5 files changed, 189 insertions, 157 deletions
diff --git a/contrib/fix_private-bin.py b/contrib/fix_private-bin.py
index 613a945a8..65bfba52d 100755
--- a/contrib/fix_private-bin.py
+++ b/contrib/fix_private-bin.py
@@ -29,80 +29,84 @@ __license__ = "Unlicense"
 import sys, os, glob, re
-privRx=re.compile("^(?:#\s*)?private-bin")
+privRx = re.compile("^(?:#\s*)?private-bin")
 def fixSymlinkedBins(files, replMap):
-        """
+    """
        Used to add filenames to private-bin directives of files if the ones present are mentioned in replMap
        replMap is a dict where key is the marker filename and value is the filename to add
        """
-        rxs=dict()
+    rxs = dict()
-        for (old,new) in replMap.items():
+    for (old, new) in replMap.items():
-                rxs[old]=re.compile("\\b"+old+"\\b")
+        rxs[old] = re.compile("\\b" + old + "\\b")
-                rxs[new]=re.compile("\\b"+new+"\\b")
+        rxs[new] = re.compile("\\b" + new + "\\b")
-        #print(rxs)
+    #print(rxs)
-        for filename in files:
+    for filename in files:
-                lines=None
+        lines = None
-                with open(filename,"r") as file:
+        with open(filename, "r") as file:
-                        lines=file.readlines()
+            lines = file.readlines()
-                shouldUpdate=False
+        shouldUpdate = False
-                for (i,line) in enumerate(lines):
+        for (i, line) in enumerate(lines):
-                        if privRx.search(line):
+            if privRx.search(line):
-                                for (old,new) in replMap.items():
+                for (old, new) in replMap.items():
-                                        if rxs[old].search(line) and not rxs[new].search(line):
+                    if rxs[old].search(line) and not rxs[new].search(line):
-                                                lines[i]=rxs[old].sub(old+","+new, line)
+                        lines[i] = rxs[old].sub(old + "," + new, line)
-                                                shouldUpdate=True
+                        shouldUpdate = True
-                                                print(lines[i])
+                        print(lines[i])
-                if shouldUpdate:
+        if shouldUpdate:
-                        with open(filename,"w") as file:
+            with open(filename, "w") as file:
-                                file.writelines(lines)
+                file.writelines(lines)
-                        pass
+            pass
 def createSetOfBinaries(files):
-        """
+    """
        Creates a set of binaries mentioned in private-bin directives of files.
        """
-        s=set()
+    s = set()
-        for filename in files:
+    for filename in files:
-                lines=None
+        lines = None
-                with open(filename,"r") as file:
+        with open(filename, "r") as file:
-                        for line in file:
+            for line in file:
-                                if privRx.search(line):
+                if privRx.search(line):
-                                        bins=line.split(",")
+                    bins = line.split(",")
-                                        bins[0]=bins[0].split(" ")[-1]
+                    bins[0] = bins[0].split(" ")[-1]
-                                        bins = [n.strip() for n in bins]
+                    bins = [n.strip() for n in bins]
-                                        s=s|set(bins)
+                    s = s | set(bins)
-        return s
+    return s
 def createSymlinkTable(binDirs, binariesSet):
-        """
+    """
        creates a dict of symlinked binaries in the system where a key is a symlink name and value is a symlinked binary.
        binDirs are folders to look into for binaries symlinks
        binariesSet is a set of binaries to be checked if they are actually a symlinks
        """
-        m=dict()
+    m = dict()
-        toProcess=binariesSet
+    toProcess = binariesSet
-        while len(toProcess)!=0:
+    while len(toProcess) != 0:
-                additional=set()
+        additional = set()
-                for sh in toProcess:
+        for sh in toProcess:
-                        for bD in binDirs:
+            for bD in binDirs:
-                                p=bD+os.path.sep+sh
+                p = bD + os.path.sep + sh
-                                if os.path.exists(p):
+                if os.path.exists(p):
-                                        if os.path.islink(p):
+                    if os.path.islink(p):
-                                                m[sh]=os.readlink(p)
+                        m[sh] = os.readlink(p)
-                                                additional.add(m[sh].split(" ")[0])
+                        additional.add(m[sh].split(" ")[0])
-                                        else:
+                    else:
-                                                pass
+                        pass
-                                        break
+                    break
-                toProcess=additional
+        toProcess = additional
-        return m
+    return m
 def doTheFixes(profilesPath, binDirs):
-        """
+    """
