diff options
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/fix_private-bin.py | 157 | ||||
-rw-r--r-- | contrib/fix_private-bin_for_symlinked_sh.py | 68 | ||||
-rwxr-xr-x | contrib/fjclip.py | 35 | ||||
-rwxr-xr-x | contrib/fjdisplay.py | 43 | ||||
-rwxr-xr-x | contrib/fjresize.py | 25 | ||||
-rwxr-xr-x | contrib/update_deb.sh | 12 |
6 files changed, 272 insertions, 68 deletions
diff --git a/contrib/fix_private-bin.py b/contrib/fix_private-bin.py new file mode 100755 index 000000000..270c758a2 --- /dev/null +++ b/contrib/fix_private-bin.py | |||
@@ -0,0 +1,157 @@ | |||
1 | #!/usr/bin/python3 | ||
2 | |||
3 | __author__ = "KOLANICH" | ||
4 | __copyright__ = """This is free and unencumbered software released into the public domain. | ||
5 | |||
6 | Anyone is free to copy, modify, publish, use, compile, sell, or | ||
7 | distribute this software, either in source code form or as a compiled | ||
8 | binary, for any purpose, commercial or non-commercial, and by any | ||
9 | means. | ||
10 | |||
11 | In jurisdictions that recognize copyright laws, the author or authors | ||
12 | of this software dedicate any and all copyright interest in the | ||
13 | software to the public domain. We make this dedication for the benefit | ||
14 | of the public at large and to the detriment of our heirs and | ||
15 | successors. We intend this dedication to be an overt act of | ||
16 | relinquishment in perpetuity of all present and future rights to this | ||
17 | software under copyright law. | ||
18 | |||
19 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
20 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
21 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. | ||
22 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR | ||
23 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, | ||
24 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR | ||
25 | OTHER DEALINGS IN THE SOFTWARE. | ||
26 | |||
27 | For more information, please refer to <http://unlicense.org/>""" | ||
28 | __license__ = "Unlicense" | ||
29 | |||
30 | import sys, os, glob, re | ||
31 | |||
32 | privRx=re.compile("^(?:#\s*)?private-bin") | ||
33 | |||
34 | def fixSymlinkedBins(files, replMap): | ||
35 | """ | ||
36 | Used to add filenames to private-bin directives of files if the ones present are mentioned in replMap | ||
37 | replMap is a dict where key is the marker filename and value is the filename to add | ||
38 | """ | ||
39 | |||
40 | rxs=dict() | ||
41 | for (old,new) in replMap.items(): | ||
42 | rxs[old]=re.compile("\\b"+old+"\\b") | ||
43 | rxs[new]=re.compile("\\b"+new+"\\b") | ||
44 | #print(rxs) | ||
45 | |||
46 | for filename in files: | ||
47 | lines=None | ||
48 | with open(filename,"r") as file: | ||
49 | lines=file.readlines() | ||
50 | |||
51 | shouldUpdate=False | ||
52 | for (i,line) in enumerate(lines): | ||
53 | if privRx.search(line): | ||
54 | for (old,new) in replMap.items(): | ||
55 | if rxs[old].search(line) and not rxs[new].search(line): | ||
56 | lines[i]=rxs[old].sub(old+","+new, line) | ||
57 | shouldUpdate=True | ||
58 | print(lines[i]) | ||
59 | |||
60 | if shouldUpdate: | ||
61 | with open(filename,"w") as file: | ||
62 | file.writelines(lines) | ||
63 | pass | ||
64 | |||
65 | def createSetOfBinaries(files): | ||
66 | """ | ||
67 | Creates a set of binaries mentioned in private-bin directives of files. | ||
68 | """ | ||
69 | s=set() | ||
70 | for filename in files: | ||
71 | lines=None | ||
72 | with open(filename,"r") as file: | ||
73 | for line in file: | ||
74 | if privRx.search(line): | ||
75 | bins=line.split(",") | ||
