aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@protonmail.com>2023-02-24 20:44:48 -0500
committerLibravatar GitHub <noreply@github.com>2023-02-24 20:44:48 -0500
commitd657245f7353f692c22db2801ac64f7d807eb415 (patch)
tree5494cbde66f9fb6220df8a72415a6160f130a6b9 /src
parentMerge pull request #5677 from kmk3/print-failed-long-arg (diff)
parenteditorconfig: add indentation rules (diff)
downloadfirejail-d657245f7353f692c22db2801ac64f7d807eb415.tar.gz
firejail-d657245f7353f692c22db2801ac64f7d807eb415.tar.zst
firejail-d657245f7353f692c22db2801ac64f7d807eb415.zip
Merge pull request #5674 from kmk3/fix-ws-add-editorconfig
build: Fix whitespace and add .editorconfig
Diffstat (limited to 'src')
-rw-r--r--src/bash_completion/.editorconfig3
-rw-r--r--src/etc-cleanup/main.c6
-rw-r--r--src/fbuilder/build_home.c2
-rw-r--r--src/fbuilder/filedb.c4
-rw-r--r--src/fbuilder/main.c2
-rw-r--r--src/fcopy/main.c4
-rw-r--r--src/fids/config1
-rw-r--r--src/fids/db.c1
-rw-r--r--src/fids/db_exclude.c1
-rw-r--r--src/firecfg/util.c8
-rw-r--r--src/firejail/appimage_size.c5
-rw-r--r--src/firejail/chroot.c2
-rw-r--r--src/firejail/cpu.c12
-rw-r--r--src/firejail/dbus.c2
-rw-r--r--src/firejail/firejail.h2
-rw-r--r--src/firejail/fs.c4
-rw-r--r--src/firejail/fs_etc.c1
-rw-r--r--src/firejail/ls.c2
-rw-r--r--src/firejail/macros.c6
-rw-r--r--src/firejail/main.c75
-rw-r--r--src/firejail/network.c2
-rw-r--r--src/firejail/no_sandbox.c8
-rw-r--r--src/firejail/oom.c1
-rw-r--r--src/firejail/restricted_shell.c50
-rw-r--r--src/firejail/sandbox.c24
-rw-r--r--src/firejail/selinux.c2
-rw-r--r--src/firejail/util.c2
-rw-r--r--src/firemon/procevent.c2
-rw-r--r--src/firemon/top.c3
-rw-r--r--src/fldd/main.c6
-rw-r--r--src/fnet/fnet.h2
-rw-r--r--src/fnet/interface.c8
-rw-r--r--src/fnet/main.c10
-rw-r--r--src/fnet/veth.c4
-rw-r--r--src/fnetfilter/main.c2
-rw-r--r--src/fnettrace-dns/fnettrace_dns.h2
-rw-r--r--src/fnettrace-dns/main.c2
-rw-r--r--src/fnettrace-icmp/fnettrace_icmp.h2
-rw-r--r--src/fnettrace-sni/fnettrace_sni.h2
-rw-r--r--src/fnettrace/fnettrace.h2
-rw-r--r--src/fnettrace/hostnames.c1
-rw-r--r--src/fnettrace/radix.c1
-rw-r--r--src/fnettrace/radix.h2
-rw-r--r--src/fsec-optimize/main.c2
-rw-r--r--src/fsec-print/main.c2
-rw-r--r--src/fseccomp/main.c2
-rw-r--r--src/fseccomp/namespaces.c4
-rw-r--r--src/include/gcov_wrapper.h4
-rw-r--r--src/include/seccomp.h24
-rw-r--r--src/jailcheck/apparmor.c1
-rw-r--r--src/jailcheck/network.c3
-rw-r--r--src/jailcheck/noexec.c2
-rw-r--r--src/jailcheck/utils.c1
-rw-r--r--src/libtrace/libtrace.c12
-rw-r--r--src/profstats/main.c12
-rw-r--r--src/tools/extract_seccomp.c11
-rw-r--r--src/zsh_completion/.editorconfig3
57 files changed, 183 insertions, 183 deletions
diff --git a/src/bash_completion/.editorconfig b/src/bash_completion/.editorconfig
new file mode 100644
index 000000000..298a13b5e
--- /dev/null
+++ b/src/bash_completion/.editorconfig
@@ -0,0 +1,3 @@
1[*.bash_completion{,.in}]
2indent_size = 4
3indent_style = space
diff --git a/src/etc-cleanup/main.c b/src/etc-cleanup/main.c
index a51043e66..6c7bea6d6 100644
--- a/src/etc-cleanup/main.c
+++ b/src/etc-cleanup/main.c
@@ -231,8 +231,8 @@ int main(int argc, char **argv) {
231 int i; 231 int i;
232 for (i = 1; i < argc; i++) { 232 for (i = 1; i < argc; i++) {
233 if (strcmp(argv[i], "-h") == 0 || 233 if (strcmp(argv[i], "-h") == 0 ||
234 strcmp(argv[i], "-?") == 0 || 234 strcmp(argv[i], "-?") == 0 ||
235 strcmp(argv[i], "--help") == 0) { 235 strcmp(argv[i], "--help") == 0) {
236 usage(); 236 usage();
237 return 0; 237 return 0;
238 } 238 }
@@ -252,4 +252,4 @@ int main(int argc, char **argv) {
252 process_file(argv[i]); 252 process_file(argv[i]);
253 253
254 return 0; 254 return 0;
255} \ No newline at end of file 255}
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
index 6d96b69cc..15c54911b 100644
--- a/src/fbuilder/build_home.c
+++ b/src/fbuilder/build_home.c
@@ -110,7 +110,7 @@ void process_home(const char *fname, char *home, int home_len) {
110 strcmp(toadd, ".cache") == 0) { 110 strcmp(toadd, ".cache") == 0) {
111 if (dir) 111 if (dir)
112 free(dir); 112 free(dir);
113 continue; 113 continue;
114 } 114 }
115 115
116 // clean .cache entries 116 // clean .cache entries
diff --git a/src/fbuilder/filedb.c b/src/fbuilder/filedb.c
index 4089f3806..5a3b389ae 100644
--- a/src/fbuilder/filedb.c
+++ b/src/fbuilder/filedb.c
@@ -38,8 +38,8 @@ FileDB *filedb_find(FileDB *head, const char *fname) {
38 if (strlen(fname) > ptr->len && 38 if (strlen(fname) > ptr->len &&
39 fname[ptr->len] == '/' && 39 fname[ptr->len] == '/' &&
40 strncmp(ptr->fname, fname, ptr->len) == 0) { 40 strncmp(ptr->fname, fname, ptr->len) == 0) {
41 found = 1; 41 found = 1;
42 break; 42 break;
43 } 43 }
44 44
45 ptr = ptr->next; 45 ptr = ptr->next;
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c
index ebb273f12..7fdf9af68 100644
--- a/src/fbuilder/main.c
+++ b/src/fbuilder/main.c
@@ -32,7 +32,7 @@ int main(int argc, char **argv) {
32system("cat /proc/self/status"); 32system("cat /proc/self/status");
33int i; 33int i;
34for (i = 0; i < argc; i++) 34for (i = 0; i < argc; i++)
35 printf("*%s* ", argv[i]); 35 printf("*%s* ", argv[i]);
36printf("\n"); 36printf("\n");
37} 37}
38#endif 38#endif
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index f1deabf2e..ce2efb295 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -92,7 +92,7 @@ static void selinux_relabel_path(const char *path, const char *inside_path) {
92 printf("Cannot relabel %s: %s\n", path, strerror(errno)); 92 printf("Cannot relabel %s: %s\n", path, strerror(errno));
93 } 93 }
94 freecon(fcon); 94 freecon(fcon);
95 close: 95close:
96 close(fd); 96 close(fd);
97#else 97#else
98 (void) path; 98 (void) path;
@@ -236,7 +236,7 @@ void copy_link(const char *target, const char *linkpath, mode_t mode, uid_t uid,
236 // if the link is already there, don't create it 236 // if the link is already there, don't create it
237 struct stat s; 237 struct stat s;
238 if (lstat(linkpath, &s) == 0) 238 if (lstat(linkpath, &s) == 0)
239 return; 239 return;
240 240
241 char *rp = proc_pid_to_self(target); 241 char *rp = proc_pid_to_self(target);
242 if (rp) { 242 if (rp) {
diff --git a/src/fids/config b/src/fids/config
index c18c97260..7828622e8 100644
--- a/src/fids/config
+++ b/src/fids/config
@@ -13,4 +13,3 @@
13/home/netblue/Desktop/*.desktop 13/home/netblue/Desktop/*.desktop
14/home/netblue/.ssh 14/home/netblue/.ssh