        Fixes private-bin in .profiles for firejail. The pipeline is as follows:
        discover files -> discover mentioned binaries ->
        discover the ones which are symlinks ->
@@ -110,48 +114,60 @@ def doTheFixes(profilesPath, binDirs):
        filter the ones can be fixed (we cannot fix the ones which are not in directories for binaries) ->
        apply fix
        """
-        files=glob.glob(profilesPath+os.path.sep+"*.profile")
+    files = glob.glob(profilesPath + os.path.sep + "*.profile")
-        bins=createSetOfBinaries(files)
+    bins = createSetOfBinaries(files)
-        #print("The binaries used are:")
+    #print("The binaries used are:")
-        #print(bins)
+    #print(bins)
-        stbl=createSymlinkTable(binDirs,bins)
+    stbl = createSymlinkTable(binDirs, bins)
-        print("The replacement table is:")
+    print("The replacement table is:")
-        print(stbl)
+    print(stbl)
-        stbl={a[0]:a[1] for a in stbl.items() if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep)<0}
+    stbl = {
-        print("Filtered replacement table is:")
+        a[0]: a[1]
-        print(stbl)
+        for a in stbl.items()
-        fixSymlinkedBins(files,stbl)
+        if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep) < 0
+    }
+    print("Filtered replacement table is:")
+    print(stbl)
+    fixSymlinkedBins(files, stbl)
 def printHelp():
-        print("python3 "+os.path.basename(__file__)+" <dir with .profile files>\nThe default dir is "+defaultProfilesPath+"\n"+doTheFixes.__doc__)
+    print("python3 " + os.path.basename(__file__) +
+          " <dir with .profile files>\nThe default dir is " +
+          defaultProfilesPath + "\n" + doTheFixes.__doc__)
 def main():
-        """The main function. Parses the commandline args, shows messages and calles the function actually doing the work."""
+    """The main function. Parses the commandline args, shows messages and calles the function actually doing the work."""
-        print(repr(sys.argv))
+    print(repr(sys.argv))
-        defaultProfilesPath="../etc"
+    defaultProfilesPath = "../etc"
-        if len(sys.argv)>2 or (len(sys.argv)==2 and (sys.argv[1] == '-h' or sys.argv[1] == '--help') ):
+    if len(sys.argv) > 2 or (len(sys.argv) == 2 and
-                printHelp()
+                             (sys.argv[1] == '-h' or sys.argv[1] == '--help')):
-                exit(1)
+        printHelp()
+        exit(1)
-        profilesPath=None
-        if len(sys.argv)==2:
+    profilesPath = None
-                if os.path.isdir(sys.argv[1]):
+    if len(sys.argv) == 2:
-                        profilesPath=os.path.abspath(sys.argv[1])
+        if os.path.isdir(sys.argv[1]):
-                else:
+            profilesPath = os.path.abspath(sys.argv[1])
-                        if os.path.exists(sys.argv[1]):
+        else:
-                                print(sys.argv[1]+" is not a dir")
+            if os.path.exists(sys.argv[1]):
-                        else:
+                print(sys.argv[1] + " is not a dir")
-                                print(sys.argv[1]+" does not exist")
+            else:
-                        printHelp()
+                print(sys.argv[1] + " does not exist")
-                        exit(1)
+            printHelp()
-        else:
+            exit(1)
-                print("Using default profiles dir: " + defaultProfilesPath)
+    else:
-                profilesPath=defaultProfilesPath
+        print("Using default profiles dir: " + defaultProfilesPath)
+        profilesPath = defaultProfilesPath
-        binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"]
-        print("Binaries dirs are:")
+    binDirs = [
-        print(binDirs)
+        "/bin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/usr/local/sbin"
-        doTheFixes(profilesPath, binDirs)
+    ]
+    print("Binaries dirs are:")
+    print(binDirs)
+    doTheFixes(profilesPath, binDirs)
 if __name__ == "__main__":
-        main()
+    main()
diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py
index 3cc13b758..89b4e46a9 100755
--- a/contrib/fj-mkdeb.py
+++ b/contrib/fj-mkdeb.py
@@ -4,42 +4,46 @@
 import os, re, shlex, subprocess, sys
 def run(srcdir, args):
-  if srcdir: os.chdir(srcdir)
+    if srcdir: os.chdir(srcdir)
-  dry_run=False
+    dry_run = False
-  escaped_args=[]
+    escaped_args = []
-  # We need to modify the list as we go.  So be sure to copy the list to be iterated!
+    # We need to modify the list as we go.  So be sure to copy the list to be iterated!
-  for a in args[:]:
+    for a in args[:]:
-    if a.startswith('--prefix'):
+        if a.startswith('--prefix'):
-      # prefix should ALWAYS be /usr here.  Discard user-set values
+            # prefix should ALWAYS be /usr here.  Discard user-set values
-      args.remove(a)
+            args.remove(a)
-    elif a == '--only-fix-mkdeb':
+        elif a == '--only-fix-mkdeb':
-      # for us, not configure
+            # for us, not configure
-      dry_run=True
+            dry_run = True
-      args.remove(a)
+            args.remove(a)
-    else:
+        else:
-      escaped_args.append(shlex.quote(a))
+            escaped_args.append(shlex.quote(a))
-  # Fix up mkdeb.sh to include custom configure options.
