1 files changed, 97 insertions, 13 deletions
diff --git a/Makefile b/Makefile
index 119bf6b4b..443c3183f 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,10 @@ MAN_TARGET = man
 MAN_SRC = src/man
 endif
+ifneq ($(HAVE_CONTRIB_INSTALL),no)
+CONTRIB_TARGET = contrib
+endif
 COMPLETIONDIRS = src/zsh_completion src/bash_completion
 APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck
@@ -17,16 +21,32 @@ SBOX_APPS_NON_DUMPABLE += src/fnettrace-icmp/fnettrace-icmp
 MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS)
 MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so
 COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion
-MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1
 SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32
+MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1
+SYSCALL_HEADERS := $(sort $(wildcard src/include/syscall*.h))
+# Lists of keywords used in profiles; used for generating syntax files.
+SYNTAX_LISTS = \
+        contrib/syntax/lists/profile_commands_arg0.list \
+        contrib/syntax/lists/profile_commands_arg1.list \
+        contrib/syntax/lists/profile_conditionals.list \
+        contrib/syntax/lists/profile_macros.list \
+        contrib/syntax/lists/syscall_groups.list \
+        contrib/syntax/lists/syscalls.list \
+        contrib/syntax/lists/system_errnos.list
+SYNTAX_FILES_IN := $(sort $(wildcard contrib/syntax/files/*.in))
+SYNTAX_FILES := $(SYNTAX_FILES_IN:.in=)
 ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS)
 .PHONY: all
-all: all_items mydirs $(MAN_TARGET) filters
+all: all_items mydirs filters $(MAN_TARGET) $(CONTRIB_TARGET)
 config.mk config.sh:
-        printf 'run ./configure to generate %s\n' "$@" >&2
+        @printf 'error: run ./configure to generate %s\n' "$@" >&2
-        false
+        @false
 .PHONY: all_items $(ALL_ITEMS)
 all_items: $(ALL_ITEMS)
@@ -38,11 +58,6 @@ mydirs: $(MYDIRS)
 $(MYDIRS):
        $(MAKE) -C $@
-$(MANPAGES): src/man config.mk
-        ./mkman.sh $(VERSION) src/man/$(basename $@).man $@
-man: $(MANPAGES)
 filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE)
 seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
        src/fseccomp/fseccomp default seccomp
@@ -65,14 +80,83 @@ seccomp.mdwx: src/fseccomp/fseccomp
 seccomp.mdwx.32: src/fseccomp/fseccomp
        src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32
+$(MANPAGES): src/man config.mk
+        ./mkman.sh $(VERSION) src/man/$(basename $@).man $@
+man: $(MANPAGES)
+# Makes all targets in contrib/
+.PHONY: contrib
+contrib: syntax
+.PHONY: syntax
+syntax: $(SYNTAX_FILES)
+# TODO: include/rlimit are false positives
+contrib/syntax/lists/profile_commands_arg0.list: src/firejail/profile.c
+        @sed -En 's/.*strn?cmp\(ptr, "([^ "]*[^ ])".*/\1/p' $< | \
+        grep -Ev '^(include|rlimit)$$' | sed 's/\./\\./' | LC_ALL=C sort -u >$@
+# TODO: private-lib is special-cased in the code and doesn't match the regex
+contrib/syntax/lists/profile_commands_arg1.list: src/firejail/profile.c
+        @{ sed -En 's/.*strn?cmp\(ptr, "([^"]+) ".*/\1/p' $<; echo private-lib; } | \
+        LC_ALL=C sort -u >$@
+contrib/syntax/lists/profile_conditionals.list: src/firejail/profile.c
+        @awk -- 'BEGIN {process=0;} /^Cond conditionals\[\] = \{$$/ {process=1;} \
+                /\t*\{"[^"]+".*/ \
+                { if (process) {print gensub(/^\t*\{"([^"]+)".*$$/, "\\1", 1);} } \
+                /^\t\{ NULL, NULL \}$$/ {process=0;}' \
+                $< | LC_ALL=C sort -u >$@
+contrib/syntax/lists/profile_macros.list: src/firejail/macros.c
+        @sed -En 's/.*\$$\{([^}]+)\}.*/\1/p' $< | LC_ALL=C sort -u >$@
+contrib/syntax/lists/syscall_groups.list: src/lib/syscall.c
+        @sed -En 's/.*"@([^",]+).*/\1/p' $< | LC_ALL=C sort -u >$@
+contrib/syntax/lists/syscalls.list: $(SYSCALL_HEADERS)
+        @sed -n 's/{\s\+"\([^"]\+\)",.*},/\1/p' $(SYSCALL_HEADERS) | \
+        LC_ALL=C sort -u >$@
+contrib/syntax/lists/system_errnos.list: src/lib/errno.c
+        @sed -En 's/.*"(E[^"]+).*/\1/p' $< | LC_ALL=C sort -u >$@
+pipe_fromlf = { tr '\n' '|' | sed 's/|$$//'; }
+space_fromlf = { tr '\n' ' ' | sed 's/ $$//'; }
+edit_syntax_file = sed \