15/home/netblue/.gnupg 15/home/netblue/.gnupg
16
diff --git a/src/fids/db.c b/src/fids/db.c
index 6a21a4e14..7cad11cca 100644
--- a/src/fids/db.c
+++ b/src/fids/db.c
@@ -155,4 +155,3 @@ errexit:
155 fprintf(stderr, "Error fids: database corrupted\n"); 155 fprintf(stderr, "Error fids: database corrupted\n");
156 exit(1); 156 exit(1);
157} 157}
158
diff --git a/src/fids/db_exclude.c b/src/fids/db_exclude.c
index 18a05209a..aedb95e4f 100644
--- a/src/fids/db_exclude.c
+++ b/src/fids/db_exclude.c
@@ -53,4 +53,3 @@ int db_exclude_check(const char *fname) {
53 53
54 return 0; 54 return 0;
55} 55}
56
diff --git a/src/firecfg/util.c b/src/firecfg/util.c
index dc24d4e68..4185b52dd 100644
--- a/src/firecfg/util.c
+++ b/src/firecfg/util.c
@@ -30,8 +30,8 @@ static int find(const char *program, const char *directory) {
30 30
31 struct stat s; 31 struct stat s;
32 if (stat(fname, &s) == 0) { 32 if (stat(fname, &s) == 0) {
33 if (arg_debug) 33 if (arg_debug)
34 printf("found %s in directory %s\n", program, directory); 34 printf("found %s in directory %s\n", program, directory);
35 retval = 1; 35 retval = 1;
36 } 36 }
37 37
@@ -44,8 +44,8 @@ static int find(const char *program, const char *directory) {
44int which(const char *program) { 44int which(const char *program) {
45 // check some well-known paths 45 // check some well-known paths
46 if (find(program, "/bin") || find(program, "/usr/bin") || 46 if (find(program, "/bin") || find(program, "/usr/bin") ||
47 find(program, "/sbin") || find(program, "/usr/sbin") || 47 find(program, "/sbin") || find(program, "/usr/sbin") ||
48 find(program, "/usr/games")) 48 find(program, "/usr/games"))
49 return 1; 49 return 1;
50 50
51 // check environment 51 // check environment
diff --git a/src/firejail/appimage_size.c b/src/firejail/appimage_size.c
index 6bb530d12..60c4c0364 100644
--- a/src/firejail/appimage_size.c
+++ b/src/firejail/appimage_size.c
@@ -17,8 +17,9 @@
17 * with this program; if not, write to the Free Software Foundation, Inc., 17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 */ 19 */
20
20/* 21/*
21 This code borrows heavily from src/libappimage_shared/elf.c in libappimage 22 * This code borrows heavily from src/libappimage_shared/elf.c in libappimage
22 */ 23 */
23/* 24/*
24Compile with: 25Compile with:
@@ -144,7 +145,7 @@ long unsigned int appimage2_size(int fd) {
144 return 0; 145 return 0;
145 146
146 if ((ehdr.e_ident[EI_DATA] != ELFDATA2LSB) && 147 if ((ehdr.e_ident[EI_DATA] != ELFDATA2LSB) &&
147 (ehdr.e_ident[EI_DATA] != ELFDATA2MSB)) 148 (ehdr.e_ident[EI_DATA] != ELFDATA2MSB))
148 return 0; 149 return 0;
149 150
150 if(ehdr.e_ident[EI_CLASS] == ELFCLASS32) { 151 if(ehdr.e_ident[EI_CLASS] == ELFCLASS32) {
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c
index fef7eb724..132ac94ba 100644
--- a/src/firejail/chroot.c
+++ b/src/firejail/chroot.c
@@ -280,7 +280,7 @@ void fs_chroot(const char *rootdir) {
280 // fs_dev_shm(); 280 // fs_dev_shm();
281 fs_var_lock(); 281 fs_var_lock();
282 if (!arg_keep_var_tmp) 282 if (!arg_keep_var_tmp)
283 fs_var_tmp(); 283 fs_var_tmp();
284 if (!arg_writable_var_log) 284 if (!arg_writable_var_log)
285 fs_var_log(); 285 fs_var_log();
286 286
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c
index ada76bc76..804d51caa 100644
--- a/src/firejail/cpu.c
+++ b/src/firejail/cpu.c
@@ -103,17 +103,17 @@ void set_cpu_affinity(void) {
103 if (sched_setaffinity(0, sizeof(mask), &mask) == -1) 103 if (sched_setaffinity(0, sizeof(mask), &mask) == -1)
104 fwarning("cannot set cpu affinity\n"); 104 fwarning("cannot set cpu affinity\n");
105 105
106 // verify cpu affinity 106 // verify cpu affinity
107 cpu_set_t mask2; 107 cpu_set_t mask2;
108 CPU_ZERO(&mask2); 108 CPU_ZERO(&mask2);
109 if (sched_getaffinity(0, sizeof(mask2), &mask2) == -1) 109 if (sched_getaffinity(0, sizeof(mask2), &mask2) == -1)
110 fwarning("cannot verify cpu affinity\n"); 110 fwarning("cannot verify cpu affinity\n");
111 else if (arg_debug) { 111 else if (arg_debug) {
112 if (CPU_EQUAL(&mask, &mask2)) 112 if (CPU_EQUAL(&mask, &mask2))
113 printf("CPU affinity set\n"); 113 printf("CPU affinity set\n");
114 else 114 else
115 printf("CPU affinity not set\n"); 115 printf("CPU affinity not set\n");
116 } 116 }
117} 117}
118 118
119static void print_cpu(ProcessHandle process) { 119static void print_cpu(ProcessHandle process) {
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
index a41071305..b2f9fe2d2 100644
--- a/src/firejail/dbus.c
+++ b/src/firejail/dbus.c
@@ -263,7 +263,7 @@ static char *find_user_socket_by_format(char *format) {
263 if (!S_ISSOCK(s.st_mode)) 263 if (!S_ISSOCK(s.st_mode))
264 goto fail; 264 goto fail;
265 return dbus_user_socket; 265 return dbus_user_socket;
266 fail: 266fail:
267 free(dbus_user_socket); 267 free(dbus_user_socket);
268 return NULL; 268 return NULL;
269} 269}
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 30c1b441c..824164c8a 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -266,7 +266,7 @@ static inline int any_ip6_dhcp(void) {
266} 266}
267 267
268static inline int any_dhcp(void) { 268static inline int any_dhcp(void) {
269 return any_ip_dhcp() || any_ip6_dhcp(); 269 return any_ip_dhcp() || any_ip6_dhcp();
270} 270}
271 271
272extern int arg_private; // mount private /home 272extern int arg_private; // mount private /home
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index d7a2edc3b..182f26e53 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -123,8 +123,8 @@ static void disable_file(OPERATION op, const char *filename) {
123 if (op == BLACKLIST_FILE || op == BLACKLIST_NOLOG) { 123 if (op == BLACKLIST_FILE || op == BLACKLIST_NOLOG) {
124 // some distros put all executables under /usr/bin and make /bin a symbolic link 124 // some distros put all executables under /usr/bin and make /bin a symbolic link
125 if ((strcmp(fname, "/bin") == 0 || strcmp(fname, "/usr/bin") == 0) && 125 if ((strcmp(fname, "/bin") == 0 || strcmp(fname, "/usr/bin") == 0) &&
126 is_link(filename) && 126 is_link(filename) &&
127 S_ISDIR(s.st_mode)) { 127 S_ISDIR(s.st_mode)) {
128 fwarning("%s directory link was not blacklisted\n", filename); 128 fwarning("%s directory link was not blacklisted\n", filename);
129 } 129 }
130 else { 130 else {
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index 6c4d4c0c6..3b7369ea8 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -402,4 +402,3 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c