+    # Fix up mkdeb.sh to include custom configure options.
-  with open('mkdeb.sh', 'rb') as f:
+    with open('mkdeb.sh', 'rb') as f:
-    sh=str(f.read(), 'utf_8')
+        sh = str(f.read(), 'utf_8')
-  rx=re.compile(r'^\./configure\s.*$', re.M)
+    rx = re.compile(r'^\./configure\s.*$', re.M)
-  with open('mkdeb.sh', 'wb') as f:
+    with open('mkdeb.sh', 'wb') as f:
-    f.write(bytes(rx.sub('./configure --prefix=/usr '+(' '.join(escaped_args)), sh), 'utf_8'))
+        f.write(
+            bytes(
+                rx.sub('./configure --prefix=/usr ' + (' '.join(escaped_args)),
+                       sh), 'utf_8'))
-  if dry_run: return 0
+    if dry_run: return 0
-  # now run configure && make
+    # now run configure && make
-  if subprocess.call(['./configure', '--prefix=/usr']+args) == 0:
+    if subprocess.call(['./configure', '--prefix=/usr'] + args) == 0:
-    subprocess.call(['make', 'deb'])
+        subprocess.call(['make', 'deb'])
-  return 0
+    return 0
 if __name__ == '__main__':
-  if len(sys.argv) == 2 and sys.argv[1] == '--help':
+    if len(sys.argv) == 2 and sys.argv[1] == '--help':
-    print('''Build a .deb of firejail with custom configure options
+        print('''Build a .deb of firejail with custom configure options
 usage:
 {script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]
@@ -51,24 +55,26 @@ usage:
 --only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh
 CONFIGURE_OPTIONS: arguments for configure
 '''.format(script=sys.argv[0]))
-    sys.exit(0)
+        sys.exit(0)
-  else:
+    else:
-    # Find the source directory
+        # Find the source directory
-    srcdir=None
+        srcdir = None
-    args=sys.argv[1:]
+        args = sys.argv[1:]
-    for a in args:
+        for a in args:
-      if a.startswith('--fj-src='):
+            if a.startswith('--fj-src='):
-        args.remove(a)
+                args.remove(a)
-        srcdir=a[9:]
+                srcdir = a[9:]
-        break
+                break
-    if not(srcdir):
+        if not (srcdir):
-      # srcdir not manually specified, try to auto-detect
+            # srcdir not manually specified, try to auto-detect
-      srcdir=os.path.dirname(os.path.abspath(sys.argv[0]+'/..'))
+            srcdir = os.path.dirname(os.path.abspath(sys.argv[0] + '/..'))
-      if not(os.path.isfile(srcdir+'/mkdeb.sh')):
+            if not (os.path.isfile(srcdir + '/mkdeb.sh')):
-        # Script is probably installed.  Check the cwd.
+                # Script is probably installed.  Check the cwd.
-        if os.path.isfile('./mkdeb.sh'):
+                if os.path.isfile('./mkdeb.sh'):
-          srcdir=None
+                    srcdir = None
-        else:
+                else:
-          print('Error: Could not find the firejail source tree.  Exiting.')
+                    print(
-          sys.exit(1)
+                        'Error: Could not find the firejail source tree.  Exiting.'
-    sys.exit(run(srcdir, args))
+                    )
+                    sys.exit(1)
+        sys.exit(run(srcdir, args))
diff --git a/contrib/fjclip.py b/contrib/fjclip.py
index b45959841..3d0c56dc6 100755
--- a/contrib/fjclip.py
+++ b/contrib/fjclip.py
@@ -23,7 +23,7 @@ if sys.argv[1] == '-':
    clipin_raw = sys.stdin.read()
 else:
    display = fjdisplay.getdisplay(sys.argv[1])
-    clipin_raw = subprocess.check_output(['xsel','-b','--display',display])
+    clipin_raw = subprocess.check_output(['xsel', '-b', '--display', display])
 clipin = clipin_raw.strip()
@@ -31,5 +31,6 @@ if sys.argv[2] == '-':
    print(clipin)
 else:
    display = fjdisplay.getdisplay(sys.argv[2])
-    clipout = subprocess.Popen(['xsel','-b','-i','--display',display],stdin=subprocess.PIPE)
+    clipout = subprocess.Popen(['xsel', '-b', '-i', '--display', display],
+                               stdin=subprocess.PIPE)
    clipout.communicate(clipin)
diff --git a/contrib/fjdisplay.py b/contrib/fjdisplay.py
index 3f409545f..7b2db549a 100755
--- a/contrib/fjdisplay.py
+++ b/contrib/fjdisplay.py
@@ -8,23 +8,25 @@ usage = """fjdisplay.py name-of-firejail
 returns the display in the form of ':NNN'
 """
 def getfirejails():
-    output = subprocess.check_output(['firemon','--x11'])
+    output = subprocess.check_output(['firemon', '--x11'])
    firejails = {}
    name = ''
    for line in output.split('\n'):
-        namematch = re.search('--name=(\w+\S*)',line)
+        namematch = re.search('--name=(\w+\S*)', line)
        if namematch:
-          name = namematch.group(1)
+            name = namematch.group(1)
-        displaymatch = re.search('DISPLAY (:\d+)',line)
+        displaymatch = re.search('DISPLAY (:\d+)', line)
