aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile65
-rw-r--r--contrib/syntax/lists/profile_commands_arg0.list2
2 files changed, 37 insertions, 30 deletions
diff --git a/Makefile b/Makefile
index c04d721cf..043c491c6 100644
--- a/Makefile
+++ b/Makefile
@@ -64,31 +64,31 @@ $(MYDIRS):
64 64
65.PHONY: filters 65.PHONY: filters
66filters: $(SECCOMP_FILTERS) 66filters: $(SECCOMP_FILTERS)
67seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize 67seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize Makefile
68 src/fseccomp/fseccomp default seccomp 68 src/fseccomp/fseccomp default seccomp
69 src/fsec-optimize/fsec-optimize seccomp 69 src/fsec-optimize/fsec-optimize seccomp
70 70
71seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize 71seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize Makefile
72 src/fseccomp/fseccomp default seccomp.debug allow-debuggers 72 src/fseccomp/fseccomp default seccomp.debug allow-debuggers
73 src/fsec-optimize/fsec-optimize seccomp.debug 73 src/fsec-optimize/fsec-optimize seccomp.debug
74 74
75seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize 75seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize Makefile
76 src/fseccomp/fseccomp secondary 32 seccomp.32 76 src/fseccomp/fseccomp secondary 32 seccomp.32
77 src/fsec-optimize/fsec-optimize seccomp.32 77 src/fsec-optimize/fsec-optimize seccomp.32
78 78
79seccomp.block_secondary: src/fseccomp/fseccomp 79seccomp.block_secondary: src/fseccomp/fseccomp Makefile
80 src/fseccomp/fseccomp secondary block seccomp.block_secondary 80 src/fseccomp/fseccomp secondary block seccomp.block_secondary
81 81
82seccomp.mdwx: src/fseccomp/fseccomp 82seccomp.mdwx: src/fseccomp/fseccomp Makefile
83 src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx 83 src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx
84 84
85seccomp.mdwx.32: src/fseccomp/fseccomp 85seccomp.mdwx.32: src/fseccomp/fseccomp Makefile
86 src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 86 src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32
87 87
88seccomp.namespaces: src/fseccomp/fseccomp 88seccomp.namespaces: src/fseccomp/fseccomp Makefile
89 src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts 89 src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces cgroup,ipc,net,mnt,pid,time,user,uts
90 90
91seccomp.namespaces.32: src/fseccomp/fseccomp 91seccomp.namespaces.32: src/fseccomp/fseccomp Makefile
92 src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts 92 src/fseccomp/fseccomp restrict-namespaces seccomp.namespaces.32 cgroup,ipc,net,mnt,pid,time,user,uts
93 93
94.PHONY: man 94.PHONY: man
@@ -103,58 +103,65 @@ contrib: syntax
103syntax: $(SYNTAX_FILES) 103syntax: $(SYNTAX_FILES)
104 104
105# TODO: include/rlimit are false positives 105# TODO: include/rlimit are false positives
106contrib/syntax/lists/profile_commands_arg0.list: src/firejail/profile.c 106contrib/syntax/lists/profile_commands_arg0.list: src/firejail/profile.c Makefile
107 @printf 'Generating %s from %s\n' $@ $<
107 @sed -En 's/.*strn?cmp\(ptr, "([^ "]*[^ ])".*/\1/p' $< | \ 108 @sed -En 's/.*strn?cmp\(ptr, "([^ "]*[^ ])".*/\1/p' $< | \