402 fs_private_dir_mount(private_dir, private_run_dir); 402 fs_private_dir_mount(private_dir, private_run_dir);
403 fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); 403 fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end());
404} 404}
405
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
index f2782de35..ea85fabfd 100644
--- a/src/firejail/ls.c
+++ b/src/firejail/ls.c
@@ -178,7 +178,7 @@ static void print_directory(const char *path) {
178 178
179 n = scandir(path, &namelist, 0, alphasort); 179 n = scandir(path, &namelist, 0, alphasort);
180 if (n < 0) 180 if (n < 0)
181 errExit("scandir"); 181 errExit("scandir");
182 else { 182 else {
183 for (i = 0; i < n; i++) 183 for (i = 0; i < n; i++)
184 print_file_or_dir(path, namelist[i]->d_name); 184 print_file_or_dir(path, namelist[i]->d_name);
diff --git a/src/firejail/macros.c b/src/firejail/macros.c
index 27bb4227a..af7d02c2a 100644
--- a/src/firejail/macros.c
+++ b/src/firejail/macros.c
@@ -38,19 +38,19 @@ Macro macro[] = {
38 }, 38 },
39 39
40 { 40 {
41 "${MUSIC}", 41 "${MUSIC}",
42 "XDG_MUSIC_DIR=\"$HOME/", 42 "XDG_MUSIC_DIR=\"$HOME/",
43 {"Music", "Музыка", "Musique", "Musica", "Música", "Musik"} 43 {"Music", "Музыка", "Musique", "Musica", "Música", "Musik"}
44 }, 44 },
45 45
46 { 46 {
47 "${VIDEOS}", 47 "${VIDEOS}",
48 "XDG_VIDEOS_DIR=\"$HOME/", 48 "XDG_VIDEOS_DIR=\"$HOME/",
49 {"Videos", "Видео", "Vidéos", "Video", "Vídeos"} 49 {"Videos", "Видео", "Vidéos", "Video", "Vídeos"}
50 }, 50 },
51 51
52 { 52 {
53 "${PICTURES}", 53 "${PICTURES}",
54 "XDG_PICTURES_DIR=\"$HOME/", 54 "XDG_PICTURES_DIR=\"$HOME/",
55 {"Pictures", "Изображения", "Photos", "Immagini", "Imágenes", "Imagens", "Bilder"} 55 {"Pictures", "Изображения", "Photos", "Immagini", "Imágenes", "Imagens", "Bilder"}
56 }, 56 },
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 54978570e..ac84f00c9 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -47,12 +47,12 @@
47#endif 47#endif
48 48
49#ifdef __ia64__ 49#ifdef __ia64__
50/* clone(2) has a different interface on ia64, as it needs to know 50/* clone(2) has a different interface on ia64, as it needs to know the size of
51 the size of the stack */ 51 * the stack */
52int __clone2(int (*fn)(void *), 52int __clone2(int (*fn)(void *),
53 void *child_stack_base, size_t stack_size, 53 void *child_stack_base, size_t stack_size,
54 int flags, void *arg, ... 54 int flags, void *arg, ...
55 /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ ); 55 /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ );
56#endif 56#endif
57 57
58uid_t firejail_uid = 0; 58uid_t firejail_uid = 0;
@@ -106,7 +106,7 @@ char *arg_netfilter6_file = NULL; // netfilter6 file
106char *arg_netns = NULL; // "ip netns"-created network namespace to use 106char *arg_netns = NULL; // "ip netns"-created network namespace to use
107int arg_doubledash = 0; // double dash 107int arg_doubledash = 0; // double dash
108int arg_private_dev = 0; // private dev directory 108int arg_private_dev = 0; // private dev directory
109int arg_keep_dev_shm = 0; // preserve /dev/shm 109int arg_keep_dev_shm = 0; // preserve /dev/shm
110int arg_private_etc = 0; // private etc directory 110int arg_private_etc = 0; // private etc directory
111int arg_private_opt = 0; // private opt directory 111int arg_private_opt = 0; // private opt directory
112int arg_private_srv = 0; // private srv directory 112int arg_private_srv = 0; // private srv directory
@@ -129,7 +129,7 @@ int arg_writable_etc = 0; // writable etc
129int arg_keep_config_pulse = 0; // disable automatic ~/.config/pulse init 129int arg_keep_config_pulse = 0; // disable automatic ~/.config/pulse init
130int arg_keep_shell_rc = 0; // do not copy shell configuration from /etc/skel 130int arg_keep_shell_rc = 0; // do not copy shell configuration from /etc/skel
131int arg_writable_var = 0; // writable var 131int arg_writable_var = 0; // writable var
132int arg_keep_var_tmp = 0; // don't overwrite /var/tmp 132int arg_keep_var_tmp = 0; // don't overwrite /var/tmp
133int arg_writable_run_user = 0; // writable /run/user 133int arg_writable_run_user = 0; // writable /run/user
134int arg_writable_var_log = 0; // writable /var/log 134int arg_writable_var_log = 0; // writable /var/log
135int arg_appimage = 0; // appimage 135int arg_appimage = 0; // appimage
@@ -141,7 +141,7 @@ int arg_x11_block = 0; // block X11
141int arg_x11_xorg = 0; // use X11 security extension 141int arg_x11_xorg = 0; // use X11 security extension
142int arg_allusers = 0; // all user home directories visible 142int arg_allusers = 0; // all user home directories visible
143int arg_machineid = 0; // spoof /etc/machine-id 143int arg_machineid = 0; // spoof /etc/machine-id
144int arg_allow_private_blacklist = 0; // blacklist things in private directories 144int arg_allow_private_blacklist = 0; // blacklist things in private directories
145int arg_disable_mnt = 0; // disable /mnt and /media 145int arg_disable_mnt = 0; // disable /mnt and /media
146int arg_noprofile = 0; // use default.profile if none other found/specified 146int arg_noprofile = 0; // use default.profile if none other found/specified
147int arg_memory_deny_write_execute = 0; // block writable and executable memory 147int arg_memory_deny_write_execute = 0; // block writable and executable memory
@@ -150,7 +150,7 @@ int arg_nodvd = 0; // --nodvd
150int arg_nou2f = 0; // --nou2f 150int arg_nou2f = 0; // --nou2f
151int arg_noinput = 0; // --noinput 151int arg_noinput = 0; // --noinput
152int arg_deterministic_exit_code = 0; // always exit with first child's exit status 152int arg_deterministic_exit_code = 0; // always exit with first child's exit status
153int arg_deterministic_shutdown = 0; // shut down the sandbox if first child dies 153int arg_deterministic_shutdown = 0; // shut down the sandbox if first child dies
154int arg_keep_fd_all = 0; // inherit all file descriptors to sandbox 154int arg_keep_fd_all = 0; // inherit all file descriptors to sandbox
155DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW; // --dbus-user 155DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW; // --dbus-user
156DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system 156DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system
@@ -768,11 +768,11 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
768 exit(1); 768 exit(1);
769 } 769 }
