libpostexecseccomp/libpostexecseccomp.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Copyright (C) 2014-2019 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#ifndef LIBPOSTEXECSECCOMP_H
-#define LIBPOSTEXECSECCOMP_H
-#define RUN_SECCOMP_POSTEXEC    "/run/firejail/mnt/seccomp.postexec"
-#endif
diff --git a/src/libtracelog/Makefile.in b/src/libtracelog/Makefile.in
index 3927c762a..5c27f3cb3 100644
--- a/src/libtracelog/Makefile.in
+++ b/src/libtracelog/Makefile.in
@@ -13,7 +13,7 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now
 all: libtracelog.so
-%.o : %.c $(H_FILE_LIST)
+%.o : %.c $(H_FILE_LIST) ../include/rundefs.h
        $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@
 libtracelog.so: $(OBJS)
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c
index 420c9370c..3641a81af 100644
--- a/src/libtracelog/libtracelog.c
+++ b/src/libtracelog/libtracelog.c
@@ -32,6 +32,7 @@
 #include <syslog.h>
 #include <dirent.h>
 #include <limits.h>
+#include "../include/rundefs.h"
 //#define DEBUG
@@ -163,7 +164,6 @@ static char *storage_find(const char *str) {
 //
 // load blacklist form /run/firejail/mnt/fslogger
 //
-#define RUN_FSLOGGER_FILE               "/run/firejail/mnt/fslogger"
 #define MAXBUF 4096
 static int blacklist_loaded = 0;
 static char *sandbox_pid_str = NULL;
author	netblue30 <netblue30@yahoo.com>	2019-04-09 16:56:58 -0400
committer	netblue30 <netblue30@yahoo.com>	2019-04-09 16:56:58 -0400
commit	a5a02b708e871086854fc5da3d8d69beb4acf490 (patch)
tree	c11cbcb1c45a93d3b705ebbce977e905aea4b091 /src
parent	seccomp fixes (diff)
download	firejail-a5a02b708e871086854fc5da3d8d69beb4acf490.tar.gz firejail-a5a02b708e871086854fc5da3d8d69beb4acf490.tar.zst firejail-a5a02b708e871086854fc5da3d8d69beb4acf490.zip

diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index d0f43041c..8cb994aca 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in
@@ -2,7 +2,7 @@ all: firejail
2		2
3	include ../common.mk	3	include ../common.mk
4		4
5	%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h	5	%.o : %.c $(H_FILE_LIST) ../include/rundefs.h ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h
6	$(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@	6	$(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@
7		7
8	firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o	8	firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o