        if displaymatch:
-          firejails[name] = displaymatch.group(1)
+            firejails[name] = displaymatch.group(1)
    return firejails
 def getdisplay(name):
    firejails = getfirejails()
    fjlist = '\n'.join(firejails.keys())
-    namere = re.compile('^'+name+'.*', re.MULTILINE)
+    namere = re.compile('^' + name + '.*', re.MULTILINE)
    matchingjails = namere.findall(fjlist)
    if len(matchingjails) == 1:
        return firejails[matchingjails[0]]
@@ -33,6 +35,7 @@ def getdisplay(name):
    else:
        raise NameError("ambiguous firejail name")
 if __name__ == '__main__':
    if '-h' in sys.argv or '--help' in sys.argv or len(sys.argv) > 2:
        print(usage)
@@ -40,4 +43,4 @@ if __name__ == '__main__':
    if len(sys.argv) == 1:
        print(getfirejails())
    if len(sys.argv) == 2:
-        print (getdisplay(sys.argv[1]))
+        print(getdisplay(sys.argv[1]))
diff --git a/contrib/fjresize.py b/contrib/fjresize.py
index 4eb33f120..95b76259d 100755
--- a/contrib/fjresize.py
+++ b/contrib/fjresize.py
@@ -6,20 +6,26 @@ import subprocess
 usage = """usage: fjresize.py firejail-name displaysize
 resize firejail xephyr windows.
-fjdisplay.py with no other arguments will list running named firejails with displays.
+fjdisplay.py with no other arguments will list running named firejails with
+displays.
 fjresize.py with only a firejail name will list valid resolutions.
-names can be shortened as long its unambiguous.
+names can be shortened as long as it's unambiguous.
 note: you may need to move the xephyr window for the resize to take effect
 example:
    fjresize.py browser 1280x800
 """
 if len(sys.argv) == 2:
-    out = subprocess.check_output(['xrandr','--display',fjdisplay.getdisplay(sys.argv[1])])
+    out = subprocess.check_output(
+        ['xrandr', '--display',
+         fjdisplay.getdisplay(sys.argv[1])])
    print(out)
 elif len(sys.argv) == 3:
-    out = subprocess.check_output(['xrandr','--display',fjdisplay.getdisplay(sys.argv[1]),'--output','default','--mode',sys.argv[2]])
+    out = subprocess.check_output([
+        'xrandr', '--display',
+        fjdisplay.getdisplay(sys.argv[1]), '--output', 'default', '--mode',
+        sys.argv[2]
+    ])
    print(out)
 else:
    print(usage)

diff --git a/contrib/fix_private-bin.py b/contrib/fix_private-bin.py index 613a945a8..65bfba52d 100755 --- a/contrib/fix_private-bin.py +++ b/contrib/fix_private-bin.py
@@ -29,80 +29,84 @@ __license__ = "Unlicense"
29		29
30	import sys, os, glob, re	30	import sys, os, glob, re
31		31
32	privRx=re.compile("^(?:#\s*)?private-bin")	32	privRx = re.compile("^(?:#\s*)?private-bin")
		33
33		34
34	def fixSymlinkedBins(files, replMap):	35	def fixSymlinkedBins(files, replMap):
35	"""	36	"""
36	Used to add filenames to private-bin directives of files if the ones present are mentioned in replMap	37	Used to add filenames to private-bin directives of files if the ones present are mentioned in replMap
37	replMap is a dict where key is the marker filename and value is the filename to add	38	replMap is a dict where key is the marker filename and value is the filename to add
38	"""	39	"""
39		40
40	rxs=dict()	41	rxs = dict()
41	for (old,new) in replMap.items():	42	for (old, new) in replMap.items():
42	rxs[old]=re.compile("\\b"+old+"\\b")	43	rxs[old] = re.compile("\\b" + old + "\\b")
43	rxs[new]=re.compile("\\b"+new+"\\b")	44	rxs[new] = re.compile("\\b" + new + "\\b")
44	#print(rxs)	45	#print(rxs)
45		46
46	for filename in files:	47	for filename in files:
47	lines=None	48	lines = None
48	with open(filename,"r") as file:	49	with open(filename, "r") as file:
49	lines=file.readlines()	50	lines = file.readlines()
50		51
51	shouldUpdate=False	52	shouldUpdate = False
52	for (i,line) in enumerate(lines):	53	for (i, line) in enumerate(lines):
53	if privRx.search(line):	54	if privRx.search(line):
54	for (old,new) in replMap.items():	55	for (old, new) in replMap.items():
55	if rxs[old].search(line) and not rxs[new].search(line):	56	if rxs[old].search(line) and not rxs[new].search(line):
56	lines[i]=rxs[old].sub(old+","+new, line)	57	lines[i] = rxs[old].sub(old + "," + new, line)
57	shouldUpdate=True	58	shouldUpdate = True
58	print(lines[i])	59	print(lines[i])
59		60
60	if shouldUpdate:	61	if shouldUpdate:
61	with open(filename,"w") as file:	62	with open(filename, "w") as file:
62	file.writelines(lines)	63	file.writelines(lines)
63	pass	64	pass
		65
64		66
65	def createSetOfBinaries(files):	67	def createSetOfBinaries(files):
66	"""	68	"""
67	Creates a set of binaries mentioned in private-bin directives of files.	69	Creates a set of binaries mentioned in private-bin directives of files.