76 | bins[0]=bins[0].split(" ")[-1] | ||
77 | bins = [n.strip() for n in bins] | ||
78 | s=s|set(bins) | ||
79 | return s | ||
80 | |||
81 | def createSymlinkTable(binDirs, binariesSet): | ||
82 | """ | ||
83 | creates a dict of symlinked binaries in the system where a key is a symlink name and value is a symlinked binary. | ||
84 | binDirs are folders to look into for binaries symlinks | ||
85 | binariesSet is a set of binaries to be checked if they are actually a symlinks | ||
86 | """ | ||
87 | m=dict() | ||
88 | toProcess=binariesSet | ||
89 | while len(toProcess)!=0: | ||
90 | additional=set() | ||
91 | for sh in toProcess: | ||
92 | for bD in binDirs: | ||
93 | p=bD+os.path.sep+sh | ||
94 | if os.path.exists(p): | ||
95 | if os.path.islink(p): | ||
96 | m[sh]=os.readlink(p) | ||
97 | additional.add(m[sh].split(" ")[0]) | ||
98 | else: | ||
99 | pass | ||
100 | break | ||
101 | toProcess=additional | ||
102 | return m | ||
103 | |||
104 | def doTheFixes(profilesPath, binDirs): | ||
105 | """ | ||
106 | Fixes private-bin in .profiles for firejail. The pipeline is as follows: | ||
107 | discover files -> discover mentioned binaries -> | ||
108 | discover the ones which are symlinks -> | ||
109 | make a look-up table for fix -> | ||
110 | filter the ones can be fixed (we cannot fix the ones which are not in directories for binaries) -> | ||
111 | apply fix | ||
112 | """ | ||
113 | files=glob.glob(profilesPath+os.path.sep+"*.profile") | ||
114 | bins=createSetOfBinaries(files) | ||
115 | #print("The binaries used are:") | ||
116 | #print(bins) | ||
117 | stbl=createSymlinkTable(binDirs,bins) | ||
118 | print("The replacement table is:") | ||
119 | print(stbl) | ||
120 | stbl={a[0]:a[1] for a in stbl.items() if a[0].find(os.path.sep) < 0 and a[1].find(os.path.sep)<0} | ||
121 | print("Filtered replacement table is:") | ||
122 | print(stbl) | ||
123 | fixSymlinkedBins(files,stbl) | ||
124 | |||
125 | def printHelp(): | ||
126 | print("python3 "+os.path.basename(__file__)+" <dir with .profile files>\nThe default dir is "+defaultProfilesPath+"\n"+doTheFixes.__doc__) | ||
127 | |||
128 | def main(): | ||
129 | """The main function. Parses the commandline args, shows messages and calles the function actually doing the work.""" | ||
130 | print(repr(sys.argv)) | ||
131 | defaultProfilesPath="../etc" | ||
132 | if len(sys.argv)>2 or (len(sys.argv)==2 and (sys.argv[1] == '-h' or sys.argv[1] == '--help') ): | ||
133 | printHelp() | ||
134 | exit(1) | ||
135 | |||
136 | profilesPath=None | ||
137 | if len(sys.argv)==2: | ||
138 | if os.path.isdir(sys.argv[1]): | ||
139 | profilesPath=os.path.abspath(sys.argv[1]) | ||
140 | else: | ||
141 | if os.path.exists(sys.argv[1]): | ||
142 | print(sys.argv[1]+" is not a dir") | ||
143 | else: | ||
144 | print(sys.argv[1]+" does not exist") | ||
145 | printHelp() | ||
146 | exit(1) | ||
147 | else: | ||
148 | print("Using default profiles dir: " + defaultProfilesPath) | ||
149 | profilesPath=defaultProfilesPath | ||
150 | |||
151 | binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"] | ||
152 | print("Binaries dirs are:") | ||
153 | print(binDirs) | ||
154 | doTheFixes(profilesPath, binDirs) | ||
155 | |||
156 | if __name__ == "__main__": | ||
157 | main() | ||
diff --git a/contrib/fix_private-bin_for_symlinked_sh.py b/contrib/fix_private-bin_for_symlinked_sh.py deleted file mode 100644 index 705e46e46..000000000 --- a/contrib/fix_private-bin_for_symlinked_sh.py +++ /dev/null | |||
@@ -1,68 +0,0 @@ | |||
1 | #!/usr/bin/python3 | ||
2 | |||
3 | import sys, os, glob, re | ||
4 | |||
5 | privRx=re.compile("^(?:#\s*)?private-bin") | ||