diff --git a/src/include/rundefs.h b/src/include/rundefs.h new file mode 100644 index 000000000..67d7cfa4f --- /dev/null +++ b/src/include/rundefs.h
@@ -0,0 +1,102 @@
		1	/*
		2	* Copyright (C) 2014-2019 Firejail Authors
		3	*
		4	* This file is part of firejail project
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License as published by
		8	* the Free Software Foundation; either version 2 of the License, or
		9	* (at your option) any later version.
		10	*
		11	* This program is distributed in the hope that it will be useful,
		12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	* GNU General Public License for more details.
		15	*
		16	* You should have received a copy of the GNU General Public License along
		17	* with this program; if not, write to the Free Software Foundation, Inc.,
		18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
		19	*/
		20
		21	#ifndef RUNDEFS_H
		22	#define RUNDEFS_H
		23	// filesystem
		24	#define RUN_FIREJAIL_BASEDIR "/run"
		25	#define RUN_FIREJAIL_DIR "/run/firejail"
		26	#define RUN_FIREJAIL_APPIMAGE_DIR "/run/firejail/appimage"
		27	#define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place
		28	#define RUN_FIREJAIL_LIB_DIR "/run/firejail/lib"
		29	#define RUN_FIREJAIL_X11_DIR "/run/firejail/x11"
		30	#define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network"
		31	#define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth"
		32	#define RUN_FIREJAIL_PROFILE_DIR "/run/firejail/profile"
		33	#define RUN_NETWORK_LOCK_FILE "/run/firejail/firejail-network.lock"
		34	#define RUN_DIRECTORY_LOCK_FILE "/run/firejail/firejail-run.lock"
		35	#define RUN_RO_DIR "/run/firejail/firejail.ro.dir"
		36	#define RUN_RO_FILE "/run/firejail/firejail.ro.file"
		37	#define RUN_MNT_DIR "/run/firejail/mnt" // a tmpfs is mounted on this directory before any of the files below are created
		38	#define RUN_CGROUP_CFG "/run/firejail/mnt/cgroup"
		39	#define RUN_CPU_CFG "/run/firejail/mnt/cpu"
		40	#define RUN_GROUPS_CFG "/run/firejail/mnt/groups"
		41	#define RUN_PROTOCOL_CFG "/run/firejail/mnt/protocol"
		42	#define RUN_NONEWPRIVS_CFG "/run/firejail/mnt/nonewprivs"
		43	#define RUN_HOME_DIR "/run/firejail/mnt/home"
		44	#define RUN_ETC_DIR "/run/firejail/mnt/etc"
		45	#define RUN_OPT_DIR "/run/firejail/mnt/opt"
		46	#define RUN_SRV_DIR "/run/firejail/mnt/srv"
		47	#define RUN_BIN_DIR "/run/firejail/mnt/bin"
		48	#define RUN_PULSE_DIR "/run/firejail/mnt/pulse"
		49	#define RUN_LIB_DIR "/run/firejail/mnt/lib"
		50	#define RUN_LIB_FILE "/run/firejail/mnt/libfiles"
		51	#define RUN_DNS_ETC "/run/firejail/mnt/dns-etc"
		52
		53	#define RUN_SECCOMP_DIR "/run/firejail/mnt/seccomp"
		54	#define RUN_SECCOMP_LIST "/run/firejail/mnt/seccomp/seccomp.list" // list of seccomp files installed
		55	#define RUN_SECCOMP_PROTOCOL "/run/firejail/mnt/seccomp/seccomp.protocol" // protocol filter
		56	#define RUN_SECCOMP_CFG "/run/firejail/mnt/seccomp/seccomp" // configured filter
		57	#define RUN_SECCOMP_32 "/run/firejail/mnt/seccomp/seccomp.32" // 32bit arch filter installed on 64bit architectures
		58	#define RUN_SECCOMP_MDWX "/run/firejail/mnt/seccomp/seccomp.mdwx" // filter for memory-deny-write-execute
		59	#define RUN_SECCOMP_BLOCK_SECONDARY "/run/firejail/mnt/seccomp/seccomp.block_secondary" // secondary arch blocking filter
		60	#define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp/seccomp.postexec" // filter for post-exec library
		61	#define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp") // default filter built during make
		62	#define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug") // default filter built during make
		63	#define PATH_SECCOMP_32 (LIBDIR "/firejail/seccomp.32") // 32bit arch filter built during make
		64	#define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx") // filter for memory-deny-write-execute built during make
		65	#define PATH_SECCOMP_BLOCK_SECONDARY (LIBDIR "/firejail/seccomp.block_secondary") // secondary arch blocking filter built during make
		66
		67
		68	#define RUN_DEV_DIR "/run/firejail/mnt/dev"
		69	#define RUN_DEVLOG_FILE "/run/firejail/mnt/devlog"
		70
		71	#define RUN_WHITELIST_X11_DIR "/run/firejail/mnt/orig-x11"
		72	#define RUN_WHITELIST_HOME_DIR "/run/firejail/mnt/orig-home" // default home directory masking
		73	#define RUN_WHITELIST_RUN_DIR "/run/firejail/mnt/orig-run" // default run directory masking
		74	#define RUN_WHITELIST_HOME_USER_DIR "/run/firejail/mnt/orig-home-user" // home directory whitelisting
		75	#define RUN_WHITELIST_RUN_USER_DIR "/run/firejail/mnt/orig-run-user" // run directory whitelisting
		76	#define RUN_WHITELIST_TMP_DIR "/run/firejail/mnt/orig-tmp"
		77	#define RUN_WHITELIST_MEDIA_DIR "/run/firejail/mnt/orig-media"
		78	#define RUN_WHITELIST_MNT_DIR "/run/firejail/mnt/orig-mnt"
		79	#define RUN_WHITELIST_VAR_DIR "/run/firejail/mnt/orig-var"
		80	#define RUN_WHITELIST_DEV_DIR "/run/firejail/mnt/orig-dev"
		81	#define RUN_WHITELIST_OPT_DIR "/run/firejail/mnt/orig-opt"
		82	#define RUN_WHITELIST_SRV_DIR "/run/firejail/mnt/orig-srv"
		83	#define RUN_WHITELIST_ETC_DIR "/run/firejail/mnt/orig-etc"
		84	#define RUN_WHITELIST_SHARE_DIR "/run/firejail/mnt/orig-share"
		85	#define RUN_WHITELIST_MODULE_DIR "/run/firejail/mnt/orig-module"
		86
		87	#define RUN_XAUTHORITY_FILE "/run/firejail/mnt/.Xauthority"
		88	#define RUN_XAUTHORITY_SEC_FILE "/run/firejail/mnt/sec.Xauthority"
		89	#define RUN_ASOUNDRC_FILE "/run/firejail/mnt/.asoundrc"
		90	#define RUN_HOSTNAME_FILE "/run/firejail/mnt/hostname"
		91	#define RUN_HOSTS_FILE "/run/firejail/mnt/hosts"
		92	#define RUN_MACHINEID "/run/firejail/mnt/machine-id"
		93	#define RUN_LDPRELOAD_FILE "/run/firejail/mnt/ld.so.preload"
		94	#define RUN_UTMP_FILE "/run/firejail/mnt/utmp"
		95	#define RUN_PASSWD_FILE "/run/firejail/mnt/passwd"
		96	#define RUN_GROUP_FILE "/run/firejail/mnt/group"
		97	#define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger"
		98	#define RUN_UMASK_FILE "/run/firejail/mnt/umask"
		99	#define RUN_OVERLAY_ROOT "/run/firejail/mnt/oroot"
		100	#define RUN_READY_FOR_JOIN "/run/firejail/mnt/ready-for-join"
		101
		102	#endif