68	"""	70	"""
69	s=set()	71	s = set()
70	for filename in files:	72	for filename in files:
71	lines=None	73	lines = None
72	with open(filename,"r") as file:	74	with open(filename, "r") as file:
73	for line in file:	75	for line in file:
74	if privRx.search(line):	76	if privRx.search(line):
75	bins=line.split(",")	77	bins = line.split(",")
76	bins[0]=bins[0].split(" ")[-1]	78	bins[0] = bins[0].split(" ")[-1]
77	bins = [n.strip() for n in bins]	79	bins = [n.strip() for n in bins]
78	s=s\|set(bins)	80	s = s \| set(bins)
79	return s	81	return s
		82
80		83
81	def createSymlinkTable(binDirs, binariesSet):	84	def createSymlinkTable(binDirs, binariesSet):
82	"""	85	"""
83	creates a dict of symlinked binaries in the system where a key is a symlink name and value is a symlinked binary.	86	creates a dict of symlinked binaries in the system where a key is a symlink name and value is a symlinked binary.
84	binDirs are folders to look into for binaries symlinks	87	binDirs are folders to look into for binaries symlinks
85	binariesSet is a set of binaries to be checked if they are actually a symlinks	88	binariesSet is a set of binaries to be checked if they are actually a symlinks
86	"""	89	"""
87	m=dict()	90	m = dict()
88	toProcess=binariesSet	91	toProcess = binariesSet
89	while len(toProcess)!=0:	92	while len(toProcess) != 0:
90	additional=set()	93	additional = set()
91	for sh in toProcess:	94	for sh in toProcess:
92	for bD in binDirs:	95	for bD in binDirs:
93	p=bD+os.path.sep+sh	96	p = bD + os.path.sep + sh
94	if os.path.exists(p):	97	if os.path.exists(p):
95	if os.path.islink(p):	98	if os.path.islink(p):
96	m[sh]=os.readlink(p)	99	m[sh] = os.readlink(p)
97	additional.add(m[sh].split(" ")[0])	100	additional.add(m[sh].split(" ")[0])
98	else:	101	else:
99	pass	102	pass
100	break	103	break
101	toProcess=additional	104	toProcess = additional
102	return m	105	return m
		106
103		107
104	def doTheFixes(profilesPath, binDirs):	108	def doTheFixes(profilesPath, binDirs):
105	"""	109	"""
106	Fixes private-bin in .profiles for firejail. The pipeline is as follows:	110	Fixes private-bin in .profiles for firejail. The pipeline is as follows:
107	discover files -> discover mentioned binaries ->	111	discover files -> discover mentioned binaries ->
108	discover the ones which are symlinks ->	112	discover the ones which are symlinks ->
@@ -110,48 +114,60 @@ def doTheFixes(profilesPath, binDirs):
110	filter the ones can be fixed (we cannot fix the ones which are not in directories for binaries) ->	114	filter the ones can be fixed (we cannot fix the ones which are not in directories for binaries) ->
111	apply fix	115	apply fix
112	"""	116	"""
113	files=glob.glob(profilesPath+os.path.sep+"*.profile")	117	files = glob.glob(profilesPath + os.path.sep + "*.profile")
114	bins=createSetOfBinaries(files)	118	bins = createSetOfBinaries(files)
115	#print("The binaries used are:")	119	#print("The binaries used are:")
116	#print(bins)	120	#print(bins)
117	stbl=createSymlinkTable(binDirs,bins)	121	stbl = createSymlinkTable(binDirs, bins)
118	print("The replacement table is:")	122	print("The replacement table is:")
119	print(stbl)	123	print(stbl)
120	stbl={a[0]:a[1] for a in stbl.items() if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep)<0}	124	stbl = {
121	print("Filtered replacement table is:")	125	a[0]: a[1]
122	print(stbl)	126	for a in stbl.items()
123	fixSymlinkedBins(files,stbl)	127	if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep) < 0
		128	}
		129	print("Filtered replacement table is:")
		130	print(stbl)
		131	fixSymlinkedBins(files, stbl)
		132
124		133
125	def printHelp():	134	def printHelp():
126	print("python3 "+os.path.basename(__file__)+" <dir with .profile files>\nThe default dir is "+defaultProfilesPath+"\n"+doTheFixes.__doc__)	135	print("python3 " + os.path.basename(__file__) +
		136	" <dir with .profile files>\nThe default dir is " +
		137	defaultProfilesPath + "\n" + doTheFixes.__doc__)
		138
127		139
128	def main():	140	def main():
129	"""The main function. Parses the commandline args, shows messages and calles the function actually doing the work."""	141	"""The main function. Parses the commandline args, shows messages and calles the function actually doing the work."""