+        -e "s/@make_input@/$$(basename $@).  Generated from $$(basename $<) by make./" \
+        -e "s/@FJ_PROFILE_COMMANDS_ARG0@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_commands_arg0.list)/" \
+        -e "s/@FJ_PROFILE_COMMANDS_ARG1@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_commands_arg1.list)/" \
+        -e "s/@FJ_PROFILE_CONDITIONALS@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_conditionals.list)/" \
+        -e "s/@FJ_PROFILE_MACROS@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_macros.list)/" \
+        -e "s/@FJ_SYSCALLS@/$$($(space_fromlf) <contrib/syntax/lists/syscalls.list)/" \
+        -e "s/@FJ_SYSCALL_GROUPS@/$$($(pipe_fromlf) <contrib/syntax/lists/syscall_groups.list)/" \
+        -e "s/@FJ_SYSTEM_ERRNOS@/$$($(pipe_fromlf) <contrib/syntax/lists/system_errnos.list)/"
+contrib/syntax/files/example: contrib/syntax/files/example.in $(SYNTAX_LISTS)
+        @printf 'Generating %s from %s\n' $@ $<
+        @$(edit_syntax_file) $< >$@
+# gtksourceview language-specs
+contrib/syntax/files/%.lang: contrib/syntax/files/%.lang.in $(SYNTAX_LISTS)
+        @printf 'Generating %s from %s\n' $@ $<
+        @$(edit_syntax_file) $< >$@
+# vim syntax files
+contrib/syntax/files/%.vim: contrib/syntax/files/%.vim.in $(SYNTAX_LISTS)
+        @printf 'Generating %s from %s\n' $@ $<
+        @$(edit_syntax_file) $< >$@
 .PHONY: clean
 clean:
        for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \
                $(MAKE) -C $$dir clean; \
        done
        $(MAKE) -C test clean
-        rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm
        rm -f $(SECCOMP_FILTERS)
+        rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm
+        rm -f $(SYNTAX_FILES)
        rm -f test/utils/index.html*
        rm -f test/utils/wget-log
        rm -f test/utils/firejail-test-file*
@@ -124,10 +208,10 @@ ifeq ($(HAVE_CONTRIB_INSTALL),yes)
        install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect
        install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax
        install -m 0644 contrib/vim/ftdetect/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect
-        install -m 0644 contrib/vim/syntax/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax
+        install -m 0644 contrib/syntax/files/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax
-        # gtksourceview-5 language-specs
+        # gtksourceview language-specs
        install -m 0755 -d $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs
-        install -m 0644 contrib/gtksourceview-5/language-specs/firejail-profile.lang $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs
+        install -m 0644 contrib/syntax/files/firejail-profile.lang $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs
 endif
        # documents
        install -m 0755 -d $(DESTDIR)$(docdir)

diff --git a/Makefile b/Makefile index 119bf6b4b..443c3183f 100644 --- a/Makefile +++ b/Makefile
@@ -6,6 +6,10 @@ MAN_TARGET = man
6	MAN_SRC = src/man	6	MAN_SRC = src/man
7	endif	7	endif
8		8
		9	ifneq ($(HAVE_CONTRIB_INSTALL),no)
		10	CONTRIB_TARGET = contrib
		11	endif
		12
9	COMPLETIONDIRS = src/zsh_completion src/bash_completion	13	COMPLETIONDIRS = src/zsh_completion src/bash_completion
10		14
11	APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck	15	APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck
@@ -17,16 +21,32 @@ SBOX_APPS_NON_DUMPABLE += src/fnettrace-icmp/fnettrace-icmp
17	MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS)	21	MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS)
18	MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so	22	MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so
19	COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion	23	COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion
20	MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1
21	SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32	24	SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32
		25	MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1
		26
		27	SYSCALL_HEADERS := $(sort $(wildcard src/include/syscall*.h))
		28
		29	# Lists of keywords used in profiles; used for generating syntax files.