770 char *path = argv[i + 1]; 770 char *path = argv[i + 1];
771 invalid_filename(path, 0); // no globbing 771 invalid_filename(path, 0); // no globbing
772 if (strstr(path, "..")) { 772 if (strstr(path, "..")) {
773 fprintf(stderr, "Error: invalid file name %s\n", path); 773 fprintf(stderr, "Error: invalid file name %s\n", path);
774 exit(1); 774 exit(1);
775 } 775 }
776 776
777 // get file 777 // get file
778 pid_t pid = require_pid(argv[i] + 6); 778 pid_t pid = require_pid(argv[i] + 6);
@@ -796,17 +796,17 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
796 exit(1); 796 exit(1);
797 } 797 }
798 char *path1 = argv[i + 1]; 798 char *path1 = argv[i + 1];
799 invalid_filename(path1, 0); // no globbing 799 invalid_filename(path1, 0); // no globbing
800 if (strstr(path1, "..")) { 800 if (strstr(path1, "..")) {
801 fprintf(stderr, "Error: invalid file name %s\n", path1); 801 fprintf(stderr, "Error: invalid file name %s\n", path1);
802 exit(1); 802 exit(1);
803 } 803 }
804 char *path2 = argv[i + 2]; 804 char *path2 = argv[i + 2];
805 invalid_filename(path2, 0); // no globbing 805 invalid_filename(path2, 0); // no globbing
806 if (strstr(path2, "..")) { 806 if (strstr(path2, "..")) {
807 fprintf(stderr, "Error: invalid file name %s\n", path2); 807 fprintf(stderr, "Error: invalid file name %s\n", path2);
808 exit(1); 808 exit(1);
809 } 809 }
810 810
811 // get file 811 // get file
812 pid_t pid = require_pid(argv[i] + 6); 812 pid_t pid = require_pid(argv[i] + 6);
@@ -830,15 +830,15 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
830 exit(1); 830 exit(1);
831 } 831 }
832 char *path = argv[i + 1]; 832 char *path = argv[i + 1];
833 invalid_filename(path, 0); // no globbing 833 invalid_filename(path, 0); // no globbing
834 if (strstr(path, "..")) { 834 if (strstr(path, "..")) {
835 fprintf(stderr, "Error: invalid file name %s\n", path); 835 fprintf(stderr, "Error: invalid file name %s\n", path);
836 exit(1); 836 exit(1);
837 } 837 }
838 838
839 // list directory contents 839 // list directory contents
840 if (!arg_debug) 840 if (!arg_debug)
841 arg_quiet = 1; 841 arg_quiet = 1;
842 pid_t pid = require_pid(argv[i] + 5); 842 pid_t pid = require_pid(argv[i] + 5);
843 sandboxfs(SANDBOX_FS_LS, pid, path, NULL); 843 sandboxfs(SANDBOX_FS_LS, pid, path, NULL);
844 exit(0); 844 exit(0);
@@ -867,7 +867,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
867 867
868 // write file contents to stdout 868 // write file contents to stdout
869 if (!arg_debug) 869 if (!arg_debug)
870 arg_quiet = 1; 870 arg_quiet = 1;
871 pid_t pid = require_pid(argv[i] + 6); 871 pid_t pid = require_pid(argv[i] + 6);
872 sandboxfs(SANDBOX_FS_CAT, pid, path, NULL); 872 sandboxfs(SANDBOX_FS_CAT, pid, path, NULL);
873 exit(0); 873 exit(0);
@@ -894,8 +894,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
894 894
895 } 895 }
896 else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { 896 else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
897 // NOTE: this is first part of option handler, 897 // Note: This is the first part of the option handler; the
898 // sandbox name is set in other part 898 // sandbox name is set in the other part
899 if (checkcfg(CFG_JOIN) || getuid() == 0) { 899 if (checkcfg(CFG_JOIN) || getuid() == 0) {
900 logargs(argc, argv); 900 logargs(argc, argv);
901 901
@@ -1050,11 +1050,11 @@ static int check_postexec(const char *list) {
1050//******************************************* 1050//*******************************************
1051int main(int argc, char **argv, char **envp) { 1051int main(int argc, char **argv, char **envp) {
1052 int i; 1052 int i;
1053 int prog_index = -1; // index in argv where the program command starts 1053 int prog_index = -1; // index in argv where the program command starts
1054 int lockfd_network = -1; 1054 int lockfd_network = -1;
1055 int lockfd_directory = -1; 1055 int lockfd_directory = -1;
1056 int custom_profile = 0; // custom profile loaded 1056 int custom_profile = 0; // custom profile loaded
1057 int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot) 1057 int arg_caps_cmdline = 0; // caps requested on command line (used to break out of --chroot)
1058 char **ptr; 1058 char **ptr;
1059 1059
1060 1060
@@ -1984,7 +1984,7 @@ int main(int argc, char **argv, char **envp) {
1984 arg_writable_var = 1; 1984 arg_writable_var = 1;
1985 } 1985 }
1986 else if (strcmp(argv[i], "--keep-var-tmp") == 0) { 1986 else if (strcmp(argv[i], "--keep-var-tmp") == 0) {
1987 arg_keep_var_tmp = 1; 1987 arg_keep_var_tmp = 1;
1988 } 1988 }
1989 else if (strcmp(argv[i], "--writable-run-user") == 0) { 1989 else if (strcmp(argv[i], "--writable-run-user") == 0) {
1990 arg_writable_run_user = 1; 1990 arg_writable_run_user = 1;
@@ -2819,8 +2819,9 @@ int main(int argc, char **argv, char **envp) {
2819 } 2819 }
2820#endif 2820#endif
2821 else if (strncmp(argv[i], "--join-or-start=", 16) == 0) { 2821 else if (strncmp(argv[i], "--join-or-start=", 16) == 0) {
2822 // NOTE: this is second part of option handler, 2822 // Note: This is the second part of the option handler;
2823 // atempt to find and join sandbox is done in other one 2823 // the attempt to find and join the sandbox is done in
2824 // the other one
2824 2825
2825 // set sandbox name and start normally 2826 // set sandbox name and start normally
2826 cfg.name = argv[i] + 16; 2827 cfg.name = argv[i] + 16;
diff --git a/src/firejail/network.c b/src/firejail/network.c
index 5163035fa..c1adf87cc 100644
--- a/src/firejail/network.c
+++ b/src/firejail/network.c
@@ -265,7 +265,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) {
265 int sock; 265 int sock;
266 266
267 if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) 267 if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
268 errExit("socket"); 268 errExit("socket");
269 269
270 memset(&ifr, 0, sizeof(ifr)); 270 memset(&ifr, 0, sizeof(ifr));
271 strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); 271 strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 3997d8f86..22ee9dc3c 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -29,10 +29,10 @@
29int is_container(const char *str) { 29int is_container(const char *str) {
30 assert(str); 30 assert(str);
31 if (strcmp(str, "lxc") == 0 || 31 if (strcmp(str, "lxc") == 0 ||
32 strcmp(str, "docker") == 0 || 32 strcmp(str, "docker") == 0 ||
33 strcmp(str, "lxc-libvirt") == 0 || 33 strcmp(str, "lxc-libvirt") == 0 ||