6 | |||
7 | def fixSymlinkedBins(files, replMap): | ||
8 | rxs=dict() | ||
9 | for (old,new) in replMap.items(): | ||
10 | rxs[old]=re.compile("\\b"+old+"\\b") | ||
11 | rxs[new]=re.compile("\\b"+new+"\\b") | ||
12 | print(rxs) | ||
13 | |||
14 | for filename in files: | ||
15 | lines=None | ||
16 | with open(filename,"r") as file: | ||
17 | lines=file.readlines() | ||
18 | |||
19 | shouldUpdate=False | ||
20 | for (i,line) in enumerate(lines): | ||
21 | if privRx.search(line): | ||
22 | for (old,new) in replMap.items(): | ||
23 | if rxs[old].search(line) and not rxs[new].search(line): | ||
24 | lines[i]=rxs[old].sub(old+","+new, line) | ||
25 | shouldUpdate=True | ||
26 | print(lines[i]) | ||
27 | |||
28 | if shouldUpdate: | ||
29 | with open(filename,"w") as file: | ||
30 | file.writelines(lines) | ||
31 | pass | ||
32 | |||
33 | def createListOfBinaries(files): | ||
34 | s=set() | ||
35 | for filename in files: | ||
36 | lines=None | ||
37 | with open(filename,"r") as file: | ||
38 | for line in file: | ||
39 | if privRx.search(line): | ||
40 | bins=line.split(",") | ||
41 | bins[0]=bins[0].split(" ")[-1] | ||
42 | bins = [n.strip() for n in bins] | ||
43 | s=s|set(bins) | ||
44 | return s | ||
45 | |||
46 | def createSymlinkTable(binDirs, binariesSet): | ||
47 | m=dict() | ||
48 | for sh in binariesSet: | ||
49 | for bD in binDirs: | ||
50 | p=bD+os.path.sep+sh | ||
51 | if os.path.exists(p): | ||
52 | if os.path.islink(p): | ||
53 | m[sh]=os.readlink(p) | ||
54 | else: | ||
55 | pass | ||
56 | break | ||
57 | return m | ||
58 | |||
59 | |||
60 | sh="sh" | ||
61 | binDirs=["/bin","/usr/bin","/usr/sbin","/usr/local/bin","/usr/local/sbin"] | ||
62 | profilesPath="." | ||
63 | files=glob.glob(profilesPath+os.path.sep+"*.profile") | ||
64 | |||
65 | bins=createListOfBinaries(files) | ||
66 | stbl=createSymlinkTable(binDirs,bins) | ||
67 | print(stbl) | ||
68 | fixSymlinkedBins(files,{a[0]:a[1] for a in stbl.items() if a[0].find("/") < 0 and a[1].find("/")<0}) | ||
diff --git a/contrib/fjclip.py b/contrib/fjclip.py new file mode 100755 index 000000000..cd12cd289 --- /dev/null +++ b/contrib/fjclip.py | |||
@@ -0,0 +1,35 @@ | |||
1 | #!/usr/bin/env python | ||
2 | |||
3 | import re | ||
4 | import sys | ||
5 | import subprocess | ||
6 | import fjdisplay | ||
7 | |||
8 | usage = """fjclip.py src dest. src or dest can be named firejails or - for stdin or stdout. | ||
9 | firemon --x11 to see available running x11 firejails. firejail names can be shortened | ||
10 | to least ambiguous. for example 'work-libreoffice' can be shortened to 'work' if no | ||
11 | other firejails name starts with 'work'. | ||
12 | warning: browsers are dangerous. clipboards from browsers are dangerous. see | ||
13 | https://github.com/dxa4481/Pastejacking | ||
14 | fjclip.py strips whitespace from both | ||
15 | ends, but does nothing else to protect you. use a simple gui text editor like | ||
16 | gedit if you want to see what your pasting.""" | ||
17 | |||
18 | if len(sys.argv) != 3 or sys.argv == '-h' or sys.argv == '--help': | ||
19 | print(usage) | ||
20 | exit(1) | ||
21 | |||
22 | if sys.argv[1] == '-': | ||
23 | clipin_raw = sys.stdin.read() | ||
24 | else: | ||
25 | display = fjdisplay.getdisplay(sys.argv[1]) | ||
26 | clipin_raw = subprocess.check_output(['xsel','-b','--display',display]) | ||
27 | |||
28 | clipin = clipin_raw.strip() | ||
29 | |||
30 | if sys.argv[2] == '-': | ||
31 | print(clipin) | ||
32 | else: | ||
33 | display = fjdisplay.getdisplay(sys.argv[2]) | ||
34 | clipout = subprocess.Popen(['xsel','-b','-i','--display',display],stdin=subprocess.PIPE) | ||