diff --git a/src/libpostexecseccomp/libpostexecseccomp.h b/src/libpostexecseccomp/libpostexecseccomp.h deleted file mode 100644 index 908364d43..000000000 --- a/src/libpostexecseccomp/libpostexecseccomp.h +++ /dev/null
@@ -1,25 +0,0 @@
1	/*
2	* Copyright (C) 2014-2019 Firejail Authors
3	*
4	* This file is part of firejail project
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 2 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License along
17	* with this program; if not, write to the Free Software Foundation, Inc.,
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/
20	#ifndef LIBPOSTEXECSECCOMP_H
21	#define LIBPOSTEXECSECCOMP_H
22
23	#define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp.postexec"
24
25	#endif


diff --git a/src/libtracelog/Makefile.in b/src/libtracelog/Makefile.in index 3927c762a..5c27f3cb3 100644 --- a/src/libtracelog/Makefile.in +++ b/src/libtracelog/Makefile.in
@@ -13,7 +13,7 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now
13		13
14	all: libtracelog.so	14	all: libtracelog.so
15		15
16	%.o : %.c $(H_FILE_LIST)	16	%.o : %.c $(H_FILE_LIST) ../include/rundefs.h
17	$(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@	17	$(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@
18		18
19	libtracelog.so: $(OBJS)	19	libtracelog.so: $(OBJS)


diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c index 420c9370c..3641a81af 100644 --- a/src/libtracelog/libtracelog.c +++ b/src/libtracelog/libtracelog.c
@@ -32,6 +32,7 @@
32	#include <syslog.h>	32	#include <syslog.h>
33	#include <dirent.h>	33	#include <dirent.h>
34	#include <limits.h>	34	#include <limits.h>
		35	#include "../include/rundefs.h"
35		36
36	//#define DEBUG	37	//#define DEBUG
37		38
@@ -163,7 +164,6 @@ static char storage_find(const char str) {
163	//	164	//
164	// load blacklist form /run/firejail/mnt/fslogger	165	// load blacklist form /run/firejail/mnt/fslogger
165	//	166	//
166	#define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger"
167	#define MAXBUF 4096	167	#define MAXBUF 4096
168	static int blacklist_loaded = 0;	168	static int blacklist_loaded = 0;
169	static char *sandbox_pid_str = NULL;	169	static char *sandbox_pid_str = NULL;