34 strcmp(str, "systemd-nspawn") == 0 || 34 strcmp(str, "systemd-nspawn") == 0 ||
35 strcmp(str, "rkt") == 0) 35 strcmp(str, "rkt") == 0)
36 return 1; 36 return 1;
37 return 0; 37 return 0;
38} 38}
diff --git a/src/firejail/oom.c b/src/firejail/oom.c
index f4df3538c..482fc0ad0 100644
--- a/src/firejail/oom.c
+++ b/src/firejail/oom.c
@@ -84,4 +84,3 @@ void oom_set(const char *oom_string) {
84 if (waitpid(child, &status, 0) == -1 ) 84 if (waitpid(child, &status, 0) == -1 )
85 errExit("waitpid"); 85 errExit("waitpid");
86} 86}
87
diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c
index a22e63ab3..79e0bd9df 100644
--- a/src/firejail/restricted_shell.c
+++ b/src/firejail/restricted_shell.c
@@ -84,16 +84,16 @@ int restricted_shell(const char *user) {
84 84
85 // user name globbing 85 // user name globbing
86 if (fnmatch(usr, user, 0) == 0) { 86 if (fnmatch(usr, user, 0) == 0) {
87 // process program arguments 87 // process program arguments
88 88
89 fullargv[0] = "firejail"; 89 fullargv[0] = "firejail";
90 int i; 90 int i;
91 ptr = args; 91 ptr = args;
92 for (i = 1; i < MAX_ARGS; i++) { 92 for (i = 1; i < MAX_ARGS; i++) {
93 // skip blanks 93 // skip blanks
94 while (*ptr == ' ' || *ptr == '\t') 94 while (*ptr == ' ' || *ptr == '\t')
95 ptr++; 95 ptr++;
96 fullargv[i] = ptr; 96 fullargv[i] = ptr;
97#ifdef DEBUG_RESTRICTED_SHELL 97#ifdef DEBUG_RESTRICTED_SHELL
98 {EUID_ROOT(); 98 {EUID_ROOT();
99 FILE *fp = fopen("/firelog", "ae"); 99 FILE *fp = fopen("/firelog", "ae");
@@ -104,23 +104,23 @@ int restricted_shell(const char *user) {
104 EUID_USER();} 104 EUID_USER();}
105#endif 105#endif
106 106
107 if (*ptr != '\0') { 107 if (*ptr != '\0') {
108 // go to the end of the word 108 // go to the end of the word
109 while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0') 109 while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
110 ptr++; 110 ptr++;
111 *ptr ='\0'; 111 *ptr ='\0';
112 fullargv[i] = strdup(fullargv[i]); 112 fullargv[i] = strdup(fullargv[i]);
113 if (fullargv[i] == NULL) 113 if (fullargv[i] == NULL)
114 errExit("strdup"); 114 errExit("strdup");
115 ptr++; 115 ptr++;
116 while (*ptr == ' ' || *ptr == '\t') 116 while (*ptr == ' ' || *ptr == '\t')
117 ptr++; 117 ptr++;
118 if (*ptr != '\0') 118 if (*ptr != '\0')
119 continue; 119 continue;
120 } 120 }
121 fullargv[i] = strdup(fullargv[i]); 121 fullargv[i] = strdup(fullargv[i]);
122 fclose(fp); 122 fclose(fp);
123 return i + 1; 123 return i + 1;
124 } 124 }
125 fprintf(stderr, "Error: too many program arguments in users.conf line %d\n", lineno); 125 fprintf(stderr, "Error: too many program arguments in users.conf line %d\n", lineno);
126 exit(1); 126 exit(1);
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index c4dc0ca78..a4109cc17 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -274,7 +274,7 @@ static void sandbox_if_up(Bridge *br) {
274 } 274 }
275 275
276 if (br->ip6sandbox) 276 if (br->ip6sandbox)
277 net_if_ip6(dev, br->ip6sandbox); 277 net_if_ip6(dev, br->ip6sandbox);
278} 278}
279 279
280static void chk_chroot(void) { 280static void chk_chroot(void) {
@@ -650,12 +650,12 @@ int sandbox(void* sandbox_arg) {
650 if (arg_debug) 650 if (arg_debug)
651 printf("Initializing child process\n"); 651 printf("Initializing child process\n");
652 652
653 // close each end of the unused pipes 653 // close each end of the unused pipes
654 close(parent_to_child_fds[1]); 654 close(parent_to_child_fds[1]);
655 close(child_to_parent_fds[0]); 655 close(child_to_parent_fds[0]);
656 656
657 // wait for parent to do base setup 657 // wait for parent to do base setup
658 wait_for_other(parent_to_child_fds[0]); 658 wait_for_other(parent_to_child_fds[0]);
659 659
660 if (arg_debug && child_pid == 1) 660 if (arg_debug && child_pid == 1)
661 printf("PID namespace installed\n"); 661 printf("PID namespace installed\n");
@@ -1259,13 +1259,13 @@ int sandbox(void* sandbox_arg) {
1259 } 1259 }
1260 1260
1261 // notify parent that new user namespace has been created so a proper 1261 // notify parent that new user namespace has been created so a proper
1262 // UID/GID map can be setup 1262 // UID/GID map can be setup
1263 notify_other(child_to_parent_fds[1]); 1263 notify_other(child_to_parent_fds[1]);
1264 close(child_to_parent_fds[1]); 1264 close(child_to_parent_fds[1]);
1265 1265
1266 // wait for parent to finish setting up a proper UID/GID map 1266 // wait for parent to finish setting up a proper UID/GID map
1267 wait_for_other(parent_to_child_fds[0]); 1267 wait_for_other(parent_to_child_fds[0]);
1268 close(parent_to_child_fds[0]); 1268 close(parent_to_child_fds[0]);
1269 1269
1270 // somehow, the new user namespace resets capabilities; 1270 // somehow, the new user namespace resets capabilities;
1271 // we need to do them again 1271 // we need to do them again
diff --git a/src/firejail/selinux.c b/src/firejail/selinux.c
index 5beda294d..08f3b3122 100644
--- a/src/firejail/selinux.c
+++ b/src/firejail/selinux.c
@@ -78,7 +78,7 @@ void selinux_relabel_path(const char *path, const char *inside_path)
78 } 78 }
79 79
80 freecon(fcon); 80 freecon(fcon);
81 close: 81close:
82 close(fd); 82 close(fd);
83#else 83#else
84 (void) path; 84 (void) path;
diff --git a/src/firejail/util.c b/src/firejail/util.c
index 846c27321..bafcd69ec 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -1101,7 +1101,7 @@ void mkdir_attr(const char *fname, mode_t mode, uid_t uid, gid_t gid) {
1101 if (mkdir(fname, mode) == -1 || 1101 if (mkdir(fname, mode) == -1 ||
1102 chmod(fname, mode) == -1 || 1102 chmod(fname, mode) == -1 ||
1103 chown(fname, uid, gid)) { 1103 chown(fname, uid, gid)) {
1104 fprintf(stderr, "Error: failed to create %s directory\n", fname); 1104 fprintf(stderr, "Error: failed to create %s directory\n", fname);
1105 errExit("mkdir/chmod"); 1105 errExit("mkdir/chmod");
1106 } 1106 }
1107 1107
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index ff4fdda56..77739c1f3 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -309,7 +309,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my
309#endif 309#endif
310 if (proc_ev->event_data.fork.child_pid != 310 if (proc_ev->event_data.fork.child_pid !=
311 proc_ev->event_data.fork.child_tgid) 311 proc_ev->event_data.fork.child_tgid)
312 continue; // this is a thread, not a process 312 continue; // this is a thread, not a process
313 pid = proc_ev->event_data.fork.parent_tgid; 313 pid = proc_ev->event_data.fork.parent_tgid;