130	print(repr(sys.argv))	142	print(repr(sys.argv))
131	defaultProfilesPath="../etc"	143	defaultProfilesPath = "../etc"
132	if len(sys.argv)>2 or (len(sys.argv)==2 and (sys.argv[1] == '-h' or sys.argv[1] == '--help') ):	144	if len(sys.argv) > 2 or (len(sys.argv) == 2 and
133	printHelp()	145	(sys.argv[1] == '-h' or sys.argv[1] == '--help')):
134	exit(1)	146	printHelp()
135		147	exit(1)
136	profilesPath=None	148
137	if len(sys.argv)==2:	149	profilesPath = None
138	if os.path.isdir(sys.argv[1]):	150	if len(sys.argv) == 2:
139	profilesPath=os.path.abspath(sys.argv[1])	151	if os.path.isdir(sys.argv[1]):
140	else:	152	profilesPath = os.path.abspath(sys.argv[1])
141	if os.path.exists(sys.argv[1]):	153	else:
142	print(sys.argv[1]+" is not a dir")	154	if os.path.exists(sys.argv[1]):
143	else:	155	print(sys.argv[1] + " is not a dir")
144	print(sys.argv[1]+" does not exist")	156	else:
145	printHelp()	157	print(sys.argv[1] + " does not exist")
146	exit(1)	158	printHelp()
147	else:	159	exit(1)
148	print("Using default profiles dir: " + defaultProfilesPath)	160	else:
149	profilesPath=defaultProfilesPath	161	print("Using default profiles dir: " + defaultProfilesPath)
150		162	profilesPath = defaultProfilesPath
151	binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"]	163
152	print("Binaries dirs are:")	164	binDirs = [
153	print(binDirs)	165	"/bin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/usr/local/sbin"
154	doTheFixes(profilesPath, binDirs)	166	]
		167	print("Binaries dirs are:")
		168	print(binDirs)
		169	doTheFixes(profilesPath, binDirs)
		170
155		171
156	if __name__ == "__main__":	172	if __name__ == "__main__":
157	main()	173	main()


diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py index 3cc13b758..89b4e46a9 100755 --- a/contrib/fj-mkdeb.py +++ b/contrib/fj-mkdeb.py
@@ -4,42 +4,46 @@
4		4
5	import os, re, shlex, subprocess, sys	5	import os, re, shlex, subprocess, sys
6		6
		7
7	def run(srcdir, args):	8	def run(srcdir, args):
8	if srcdir: os.chdir(srcdir)	9	if srcdir: os.chdir(srcdir)
9		10
10	dry_run=False	11	dry_run = False
11	escaped_args=[]	12	escaped_args = []
12	# We need to modify the list as we go. So be sure to copy the list to be iterated!	13	# We need to modify the list as we go. So be sure to copy the list to be iterated!
13	for a in args[:]:	14	for a in args[:]:
14	if a.startswith('--prefix'):	15	if a.startswith('--prefix'):
15	# prefix should ALWAYS be /usr here. Discard user-set values	16	# prefix should ALWAYS be /usr here. Discard user-set values
16	args.remove(a)	17	args.remove(a)
17	elif a == '--only-fix-mkdeb':	18	elif a == '--only-fix-mkdeb':
18	# for us, not configure	19	# for us, not configure
19	dry_run=True	20	dry_run = True
20	args.remove(a)	21	args.remove(a)
21	else:	22	else:
22	escaped_args.append(shlex.quote(a))	23	escaped_args.append(shlex.quote(a))
23		24
24	# Fix up mkdeb.sh to include custom configure options.	25	# Fix up mkdeb.sh to include custom configure options.
