diff options
-rw-r--r-- | src/fbuilder/build_profile.c | 48 | ||||
-rw-r--r-- | src/fbuilder/fbuilder.h | 1 | ||||
-rw-r--r-- | src/fbuilder/main.c | 3 |
3 files changed, 26 insertions, 26 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 2e6b46e77..3a7a12fb3 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -22,7 +22,6 @@ | |||
22 | #include <sys/wait.h> | 22 | #include <sys/wait.h> |
23 | 23 | ||
24 | #define TRACE_OUTPUT "/tmp/firejail-trace.XXXXXX" | 24 | #define TRACE_OUTPUT "/tmp/firejail-trace.XXXXXX" |
25 | #define STRACE_OUTPUT "/tmp/firejail-strace.XXXXXX" | ||
26 | 25 | ||
27 | void build_profile(int argc, char **argv, int index, FILE *fp) { | 26 | void build_profile(int argc, char **argv, int index, FILE *fp) { |
28 | // next index is the application name | 27 | // next index is the application name |
@@ -41,36 +40,33 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
41 | if(asprintf(&output,"--trace=%s",trace_output) == -1) | 40 | if(asprintf(&output,"--trace=%s",trace_output) == -1) |
42 | errExit("asprintf"); | 41 | errExit("asprintf"); |
43 | 42 | ||
44 | char *cmdlist[] = { | ||
45 | BINDIR "/firejail", | ||
46 | "--quiet", | ||
47 | "--noprofile", | ||
48 | "--caps.drop=all", | ||
49 | "--seccomp", | ||
50 | output, | ||
51 | "--shell=none", | ||
52 | }; | ||
53 | |||
54 | // calculate command length | 43 | // calculate command length |
55 | unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1; | 44 | unsigned len = 64; // plenty of space for firejail command line |
56 | if (arg_debug) | 45 | len += argc - index; // program command line |
57 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); | 46 | len += 1; // NULL |
58 | char *cmd[len]; | ||
59 | cmd[0] = cmdlist[0]; // explicit assignment to clean scan-build error | ||
60 | 47 | ||
61 | // build command | 48 | // build command |
62 | unsigned i = 0; | 49 | char *cmd[len]; |
63 | for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) | 50 | unsigned curr_len = 0; |
64 | cmd[i] = cmdlist[i]; | 51 | cmd[curr_len++] = BINDIR "/firejail"; |
65 | 52 | cmd[curr_len++] = "--quiet"; | |
66 | int i2 = index; | 53 | cmd[curr_len++] = "--noprofile"; |
67 | for (; i < (len - 1); i++, i2++) | 54 | cmd[curr_len++] = "--caps.drop=all"; |
68 | cmd[i] = argv[i2]; | 55 | cmd[curr_len++] = "--seccomp"; |
69 | assert(i < len); | 56 | cmd[curr_len++] = "--shell=none"; |
70 | cmd[i] = NULL; | 57 | cmd[curr_len++] = output; |
58 | if (arg_appimage) | ||
59 | cmd[curr_len++] = "--appimage"; | ||
60 | |||
61 | int i; | ||
62 | for (i = index; i < argc; i++) | ||
63 | cmd[curr_len++] = argv[i]; | ||
64 | |||
65 | assert(curr_len < len); | ||
66 | cmd[curr_len] = NULL; | ||
71 | 67 | ||
72 | if (arg_debug) { | 68 | if (arg_debug) { |
73 | for (i = 0; i < len; i++) | 69 | for (i = 0; cmd[i]; i++) |
74 | printf("%s%s\n", (i)?"\t":"", cmd[i]); | 70 | printf("%s%s\n", (i)?"\t":"", cmd[i]); |
75 | } | 71 | } |
76 | 72 | ||
diff --git a/src/fbuilder/fbuilder.h b/src/fbuilder/fbuilder.h index 12dfdb8be..3e23d7854 100644 --- a/src/fbuilder/fbuilder.h +++ b/src/fbuilder/fbuilder.h | |||
@@ -31,6 +31,7 @@ | |||
31 | #define MAX_BUF 4096 | 31 | #define MAX_BUF 4096 |
32 | // main.c | 32 | // main.c |
33 | extern int arg_debug; | 33 | extern int arg_debug; |
34 | extern int arg_appimage; | ||
34 | 35 | ||
35 | // build_profile.c | 36 | // build_profile.c |
36 | void build_profile(int argc, char **argv, int index, FILE *fp); | 37 | void build_profile(int argc, char **argv, int index, FILE *fp); |
diff --git a/src/fbuilder/main.c b/src/fbuilder/main.c index 9e30ec539..aa49b2489 100644 --- a/src/fbuilder/main.c +++ b/src/fbuilder/main.c | |||
@@ -19,6 +19,7 @@ | |||
19 | */ | 19 | */ |
20 | #include "fbuilder.h" | 20 | #include "fbuilder.h" |
21 | int arg_debug = 0; | 21 | int arg_debug = 0; |
22 | int arg_appimage = 0; | ||
22 | 23 | ||
23 | static void usage(void) { | 24 | static void usage(void) { |
24 | printf("Firejail profile builder\n"); | 25 | printf("Firejail profile builder\n"); |
@@ -49,6 +50,8 @@ printf("\n"); | |||
49 | } | 50 | } |
50 | else if (strcmp(argv[i], "--debug") == 0) | 51 | else if (strcmp(argv[i], "--debug") == 0) |
51 | arg_debug = 1; | 52 | arg_debug = 1; |
53 | else if (strcmp(argv[i], "--appimage") == 0) | ||
54 | arg_appimage = 1; | ||
52 | else if (strcmp(argv[i], "--build") == 0) | 55 | else if (strcmp(argv[i], "--build") == 0) |
53 | ; // do nothing, this is passed down from firejail | 56 | ; // do nothing, this is passed down from firejail |
54 | else if (strncmp(argv[i], "--build=", 8) == 0) { | 57 | else if (strncmp(argv[i], "--build=", 8) == 0) { |