aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar Kelvin M. Klann <kmk3.code@protonmail.com>2021-10-05 17:54:03 -0300
committerLibravatar Kelvin M. Klann <kmk3.code@protonmail.com>2021-10-06 15:19:52 -0300
commita7e4b9b9b20bc62985e03435e2eee41dd62e0318 (patch)
tree94653e21cfae01b7d1f607d46be46ff088e02f0c /src
parentbuild_profile.c: fix typo of "begins" (diff)
downloadfirejail-a7e4b9b9b20bc62985e03435e2eee41dd62e0318.tar.gz
firejail-a7e4b9b9b20bc62985e03435e2eee41dd62e0318.tar.zst
firejail-a7e4b9b9b20bc62985e03435e2eee41dd62e0318.zip
Revert "allow/deny fbuilder"
This reverts commit 4438f14f2892b5c88d158ae8fad0a80a2eebfd44. Also, partially revert related commit e4307b409 ("fix whitelist/allow in make test-utils") to keep the tests working. The profiles are being generated using aliases, which are not used on the profiles in the repository. So generate them using the normal commands for consistency. See also commit dd13595b8 ("Revert "allow/deny help and man pages"") / PR #4502. Relates to #4410. Misc: I noticed this on issue #4592.
Diffstat (limited to 'src')
-rw-r--r--src/fbuilder/build_fs.c8
-rw-r--r--src/fbuilder/build_home.c4
2 files changed, 6 insertions, 6 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
index 019c3ac5a..8700e0ba1 100644
--- a/src/fbuilder/build_fs.c
+++ b/src/fbuilder/build_fs.c
@@ -182,12 +182,12 @@ static void var_callback(char *ptr) {
182void build_var(const char *fname, FILE *fp) { 182void build_var(const char *fname, FILE *fp) {
183 assert(fname); 183 assert(fname);
184 184
185 var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "allow /var/"); 185 var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "whitelist /var/");
186 process_files(fname, "/var", var_callback); 186 process_files(fname, "/var", var_callback);
187 187
188 // always whitelist /var 188 // always whitelist /var
189 if (var_out) 189 if (var_out)
190 filedb_print(var_out, "allow /var/", fp); 190 filedb_print(var_out, "whitelist /var/", fp);
191 fprintf(fp, "include whitelist-var-common.inc\n"); 191 fprintf(fp, "include whitelist-var-common.inc\n");
192} 192}
193 193
@@ -222,12 +222,12 @@ static void share_callback(char *ptr) {
222void build_share(const char *fname, FILE *fp) { 222void build_share(const char *fname, FILE *fp) {
223 assert(fname); 223 assert(fname);
224 224
225 share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "allow /usr/share/"); 225 share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "whitelist /usr/share/");
226 process_files(fname, "/usr/share", share_callback); 226 process_files(fname, "/usr/share", share_callback);
227 227
228 // always whitelist /usr/share 228 // always whitelist /usr/share
229 if (share_out) 229 if (share_out)
230 filedb_print(share_out, "allow /usr/share/", fp); 230 filedb_print(share_out, "whitelist /usr/share/", fp);
231 fprintf(fp, "include whitelist-usr-share-common.inc\n"); 231 fprintf(fp, "include whitelist-usr-share-common.inc\n");
232} 232}
233 233
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
index c85474779..0fe0ffef6 100644
--- a/src/fbuilder/build_home.c
+++ b/src/fbuilder/build_home.c
@@ -140,7 +140,7 @@ void build_home(const char *fname, FILE *fp) {
140 assert(fname); 140 assert(fname);
141 141
142 // load whitelist common 142 // load whitelist common
143 db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "allow ${HOME}/"); 143 db_skip = filedb_load_whitelist(db_skip, "whitelist-common.inc", "whitelist ${HOME}/");
144 144
145 // find user home directory 145 // find user home directory
146 struct passwd *pw = getpwuid(getuid()); 146 struct passwd *pw = getpwuid(getuid());
@@ -168,7 +168,7 @@ void build_home(const char *fname, FILE *fp) {
168 168
169 // print the out list if any 169 // print the out list if any
170 if (db_out) { 170 if (db_out) {
171 filedb_print(db_out, "allow ${HOME}/", fp); 171 filedb_print(db_out, "whitelist ${HOME}/", fp);
172 fprintf(fp, "include whitelist-common.inc\n"); 172 fprintf(fp, "include whitelist-common.inc\n");
173 } 173 }
174 else 174 else