108 grep -Ev '^(include|rlimit)$$' | sed 's/\./\\./' | LC_ALL=C sort -u >$@ 109 grep -Ev '^(include|rlimit)$$' | LC_ALL=C sort -u >$@
109 110
110# TODO: private-lib is special-cased in the code and doesn't match the regex 111# TODO: private-lib is special-cased in the code and doesn't match the regex
111contrib/syntax/lists/profile_commands_arg1.list: src/firejail/profile.c 112contrib/syntax/lists/profile_commands_arg1.list: src/firejail/profile.c Makefile
112 @{ sed -En 's/.*strn?cmp\(ptr, "([^"]+) ".*/\1/p' $<; echo private-lib; } | \ 113 @printf 'Generating %s from %s\n' $@ $<
113 LC_ALL=C sort -u >$@ 114 @{ sed -En 's/.*strn?cmp\(ptr, "([^"]+) ".*/\1/p' $<; \
115 echo private-lib; } | LC_ALL=C sort -u >$@
114 116
115contrib/syntax/lists/profile_conditionals.list: src/firejail/profile.c 117contrib/syntax/lists/profile_conditionals.list: src/firejail/profile.c Makefile
118 @printf 'Generating %s from %s\n' $@ $<
116 @awk -- 'BEGIN {process=0;} /^Cond conditionals\[\] = \{$$/ {process=1;} \ 119 @awk -- 'BEGIN {process=0;} /^Cond conditionals\[\] = \{$$/ {process=1;} \
117 /\t*\{"[^"]+".*/ \ 120 /\t*\{"[^"]+".*/ \
118 { if (process) {print gensub(/^\t*\{"([^"]+)".*$$/, "\\1", 1);} } \ 121 { if (process) {print gensub(/^\t*\{"([^"]+)".*$$/, "\\1", 1);} } \
119 /^\t\{ NULL, NULL \}$$/ {process=0;}' \ 122 /^\t\{ NULL, NULL \}$$/ {process=0;}' \
120 $< | LC_ALL=C sort -u >$@ 123 $< | LC_ALL=C sort -u >$@
121 124
122contrib/syntax/lists/profile_macros.list: src/firejail/macros.c 125contrib/syntax/lists/profile_macros.list: src/firejail/macros.c Makefile
126 @printf 'Generating %s from %s\n' $@ $<
123 @sed -En 's/.*\$$\{([^}]+)\}.*/\1/p' $< | LC_ALL=C sort -u >$@ 127 @sed -En 's/.*\$$\{([^}]+)\}.*/\1/p' $< | LC_ALL=C sort -u >$@
124 128
125contrib/syntax/lists/syscall_groups.list: src/lib/syscall.c 129contrib/syntax/lists/syscall_groups.list: src/lib/syscall.c Makefile
130 @printf 'Generating %s from %s\n' $@ $<
126 @sed -En 's/.*"@([^",]+).*/\1/p' $< | LC_ALL=C sort -u >$@ 131 @sed -En 's/.*"@([^",]+).*/\1/p' $< | LC_ALL=C sort -u >$@
127 132
128contrib/syntax/lists/syscalls.list: $(SYSCALL_HEADERS) 133contrib/syntax/lists/syscalls.list: $(SYSCALL_HEADERS) Makefile
134 @printf 'Generating %s\n' $@
129 @sed -n 's/{\s\+"\([^"]\+\)",.*},/\1/p' $(SYSCALL_HEADERS) | \ 135 @sed -n 's/{\s\+"\([^"]\+\)",.*},/\1/p' $(SYSCALL_HEADERS) | \
130 LC_ALL=C sort -u >$@ 136 LC_ALL=C sort -u >$@
131 137
132contrib/syntax/lists/system_errnos.list: src/lib/errno.c 138contrib/syntax/lists/system_errnos.list: src/lib/errno.c Makefile
139 @printf 'Generating %s from %s\n' $@ $<
133 @sed -En 's/.*"(E[^"]+).*/\1/p' $< | LC_ALL=C sort -u >$@ 140 @sed -En 's/.*"(E[^"]+).*/\1/p' $< | LC_ALL=C sort -u >$@
134 141
135pipe_fromlf = { tr '\n' '|' | sed 's/|$$//'; } 142regex_fromlf = { tr '\n' '|' | sed -e 's/|$$//' -e 's/\./\\\\./g'; }
136space_fromlf = { tr '\n' ' ' | sed 's/ $$//'; } 143space_fromlf = { tr '\n' ' ' | sed -e 's/ $$//'; }
137edit_syntax_file = sed \ 144edit_syntax_file = sed \
138 -e "s/@make_input@/$$(basename $@). Generated from $$(basename $<) by make./" \ 145 -e "s/@make_input@/$$(basename $@). Generated from $$(basename $<) by make./" \