35 | clipout.communicate(clipin) \ No newline at end of file | ||
diff --git a/contrib/fjdisplay.py b/contrib/fjdisplay.py new file mode 100755 index 000000000..0e0ef01ec --- /dev/null +++ b/contrib/fjdisplay.py | |||
@@ -0,0 +1,43 @@ | |||
1 | #!/usr/bin/env python | ||
2 | |||
3 | import re | ||
4 | import sys | ||
5 | import subprocess | ||
6 | |||
7 | usage = """fjdisplay.py name-of-firejail | ||
8 | returns the display in the form of ':NNN' | ||
9 | """ | ||
10 | |||
11 | def getfirejails(): | ||
12 | output = subprocess.check_output(['firemon','--x11']) | ||
13 | firejails = {} | ||
14 | name = '' | ||
15 | for line in output.split('\n'): | ||
16 | namematch = re.search('--name=(\w+\S*)',line) | ||
17 | if namematch: | ||
18 | name = namematch.group(1) | ||
19 | displaymatch = re.search('DISPLAY (:\d+)',line) | ||
20 | if displaymatch: | ||
21 | firejails[name] = displaymatch.group(1) | ||
22 | return firejails | ||
23 | |||
24 | def getdisplay(name): | ||
25 | firejails = getfirejails() | ||
26 | fjlist = '\n'.join(firejails.keys()) | ||
27 | namere = re.compile('^'+name+'.*', re.MULTILINE) | ||
28 | matchingjails = namere.findall(fjlist) | ||
29 | if len(matchingjails) == 1: | ||
30 | return firejails[matchingjails[0]] | ||
31 | if len(matchingjails) == 0: | ||
32 | raise NameError("firejail {} does not exist".format(name)) | ||
33 | else: | ||
34 | raise NameError("ambiguous firejail name") | ||
35 | |||
36 | if __name__ == '__main__': | ||
37 | if '-h' in sys.argv or '--help' in sys.argv or len(sys.argv) > 2: | ||
38 | print(usage) | ||
39 | exit() | ||
40 | if len(sys.argv) == 1: | ||
41 | print(getfirejails()) | ||
42 | if len(sys.argv) == 2: | ||
43 | print (getdisplay(sys.argv[1])) \ No newline at end of file | ||
diff --git a/contrib/fjresize.py b/contrib/fjresize.py new file mode 100755 index 000000000..52b289159 --- /dev/null +++ b/contrib/fjresize.py | |||
@@ -0,0 +1,25 @@ | |||
1 | #!/usr/bin/env python | ||
2 | |||
3 | import sys | ||
4 | import fjdisplay | ||
5 | import subprocess | ||
6 | |||
7 | usage = """usage: fjresize.py firejail-name displaysize | ||
8 | resize firejail xephyr windows. | ||
9 | fjdisplay.py with no other arguments will list running named firejails with displays. | ||
10 | fjresize.py with only a firejail name will list valid resolutions. | ||
11 | names can be shortend as long its unambiguous. | ||
12 | note: you may need to move the xephyr window for the resize to take effect | ||
13 | example: | ||
14 | fjresize.py browser 1280x800 | ||
15 | """ | ||
16 | |||
17 | |||
18 | if len(sys.argv) == 2: | ||
19 | out = subprocess.check_output(['xrandr','--display',fjdisplay.getdisplay(sys.argv[1])]) | ||
20 | print(out) | ||
21 | elif len(sys.argv) == 3: | ||
22 | out = subprocess.check_output(['xrandr','--display',fjdisplay.getdisplay(sys.argv[1]),'--output','default','--mode',sys.argv[2]]) | ||
23 | print(out) | ||
24 | else: | ||
25 | print(usage) \ No newline at end of file | ||
diff --git a/contrib/update_deb.sh b/contrib/update_deb.sh new file mode 100755 index 000000000..c2adffaf8 --- /dev/null +++ b/contrib/update_deb.sh | |||
@@ -0,0 +1,12 @@ | |||
1 | #!/bin/sh | ||
2 | # Purpose: Fetch, compile, and install firejail from GitHub source. For | ||
3 | # Debian-based distros only (Ubuntu, Mint, etc). | ||
4 | set -e | ||
5 | git clone --depth=1 https://www.github.com/netblue30/firejail.git | ||
6 | cd firejail | ||
7 | ./configure --prefix=/usr | ||
8 | make deb | ||
9 | sudo dpkg -i firejail*.deb | ||
10 | echo "Firejail was updated!" | ||
11 | cd .. | ||
12 | rm -rf firejail | ||