314#ifdef DEBUG_PRCTL 314#ifdef DEBUG_PRCTL
315 printf("%s: %d, event fork, pid %d\n", __FUNCTION__, __LINE__, pid); 315 printf("%s: %d, event fork, pid %d\n", __FUNCTION__, __LINE__, pid);
diff --git a/src/firemon/top.c b/src/firemon/top.c
index c127e2f56..c70bc9424 100644
--- a/src/firemon/top.c
+++ b/src/firemon/top.c
@@ -166,7 +166,8 @@ static char *print_top(unsigned index, unsigned parent, unsigned *utime, unsigne
166 snprintf(prcs_str, 10, "%d", *cnt); 166 snprintf(prcs_str, 10, "%d", *cnt);
167 167
168 if (asprintf(&rv, "%-7.7s %-9.9s %-8.8s %-8.8s %-5.5s %-4.4s %-9.9s %s", 168 if (asprintf(&rv, "%-7.7s %-9.9s %-8.8s %-8.8s %-5.5s %-4.4s %-9.9s %s",
169 pidstr, ptruser, rss, shared, cpu_str, prcs_str, uptime_str, ptrcmd) == -1) 169 pidstr, ptruser, rss, shared, cpu_str, prcs_str,
170 uptime_str, ptrcmd) == -1)
170 errExit("asprintf"); 171 errExit("asprintf");
171 172
172 if (cmd) 173 if (cmd)
diff --git a/src/fldd/main.c b/src/fldd/main.c
index 390f7a1bc..4b645b1b3 100644
--- a/src/fldd/main.c
+++ b/src/fldd/main.c
@@ -193,9 +193,9 @@ static void parse_elf(const char *exe) {
193 } 193 }
194 goto close; 194 goto close;
195 195
196 error_close: 196error_close:
197 perror("copy libs"); 197 perror("copy libs");
198 close: 198close:
199 if (base) 199 if (base)
200 munmap(base, s.st_size); 200 munmap(base, s.st_size);
201 201
@@ -295,7 +295,7 @@ int main(int argc, char **argv) {
295//system("cat /proc/self/status"); 295//system("cat /proc/self/status");
296int i; 296int i;
297for (i = 0; i < argc; i++) 297for (i = 0; i < argc; i++)
298 printf("*%s* ", argv[i]); 298 printf("*%s* ", argv[i]);
299printf("\n"); 299printf("\n");
300} 300}
301#endif 301#endif
diff --git a/src/fnet/fnet.h b/src/fnet/fnet.h
index c9d40ec1d..f9b09d7ea 100644
--- a/src/fnet/fnet.h
+++ b/src/fnet/fnet.h
@@ -1,4 +1,4 @@
1 /* 1/*
2 * Copyright (C) 2014-2023 Firejail Authors 2 * Copyright (C) 2014-2023 Firejail Authors
3 * 3 *
4 * This file is part of firejail project 4 * This file is part of firejail project
diff --git a/src/fnet/interface.c b/src/fnet/interface.c
index aa0981269..ca7c744ed 100644
--- a/src/fnet/interface.c
+++ b/src/fnet/interface.c
@@ -1,4 +1,4 @@
1 /* 1/*
2 * Copyright (C) 2014-2023 Firejail Authors 2 * Copyright (C) 2014-2023 Firejail Authors
3 * 3 *
4 * This file is part of firejail project 4 * This file is part of firejail project
@@ -57,7 +57,7 @@ void net_bridge_add_interface(const char *bridge, const char *dev) {
57 57
58 int sock; 58 int sock;
59 if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) 59 if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
60 errExit("socket"); 60 errExit("socket");
61 61
62 memset(&ifr, 0, sizeof(ifr)); 62 memset(&ifr, 0, sizeof(ifr));
63 strncpy(ifr.ifr_name, bridge, IFNAMSIZ - 1); 63 strncpy(ifr.ifr_name, bridge, IFNAMSIZ - 1);
@@ -237,7 +237,7 @@ int net_get_mac(const char *ifname, unsigned char mac[6]) {
237 int sock; 237 int sock;
238 238
239 if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) 239 if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
240 errExit("socket"); 240 errExit("socket");
241 241
242 memset(&ifr, 0, sizeof(ifr)); 242 memset(&ifr, 0, sizeof(ifr));
243 strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); 243 strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
@@ -291,7 +291,7 @@ int net_if_mac(const char *ifname, const unsigned char mac[6]) {
291 int sock; 291 int sock;
292 292
293 if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) 293 if ((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0)
294 errExit("socket"); 294 errExit("socket");
295 295
296 memset(&ifr, 0, sizeof(ifr)); 296 memset(&ifr, 0, sizeof(ifr));
297 strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1); 297 strncpy(ifr.ifr_name, ifname, IFNAMSIZ - 1);
diff --git a/src/fnet/main.c b/src/fnet/main.c
index 1c48622a0..96c4f1478 100644
--- a/src/fnet/main.c
+++ b/src/fnet/main.c
@@ -1,4 +1,4 @@
1 /* 1/*
2 * Copyright (C) 2014-2023 Firejail Authors 2 * Copyright (C) 2014-2023 Firejail Authors
3 * 3 *
4 * This file is part of firejail project 4 * This file is part of firejail project
@@ -47,7 +47,7 @@ static void usage(void) {
47 printf("\tfnet config mac addr\n"); 47 printf("\tfnet config mac addr\n");
48 printf("\tfnet config ipv6 dev ip\n"); 48 printf("\tfnet config ipv6 dev ip\n");
49 printf("\tfnet ifup dev\n"); 49 printf("\tfnet ifup dev\n");
50 printf("\tfnet waitll dev\n"); 50 printf("\tfnet waitll dev\n");
51} 51}
52 52
53int main(int argc, char **argv) { 53int main(int argc, char **argv) {
@@ -144,9 +144,9 @@ printf("\n");
144 else if (argc == 5 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "ipv6") == 0) { 144 else if (argc == 5 && strcmp(argv[1], "config") == 0 && strcmp(argv[2], "ipv6") == 0) {
145 net_if_ip6(argv[3], argv[4]); 145 net_if_ip6(argv[3], argv[4]);
146 } 146 }
147 else if (argc == 3 && strcmp(argv[1], "waitll") == 0) { 147 else if (argc == 3 && strcmp(argv[1], "waitll") == 0) {
148 net_if_waitll(argv[2]); 148 net_if_waitll(argv[2]);
149 } 149 }
150 else { 150 else {
151 fprintf(stderr, "Error fnet: invalid arguments\n"); 151 fprintf(stderr, "Error fnet: invalid arguments\n");
152 return 1; 152 return 1;
diff --git a/src/fnet/veth.c b/src/fnet/veth.c
index 2a23c6bd4..2111cfa56 100644
--- a/src/fnet/veth.c
+++ b/src/fnet/veth.c
@@ -24,8 +24,8 @@
24 * 24 *
25 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> 25 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
26 * 26 *
27 */ 27*/
28 /* 28/*
29 * Copyright (C) 2014-2023 Firejail Authors 29 * Copyright (C) 2014-2023 Firejail Authors
30 * 30 *
31 * This file is part of firejail project 31 * This file is part of firejail project
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c
index 978d145b3..8c0f6c297 100644
--- a/src/fnetfilter/main.c
+++ b/src/fnetfilter/main.c
@@ -1,4 +1,4 @@
1 /* 1/*
2 * Copyright (C) 2014-2023 Firejail Authors 2 * Copyright (C) 2014-2023 Firejail Authors
3 * 3 *
4 * This file is part of firejail project 4 * This file is part of firejail project
diff --git a/src/fnettrace-dns/fnettrace_dns.h b/src/fnettrace-dns/fnettrace_dns.h
index 6d8a3c211..b8f69e9d7 100644
--- a/src/fnettrace-dns/fnettrace_dns.h
+++ b/src/fnettrace-dns/fnettrace_dns.h
@@ -31,4 +31,4 @@
31#include <fcntl.h> 31#include <fcntl.h>
32#include <sys/mman.h> 32#include <sys/mman.h>
33 33
34#endif \ No newline at end of file 34#endif