139 -e "s/@FJ_PROFILE_COMMANDS_ARG0@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_commands_arg0.list)/" \ 146 -e "s/@FJ_PROFILE_COMMANDS_ARG0@/$$($(regex_fromlf) <contrib/syntax/lists/profile_commands_arg0.list)/" \
140 -e "s/@FJ_PROFILE_COMMANDS_ARG1@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_commands_arg1.list)/" \ 147 -e "s/@FJ_PROFILE_COMMANDS_ARG1@/$$($(regex_fromlf) <contrib/syntax/lists/profile_commands_arg1.list)/" \
141 -e "s/@FJ_PROFILE_CONDITIONALS@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_conditionals.list)/" \ 148 -e "s/@FJ_PROFILE_CONDITIONALS@/$$($(regex_fromlf) <contrib/syntax/lists/profile_conditionals.list)/" \
142 -e "s/@FJ_PROFILE_MACROS@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_macros.list)/" \ 149 -e "s/@FJ_PROFILE_MACROS@/$$($(regex_fromlf) <contrib/syntax/lists/profile_macros.list)/" \
143 -e "s/@FJ_SYSCALLS@/$$($(space_fromlf) <contrib/syntax/lists/syscalls.list)/" \ 150 -e "s/@FJ_SYSCALLS@/$$($(space_fromlf) <contrib/syntax/lists/syscalls.list)/" \
144 -e "s/@FJ_SYSCALL_GROUPS@/$$($(pipe_fromlf) <contrib/syntax/lists/syscall_groups.list)/" \ 151 -e "s/@FJ_SYSCALL_GROUPS@/$$($(regex_fromlf) <contrib/syntax/lists/syscall_groups.list)/" \
145 -e "s/@FJ_SYSTEM_ERRNOS@/$$($(pipe_fromlf) <contrib/syntax/lists/system_errnos.list)/" 152 -e "s/@FJ_SYSTEM_ERRNOS@/$$($(regex_fromlf) <contrib/syntax/lists/system_errnos.list)/"
146 153
147contrib/syntax/files/example: contrib/syntax/files/example.in $(SYNTAX_LISTS) 154contrib/syntax/files/example: contrib/syntax/files/example.in $(SYNTAX_LISTS) Makefile
148 @printf 'Generating %s from %s\n' $@ $< 155 @printf 'Generating %s from %s\n' $@ $<
149 @$(edit_syntax_file) $< >$@ 156 @$(edit_syntax_file) $< >$@
150 157
151# gtksourceview language-specs 158# gtksourceview language-specs
152contrib/syntax/files/%.lang: contrib/syntax/files/%.lang.in $(SYNTAX_LISTS) 159contrib/syntax/files/%.lang: contrib/syntax/files/%.lang.in $(SYNTAX_LISTS) Makefile
153 @printf 'Generating %s from %s\n' $@ $< 160 @printf 'Generating %s from %s\n' $@ $<
154 @$(edit_syntax_file) $< >$@ 161 @$(edit_syntax_file) $< >$@
155 162
156# vim syntax files 163# vim syntax files
157contrib/syntax/files/%.vim: contrib/syntax/files/%.vim.in $(SYNTAX_LISTS) 164contrib/syntax/files/%.vim: contrib/syntax/files/%.vim.in $(SYNTAX_LISTS) Makefile
158 @printf 'Generating %s from %s\n' $@ $< 165 @printf 'Generating %s from %s\n' $@ $<
159 @$(edit_syntax_file) $< >$@ 166 @$(edit_syntax_file) $< >$@
160 167
diff --git a/contrib/syntax/lists/profile_commands_arg0.list b/contrib/syntax/lists/profile_commands_arg0.list
index fd1bdb401..e7fecef4b 100644
--- a/contrib/syntax/lists/profile_commands_arg0.list
+++ b/contrib/syntax/lists/profile_commands_arg0.list
@@ -41,7 +41,7 @@ private-tmp
41quiet 41quiet
42restrict-namespaces 42restrict-namespaces
43seccomp 43seccomp
44seccomp\.block-secondary 44seccomp.block-secondary
45tab 45tab
46tracelog 46tracelog
47writable-etc 47writable-etc
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-05-25 15:04:03 +0000