25	with open('mkdeb.sh', 'rb') as f:	26	with open('mkdeb.sh', 'rb') as f:
26	sh=str(f.read(), 'utf_8')	27	sh = str(f.read(), 'utf_8')
27	rx=re.compile(r'^\./configure\s.*$', re.M)	28	rx = re.compile(r'^\./configure\s.*$', re.M)
28	with open('mkdeb.sh', 'wb') as f:	29	with open('mkdeb.sh', 'wb') as f:
29	f.write(bytes(rx.sub('./configure --prefix=/usr '+(' '.join(escaped_args)), sh), 'utf_8'))	30	f.write(
		31	bytes(
		32	rx.sub('./configure --prefix=/usr ' + (' '.join(escaped_args)),
		33	sh), 'utf_8'))
30		34
31	if dry_run: return 0	35	if dry_run: return 0
32		36
33	# now run configure && make	37	# now run configure && make
34	if subprocess.call(['./configure', '--prefix=/usr']+args) == 0:	38	if subprocess.call(['./configure', '--prefix=/usr'] + args) == 0:
35	subprocess.call(['make', 'deb'])	39	subprocess.call(['make', 'deb'])
36		40
37	return 0	41	return 0
38		42
39		43
40	if __name__ == '__main__':	44	if __name__ == '__main__':
41	if len(sys.argv) == 2 and sys.argv[1] == '--help':	45	if len(sys.argv) == 2 and sys.argv[1] == '--help':
42	print('''Build a .deb of firejail with custom configure options	46	print('''Build a .deb of firejail with custom configure options
43		47
44	usage:	48	usage:
45	{script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]	49	{script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]
@@ -51,24 +55,26 @@ usage:
51	--only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh	55	--only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh
52	CONFIGURE_OPTIONS: arguments for configure	56	CONFIGURE_OPTIONS: arguments for configure
53	'''.format(script=sys.argv[0]))	57	'''.format(script=sys.argv[0]))
54	sys.exit(0)	58	sys.exit(0)
55	else:	59	else:
56	# Find the source directory	60	# Find the source directory
57	srcdir=None	61	srcdir = None
58	args=sys.argv[1:]	62	args = sys.argv[1:]
59	for a in args:	63	for a in args:
60	if a.startswith('--fj-src='):	64	if a.startswith('--fj-src='):
61	args.remove(a)	65	args.remove(a)
62	srcdir=a[9:]	66	srcdir = a[9:]
63	break	67	break
64	if not(srcdir):	68	if not (srcdir):
65	# srcdir not manually specified, try to auto-detect	69	# srcdir not manually specified, try to auto-detect
66	srcdir=os.path.dirname(os.path.abspath(sys.argv[0]+'/..'))	70	srcdir = os.path.dirname(os.path.abspath(sys.argv[0] + '/..'))
67	if not(os.path.isfile(srcdir+'/mkdeb.sh')):	71	if not (os.path.isfile(srcdir + '/mkdeb.sh')):
68	# Script is probably installed. Check the cwd.	72	# Script is probably installed. Check the cwd.
69	if os.path.isfile('./mkdeb.sh'):	73	if os.path.isfile('./mkdeb.sh'):
70	srcdir=None	74	srcdir = None
71	else:	75	else:
72	print('Error: Could not find the firejail source tree. Exiting.')	76	print(
73	sys.exit(1)	77	'Error: Could not find the firejail source tree. Exiting.'
74	sys.exit(run(srcdir, args))	78	)
		79	sys.exit(1)
		80	sys.exit(run(srcdir, args))


diff --git a/contrib/fjclip.py b/contrib/fjclip.py index b45959841..3d0c56dc6 100755 --- a/contrib/fjclip.py +++ b/contrib/fjclip.py
@@ -23,7 +23,7 @@ if sys.argv[1] == '-':
23	clipin_raw = sys.stdin.read()	23	clipin_raw = sys.stdin.read()
24	else:	24	else:
25	display = fjdisplay.getdisplay(sys.argv[1])	25	display = fjdisplay.getdisplay(sys.argv[1])
26	clipin_raw = subprocess.check_output(['xsel','-b','--display',display])	26	clipin_raw = subprocess.check_output(['xsel', '-b', '--display', display])
27		27
28	clipin = clipin_raw.strip()	28	clipin = clipin_raw.strip()
29		29
@@ -31,5 +31,6 @@ if sys.argv[2] == '-':
31	print(clipin)	31	print(clipin)
32	else:	32	else:
33	display = fjdisplay.getdisplay(sys.argv[2])	33	display = fjdisplay.getdisplay(sys.argv[2])
34	clipout = subprocess.Popen(['xsel','-b','-i','--display',display],stdin=subprocess.PIPE)	34	clipout = subprocess.Popen(['xsel', '-b', '-i', '--display', display],
		35	stdin=subprocess.PIPE)
35	clipout.communicate(clipin)	36	clipout.communicate(clipin)