diff --git a/src/fnettrace-dns/main.c b/src/fnettrace-dns/main.c
index 60738147d..64feec5fe 100644
--- a/src/fnettrace-dns/main.c
+++ b/src/fnettrace-dns/main.c
@@ -124,7 +124,7 @@ static void print_date(void) {
124 124
125static void run_trace(void) { 125static void run_trace(void) {
126 // grab all Ethernet packets and use a custom BPF filter to get only UDP from source port 53 126 // grab all Ethernet packets and use a custom BPF filter to get only UDP from source port 53
127 int s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); 127 int s = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
128 if (s < 0) 128 if (s < 0)
129 errExit("socket"); 129 errExit("socket");
130 custom_bpf(s); 130 custom_bpf(s);
diff --git a/src/fnettrace-icmp/fnettrace_icmp.h b/src/fnettrace-icmp/fnettrace_icmp.h
index f535106e1..04c449ff2 100644
--- a/src/fnettrace-icmp/fnettrace_icmp.h
+++ b/src/fnettrace-icmp/fnettrace_icmp.h
@@ -31,4 +31,4 @@
31#include <fcntl.h> 31#include <fcntl.h>
32#include <sys/mman.h> 32#include <sys/mman.h>
33 33
34#endif \ No newline at end of file 34#endif
diff --git a/src/fnettrace-sni/fnettrace_sni.h b/src/fnettrace-sni/fnettrace_sni.h
index f535106e1..04c449ff2 100644
--- a/src/fnettrace-sni/fnettrace_sni.h
+++ b/src/fnettrace-sni/fnettrace_sni.h
@@ -31,4 +31,4 @@
31#include <fcntl.h> 31#include <fcntl.h>
32#include <sys/mman.h> 32#include <sys/mman.h>
33 33
34#endif \ No newline at end of file 34#endif
diff --git a/src/fnettrace/fnettrace.h b/src/fnettrace/fnettrace.h
index d3bc6439e..629b8ce5b 100644
--- a/src/fnettrace/fnettrace.h
+++ b/src/fnettrace/fnettrace.h
@@ -70,4 +70,4 @@ char* retrieve_hostname(uint32_t ip);
70// tail.c 70// tail.c
71void tail(const char *logfile); 71void tail(const char *logfile);
72 72
73#endif \ No newline at end of file 73#endif
diff --git a/src/fnettrace/hostnames.c b/src/fnettrace/hostnames.c
index 4f5641dfb..878a67123 100644
--- a/src/fnettrace/hostnames.c
+++ b/src/fnettrace/hostnames.c
@@ -121,4 +121,3 @@ errexit:
121 fprintf(stderr, "Error: invalid line %d in file %s\n", line, fname); 121 fprintf(stderr, "Error: invalid line %d in file %s\n", line, fname);
122 exit(1); 122 exit(1);
123} 123}
124
diff --git a/src/fnettrace/radix.c b/src/fnettrace/radix.c
index 97e890bec..a1d510a61 100644
--- a/src/fnettrace/radix.c
+++ b/src/fnettrace/radix.c
@@ -152,4 +152,3 @@ char *radix_longest_prefix_match(uint32_t ip) {
152 152
153 return (rv)? rv->name: NULL; 153 return (rv)? rv->name: NULL;
154} 154}
155
diff --git a/src/fnettrace/radix.h b/src/fnettrace/radix.h
index 85a75d0d7..d75fe3999 100644
--- a/src/fnettrace/radix.h
+++ b/src/fnettrace/radix.h
@@ -24,4 +24,4 @@ extern int radix_nodes;
24char *radix_longest_prefix_match(uint32_t ip); 24char *radix_longest_prefix_match(uint32_t ip);
25char *radix_add(uint32_t ip, uint32_t mask, char *name); 25char *radix_add(uint32_t ip, uint32_t mask, char *name);
26 26
27#endif \ No newline at end of file 27#endif
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index 0a9b7c9b9..0bc521c0d 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -33,7 +33,7 @@ int main(int argc, char **argv) {
33//system("cat /proc/self/status"); 33//system("cat /proc/self/status");
34int i; 34int i;
35for (i = 0; i < argc; i++) 35for (i = 0; i < argc; i++)
36 printf("*%s* ", argv[i]); 36 printf("*%s* ", argv[i]);
37printf("\n"); 37printf("\n");
38} 38}
39#endif 39#endif
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index de93f260e..696c6bc0c 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -47,7 +47,7 @@ int main(int argc, char **argv) {
47//system("cat /proc/self/status"); 47//system("cat /proc/self/status");
48int i; 48int i;
49for (i = 0; i < argc; i++) 49for (i = 0; i < argc; i++)
50 printf("*%s* ", argv[i]); 50 printf("*%s* ", argv[i]);
51printf("\n"); 51printf("\n");
52} 52}
53#endif 53#endif
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c
index 1edbad764..57a5a6d67 100644
--- a/src/fseccomp/main.c
+++ b/src/fseccomp/main.c
@@ -58,7 +58,7 @@ int main(int argc, char **argv) {
58//system("cat /proc/self/status"); 58//system("cat /proc/self/status");
59int i; 59int i;
60for (i = 0; i < argc; i++) 60for (i = 0; i < argc; i++)
61 printf("*%s* ", argv[i]); 61 printf("*%s* ", argv[i]);
62printf("\n"); 62printf("\n");
63} 63}
64#endif 64#endif
diff --git a/src/fseccomp/namespaces.c b/src/fseccomp/namespaces.c
index ffc1dfe4c..e6c63219f 100644
--- a/src/fseccomp/namespaces.c
+++ b/src/fseccomp/namespaces.c
@@ -202,8 +202,8 @@ void deny_ns_32(const char *fname, const char *list) {
202 // 0003: 20 00 00 00000000 ld data.syscall-number 202 // 0003: 20 00 00 00000000 ld data.syscall-number
203 // 0004: 06 00 00 7fff0000 ret ALLOW 203 // 0004: 06 00 00 7fff0000 ret ALLOW
204 // 204 //
205 if (sizeof(filter)) 205 if (sizeof(filter))
206 write_to_file(fd, filter, sizeof(filter)); 206 write_to_file(fd, filter, sizeof(filter));
207 207
208 filter_end_blacklist(fd); 208 filter_end_blacklist(fd);
209 209
diff --git a/src/include/gcov_wrapper.h b/src/include/gcov_wrapper.h
index b56b4e736..7c8f89d59 100644
--- a/src/include/gcov_wrapper.h
+++ b/src/include/gcov_wrapper.h
@@ -33,8 +33,8 @@
33 */ 33 */
34#if __GNUC__ > 11 || (__GNUC__ == 11 && __GNUC_MINOR__ >= 1) 34#if __GNUC__ > 11 || (__GNUC__ == 11 && __GNUC_MINOR__ >= 1)
35static void __gcov_flush(void) { 35static void __gcov_flush(void) {
36 __gcov_dump(); 36 __gcov_dump();
37 __gcov_reset(); 37 __gcov_reset();
38} 38}
39#endif 39#endif
40#else 40#else
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index ef3fe6c3a..fc07b75ce 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -194,24 +194,24 @@
194#endif 194#endif
195 195
196#define VALIDATE_ARCHITECTURE \ 196#define VALIDATE_ARCHITECTURE \
197 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ 197 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
198 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \ 198 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \
199 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) 199 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
200 200
201#define VALIDATE_ARCHITECTURE_KILL \ 201#define VALIDATE_ARCHITECTURE_KILL \
202 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ 202 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
203 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \ 203 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_NR, 1, 0), \