		30	SYNTAX_LISTS = \
		31	contrib/syntax/lists/profile_commands_arg0.list \
		32	contrib/syntax/lists/profile_commands_arg1.list \
		33	contrib/syntax/lists/profile_conditionals.list \
		34	contrib/syntax/lists/profile_macros.list \
		35	contrib/syntax/lists/syscall_groups.list \
		36	contrib/syntax/lists/syscalls.list \
		37	contrib/syntax/lists/system_errnos.list
		38
		39	SYNTAX_FILES_IN := $(sort $(wildcard contrib/syntax/files/*.in))
		40	SYNTAX_FILES := $(SYNTAX_FILES_IN:.in=)
		41
22	ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS)	42	ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS)
23		43
24	.PHONY: all	44	.PHONY: all
25	all: all_items mydirs $(MAN_TARGET) filters	45	all: all_items mydirs filters $(MAN_TARGET) $(CONTRIB_TARGET)
26		46
27	config.mk config.sh:	47	config.mk config.sh:
28	printf 'run ./configure to generate %s\n' "$@" >&2	48	@printf 'error: run ./configure to generate %s\n' "$@" >&2
29	false	49	@false
30		50
31	.PHONY: all_items $(ALL_ITEMS)	51	.PHONY: all_items $(ALL_ITEMS)
32	all_items: $(ALL_ITEMS)	52	all_items: $(ALL_ITEMS)
@@ -38,11 +58,6 @@ mydirs: $(MYDIRS)
38	$(MYDIRS):	58	$(MYDIRS):
39	$(MAKE) -C $@	59	$(MAKE) -C $@
40		60
41	$(MANPAGES): src/man config.mk
42	./mkman.sh $(VERSION) src/man/$(basename $@).man $@
43
44	man: $(MANPAGES)
45
46	filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE)	61	filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE)
47	seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize	62	seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
48	src/fseccomp/fseccomp default seccomp	63	src/fseccomp/fseccomp default seccomp
@@ -65,14 +80,83 @@ seccomp.mdwx: src/fseccomp/fseccomp
65	seccomp.mdwx.32: src/fseccomp/fseccomp	80	seccomp.mdwx.32: src/fseccomp/fseccomp
66	src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32	81	src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32
67		82
		83	$(MANPAGES): src/man config.mk
		84	./mkman.sh $(VERSION) src/man/$(basename $@).man $@
		85
		86	man: $(MANPAGES)
		87
		88	# Makes all targets in contrib/
		89	.PHONY: contrib
		90	contrib: syntax
		91
		92	.PHONY: syntax
		93	syntax: $(SYNTAX_FILES)
		94
		95	# TODO: include/rlimit are false positives
		96	contrib/syntax/lists/profile_commands_arg0.list: src/firejail/profile.c
		97	@sed -En 's/.strn?cmp\(ptr, "([^ "][^ ])".*/\1/p' $< \| \
		98	grep -Ev '^(include\|rlimit)$$' \| sed 's/\./\\./' \| LC_ALL=C sort -u >$@
		99
		100	# TODO: private-lib is special-cased in the code and doesn't match the regex
		101	contrib/syntax/lists/profile_commands_arg1.list: src/firejail/profile.c
		102	@{ sed -En 's/.strn?cmp\(ptr, "([^"]+) "./\1/p' $<; echo private-lib; } \| \
		103	LC_ALL=C sort -u >$@
		104
		105	contrib/syntax/lists/profile_conditionals.list: src/firejail/profile.c
		106	@awk -- 'BEGIN {process=0;} /^Cond conditionals\[\] = \{$$/ {process=1;} \
		107	/\t\{"[^"]+"./ \
		108	{ if (process) {print gensub(/^\t\{"([^"]+)".$$/, "\\1", 1);} } \
		109	/^\t\{ NULL, NULL \}$$/ {process=0;}' \
		110	$< \| LC_ALL=C sort -u >$@
		111
		112	contrib/syntax/lists/profile_macros.list: src/firejail/macros.c
		113	@sed -En 's/.\$$\{([^}]+)\}./\1/p' $< \| LC_ALL=C sort -u >$@
		114
		115	contrib/syntax/lists/syscall_groups.list: src/lib/syscall.c
		116	@sed -En 's/."@([^",]+)./\1/p' $< \| LC_ALL=C sort -u >$@
		117
		118	contrib/syntax/lists/syscalls.list: $(SYSCALL_HEADERS)
		119	@sed -n 's/{\s\+"\([^"]\+\)",.*},/\1/p' $(SYSCALL_HEADERS) \| \
		120	LC_ALL=C sort -u >$@
		121
		122	contrib/syntax/lists/system_errnos.list: src/lib/errno.c
		123	@sed -En 's/."(E[^"]+)./\1/p' $< \| LC_ALL=C sort -u >$@