diff --git a/contrib/fjdisplay.py b/contrib/fjdisplay.py index 3f409545f..7b2db549a 100755 --- a/contrib/fjdisplay.py +++ b/contrib/fjdisplay.py
@@ -8,23 +8,25 @@ usage = """fjdisplay.py name-of-firejail
8	returns the display in the form of ':NNN'	8	returns the display in the form of ':NNN'
9	"""	9	"""
10		10
		11
11	def getfirejails():	12	def getfirejails():
12	output = subprocess.check_output(['firemon','--x11'])	13	output = subprocess.check_output(['firemon', '--x11'])
13	firejails = {}	14	firejails = {}
14	name = ''	15	name = ''
15	for line in output.split('\n'):	16	for line in output.split('\n'):
16	namematch = re.search('--name=(\w+\S*)',line)	17	namematch = re.search('--name=(\w+\S*)', line)
17	if namematch:	18	if namematch:
18	name = namematch.group(1)	19	name = namematch.group(1)
19	displaymatch = re.search('DISPLAY (:\d+)',line)	20	displaymatch = re.search('DISPLAY (:\d+)', line)
20	if displaymatch:	21	if displaymatch:
21	firejails[name] = displaymatch.group(1)	22	firejails[name] = displaymatch.group(1)
22	return firejails	23	return firejails
23		24
		25
24	def getdisplay(name):	26	def getdisplay(name):
25	firejails = getfirejails()	27	firejails = getfirejails()
26	fjlist = '\n'.join(firejails.keys())	28	fjlist = '\n'.join(firejails.keys())
27	namere = re.compile('^'+name+'.*', re.MULTILINE)	29	namere = re.compile('^' + name + '.*', re.MULTILINE)
28	matchingjails = namere.findall(fjlist)	30	matchingjails = namere.findall(fjlist)
29	if len(matchingjails) == 1:	31	if len(matchingjails) == 1:
30	return firejails[matchingjails[0]]	32	return firejails[matchingjails[0]]
@@ -33,6 +35,7 @@ def getdisplay(name):
33	else:	35	else:
34	raise NameError("ambiguous firejail name")	36	raise NameError("ambiguous firejail name")
35		37
		38
36	if __name__ == '__main__':	39	if __name__ == '__main__':
37	if '-h' in sys.argv or '--help' in sys.argv or len(sys.argv) > 2:	40	if '-h' in sys.argv or '--help' in sys.argv or len(sys.argv) > 2:
38	print(usage)	41	print(usage)
@@ -40,4 +43,4 @@ if __name__ == '__main__':
40	if len(sys.argv) == 1:	43	if len(sys.argv) == 1:
41	print(getfirejails())	44	print(getfirejails())
42	if len(sys.argv) == 2:	45	if len(sys.argv) == 2:
43	print (getdisplay(sys.argv[1]))	46	print(getdisplay(sys.argv[1]))


diff --git a/contrib/fjresize.py b/contrib/fjresize.py index 4eb33f120..95b76259d 100755 --- a/contrib/fjresize.py +++ b/contrib/fjresize.py
@@ -6,20 +6,26 @@ import subprocess
6		6
7	usage = """usage: fjresize.py firejail-name displaysize	7	usage = """usage: fjresize.py firejail-name displaysize
8	resize firejail xephyr windows.	8	resize firejail xephyr windows.
9	fjdisplay.py with no other arguments will list running named firejails with displays.	9	fjdisplay.py with no other arguments will list running named firejails with
		10	displays.
10	fjresize.py with only a firejail name will list valid resolutions.	11	fjresize.py with only a firejail name will list valid resolutions.
11	names can be shortened as long its unambiguous.	12	names can be shortened as long as it's unambiguous.
12	note: you may need to move the xephyr window for the resize to take effect	13	note: you may need to move the xephyr window for the resize to take effect
13	example:	14	example:
14	fjresize.py browser 1280x800	15	fjresize.py browser 1280x800
15	"""	16	"""
16		17
17
18	if len(sys.argv) == 2:	18	if len(sys.argv) == 2:
19	out = subprocess.check_output(['xrandr','--display',fjdisplay.getdisplay(sys.argv[1])])	19	out = subprocess.check_output(
		20	['xrandr', '--display',
		21	fjdisplay.getdisplay(sys.argv[1])])
20	print(out)	22	print(out)
21	elif len(sys.argv) == 3:	23	elif len(sys.argv) == 3:
22	out = subprocess.check_output(['xrandr','--display',fjdisplay.getdisplay(sys.argv[1]),'--output','default','--mode',sys.argv[2]])	24	out = subprocess.check_output([
		25	'xrandr', '--display',
		26	fjdisplay.getdisplay(sys.argv[1]), '--output', 'default', '--mode',
		27	sys.argv[2]
		28	])
23	print(out)	29	print(out)
24	else:	30	else:
25	print(usage)	31	print(usage)