204 KILL_OR_RETURN_ERRNO 204 KILL_OR_RETURN_ERRNO
205 205
206#define VALIDATE_ARCHITECTURE_64 \ 206#define VALIDATE_ARCHITECTURE_64 \
207 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ 207 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
208 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_64, 1, 0), \ 208 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_64, 1, 0), \
209 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) 209 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
210 210
211#define VALIDATE_ARCHITECTURE_32 \ 211#define VALIDATE_ARCHITECTURE_32 \
212 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \ 212 BPF_STMT(BPF_LD+BPF_W+BPF_ABS, (offsetof(struct seccomp_data, arch))), \
213 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_32, 1, 0), \ 213 BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ARCH_32, 1, 0), \
214 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW) 214 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
215 215
216#ifndef X32_SYSCALL_BIT 216#ifndef X32_SYSCALL_BIT
217#define X32_SYSCALL_BIT 0x40000000 217#define X32_SYSCALL_BIT 0x40000000
diff --git a/src/jailcheck/apparmor.c b/src/jailcheck/apparmor.c
index 9b6b72fb7..658928ed5 100644
--- a/src/jailcheck/apparmor.c
+++ b/src/jailcheck/apparmor.c
@@ -37,4 +37,3 @@ void apparmor_test(pid_t pid) {
37 return; 37 return;
38} 38}
39#endif 39#endif
40
diff --git a/src/jailcheck/network.c b/src/jailcheck/network.c
index 961a66105..a4d5eeec1 100644
--- a/src/jailcheck/network.c
+++ b/src/jailcheck/network.c
@@ -52,6 +52,3 @@ void network_test(void) {
52 else 52 else
53 printf(" Networking: disabled\n"); 53 printf(" Networking: disabled\n");
54} 54}
55
56
57
diff --git a/src/jailcheck/noexec.c b/src/jailcheck/noexec.c
index a78272591..bfeff9c7f 100644
--- a/src/jailcheck/noexec.c
+++ b/src/jailcheck/noexec.c
@@ -76,7 +76,7 @@ void noexec_test(const char *path) {
76 76
77 if (child == 0) { // child 77 if (child == 0) { // child
78 // drop privileges 78 // drop privileges
79 if (setgid(user_gid) != 0) 79 if (setgid(user_gid) != 0)
80 errExit("setgid"); 80 errExit("setgid");
81 if (setuid(user_uid) != 0) 81 if (setuid(user_uid) != 0)
82 errExit("setuid"); 82 errExit("setuid");
diff --git a/src/jailcheck/utils.c b/src/jailcheck/utils.c
index 8460c1bf7..97fe8833b 100644
--- a/src/jailcheck/utils.c
+++ b/src/jailcheck/utils.c
@@ -99,4 +99,3 @@ int find_child(int id) {
99 // this happens for processes sandboxed with --join 99 // this happens for processes sandboxed with --join
100 return first_child; 100 return first_child;
101} 101}
102
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c
index 97e36e5c9..25f0cc12e 100644
--- a/src/libtrace/libtrace.c
+++ b/src/libtrace/libtrace.c
@@ -35,11 +35,11 @@
35#include "../include/rundefs.h" 35#include "../include/rundefs.h"
36 36
37#define tprintf(fp, args...) \ 37#define tprintf(fp, args...) \
38 do { \ 38 do { \
39 if (!fp)\ 39 if (!fp)\
40 init(); \ 40 init(); \
41 fprintf(fp, args); \ 41 fprintf(fp, args); \
42 } while(0) 42 } while(0)
43 43
44// break recursivity on fopen call 44// break recursivity on fopen call
45typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode); 45typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode);
@@ -515,7 +515,7 @@ int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
515 if (!orig_connect) 515 if (!orig_connect)
516 orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect"); 516 orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect");
517 517
518 int rv = orig_connect(sockfd, addr, addrlen); 518 int rv = orig_connect(sockfd, addr, addrlen);
519 print_sockaddr(sockfd, "connect", addr, rv); 519 print_sockaddr(sockfd, "connect", addr, rv);
520 520
521 return rv; 521 return rv;
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 90a5f405d..d5e57e7cc 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -1,4 +1,4 @@
1 /* 1/*
2 * Copyright (C) 2014-2023 Firejail Authors 2 * Copyright (C) 2014-2023 Firejail Authors
3 * 3 *
4 * This file is part of firejail project 4 * This file is part of firejail project
@@ -166,7 +166,7 @@ static void process_file(char *fname) {
166 else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0) 166 else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0)
167 cnt_whitelistvar++; 167 cnt_whitelistvar++;
168 else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 || 168 else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 ||
169 strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0) 169 strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0)
170 cnt_whitelistrunuser++; 170 cnt_whitelistrunuser++;
171 else if (strncmp(ptr, "include whitelist-common.inc", 28) == 0) 171 else if (strncmp(ptr, "include whitelist-common.inc", 28) == 0)
172 cnt_whitelisthome++; 172 cnt_whitelisthome++;
@@ -283,10 +283,10 @@ int main(int argc, char **argv) {
283 arg_dbus_user_none = 1; 283 arg_dbus_user_none = 1;
284 else if (*argv[i] == '-') { 284 else if (*argv[i] == '-') {
285 fprintf(stderr, "Error: invalid option %s\n", argv[i]); 285 fprintf(stderr, "Error: invalid option %s\n", argv[i]);
286 return 1; 286 return 1;
287 } 287 }
288 else 288 else
289 break; 289 break;
290 } 290 }
291 291
292 start = i; 292 start = i;
diff --git a/src/tools/extract_seccomp.c b/src/tools/extract_seccomp.c
index 0482dfd88..69e20317a 100644
--- a/src/tools/extract_seccomp.c
+++ b/src/tools/extract_seccomp.c
@@ -31,10 +31,13 @@
31#include <linux/filter.h> 31#include <linux/filter.h>
32 32
33#define MAXBUF 1024 33#define MAXBUF 1024
34#define errExit(msg) { char msgout[256]; \ 34#define errExit(msg) \
35 snprintf(msgout, 256, "Error %d: %s", __LINE__, (msg)); \ 35 do { \
36 perror(msgout); \ 36 char msgout[256]; \
37 exit(1); } 37 snprintf(msgout, 256, "Error %d: %s", __LINE__, (msg)); \
38 perror(msgout); \
39 exit(1); \
40 } while (0);
38 41
39// dump all seccomp filters of a process 42// dump all seccomp filters of a process
40// for further analysis with fsec-print 43// for further analysis with fsec-print
diff --git a/src/zsh_completion/.editorconfig b/src/zsh_completion/.editorconfig
new file mode 100644
index 000000000..15ca952a4
--- /dev/null
+++ b/src/zsh_completion/.editorconfig
@@ -0,0 +1,3 @@
1[_*{,.in}]
2indent_size = 4
3indent_style = space
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-28 18:27:33 +0000