		124
		125	pipe_fromlf = { tr '\n' '\|' \| sed 's/\|$$//'; }
		126	space_fromlf = { tr '\n' ' ' \| sed 's/ $$//'; }
		127	edit_syntax_file = sed \
		128	-e "s/@make_input@/$$(basename $@). Generated from $$(basename $<) by make./" \
		129	-e "s/@FJ_PROFILE_COMMANDS_ARG0@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_commands_arg0.list)/" \
		130	-e "s/@FJ_PROFILE_COMMANDS_ARG1@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_commands_arg1.list)/" \
		131	-e "s/@FJ_PROFILE_CONDITIONALS@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_conditionals.list)/" \
		132	-e "s/@FJ_PROFILE_MACROS@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_macros.list)/" \
		133	-e "s/@FJ_SYSCALLS@/$$($(space_fromlf) <contrib/syntax/lists/syscalls.list)/" \
		134	-e "s/@FJ_SYSCALL_GROUPS@/$$($(pipe_fromlf) <contrib/syntax/lists/syscall_groups.list)/" \
		135	-e "s/@FJ_SYSTEM_ERRNOS@/$$($(pipe_fromlf) <contrib/syntax/lists/system_errnos.list)/"
		136
		137	contrib/syntax/files/example: contrib/syntax/files/example.in $(SYNTAX_LISTS)
		138	@printf 'Generating %s from %s\n' $@ $<
		139	@$(edit_syntax_file) $< >$@
		140
		141	# gtksourceview language-specs
		142	contrib/syntax/files/%.lang: contrib/syntax/files/%.lang.in $(SYNTAX_LISTS)
		143	@printf 'Generating %s from %s\n' $@ $<
		144	@$(edit_syntax_file) $< >$@
		145
		146	# vim syntax files
		147	contrib/syntax/files/%.vim: contrib/syntax/files/%.vim.in $(SYNTAX_LISTS)
		148	@printf 'Generating %s from %s\n' $@ $<
		149	@$(edit_syntax_file) $< >$@
		150
68	.PHONY: clean	151	.PHONY: clean
69	clean:	152	clean:
70	for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \	153	for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \
71	$(MAKE) -C $$dir clean; \	154	$(MAKE) -C $$dir clean; \
72	done	155	done
73	$(MAKE) -C test clean	156	$(MAKE) -C test clean
74	rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm
75	rm -f $(SECCOMP_FILTERS)	157	rm -f $(SECCOMP_FILTERS)
		158	rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm
		159	rm -f $(SYNTAX_FILES)
76	rm -f test/utils/index.html*	160	rm -f test/utils/index.html*
77	rm -f test/utils/wget-log	161	rm -f test/utils/wget-log
78	rm -f test/utils/firejail-test-file*	162	rm -f test/utils/firejail-test-file*
@@ -124,10 +208,10 @@ ifeq ($(HAVE_CONTRIB_INSTALL),yes)
124	install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect	208	install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect
125	install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax	209	install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax
126	install -m 0644 contrib/vim/ftdetect/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect	210	install -m 0644 contrib/vim/ftdetect/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect
127	install -m 0644 contrib/vim/syntax/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax	211	install -m 0644 contrib/syntax/files/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax
128	# gtksourceview-5 language-specs	212	# gtksourceview language-specs
129	install -m 0755 -d $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs	213	install -m 0755 -d $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs
130	install -m 0644 contrib/gtksourceview-5/language-specs/firejail-profile.lang $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs	214	install -m 0644 contrib/syntax/files/firejail-profile.lang $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs
131	endif	215	endif
132	# documents	216	# documents
133	install -m 0755 -d $(DESTDIR)$(docdir)	217	install -m 0755 -d $(DESTDIR)$(docdir)