1 files changed, 44 insertions, 101 deletions
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
index b35380b96..8700e0ba1 100644
--- a/src/fbuilder/build_fs.c
+++ b/src/fbuilder/build_fs.c
@@ -146,106 +146,57 @@ void build_etc(const char *fname, FILE *fp) {
 //*******************************************
 // var directory
 //*******************************************
+#if 0
+// todo: load the list from whitelist-var-common.inc
+static char *var_skip[] = {
+        "/var/lib/ca-certificates",
+        "/var/lib/dbus",
+        "/var/lib/menu-xdg",
+        "/var/lib/uim",
+        "/var/cache/fontconfig",
+        "/var/tmp",
+        "/var/run",
+        "/var/lock",
+        NULL
+};
+#endif
 static FileDB *var_out = NULL;
+static FileDB *var_skip = NULL;
 static void var_callback(char *ptr) {
-        if (strcmp(ptr, "/var/lib") == 0)
+        // extract the directory:
-                ;
+        assert(strncmp(ptr, "/var", 4) == 0);
-        else if (strcmp(ptr, "/var/cache") == 0)
+        char *p1 = ptr + 4;
-                ;
+        if (*p1 != '/')
-        else if (strncmp(ptr, "/var/lib/menu-xdg", 17) == 0)
+                return;
-                var_out = filedb_add(var_out, "/var/lib/menu-xdg");
+        p1++;
-        else if (strncmp(ptr, "/var/cache/fontconfig", 21) == 0)
-                var_out = filedb_add(var_out, "/var/cache/fontconfig");
+        if (*p1 == '/') // double '/'
-        else
+                p1++;
-                var_out = filedb_add(var_out, ptr);
+        if (*p1 == '\0')
+                return;
+        if (!filedb_find(var_skip, p1))
+                var_out = filedb_add(var_out, p1);
 }
 void build_var(const char *fname, FILE *fp) {
        assert(fname);
+        var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "whitelist /var/");
        process_files(fname, "/var", var_callback);
-        if (var_out == NULL) {
+        // always whitelist /var
-                fprintf(fp, "blacklist /var\n");
+        if (var_out)
-        } else {
+                filedb_print(var_out, "whitelist /var/", fp);
-                filedb_print(var_out, "whitelist ", fp);
+        fprintf(fp, "include whitelist-var-common.inc\n");
-                fprintf(fp, "include whitelist-var-common.inc\n");
-        }
 }
 //*******************************************
 // usr/share directory
 //*******************************************
-// todo: load the list from whitelist-usr-share-common.inc
-static char *share_skip[] = {
-        "/usr/share/alsa",
-        "/usr/share/applications",
-        "/usr/share/ca-certificates",
-        "/usr/share/crypto-policies",
-        "/usr/share/cursors",
-        "/usr/share/dconf",
-        "/usr/share/distro-info",
-        "/usr/share/drirc.d",
-        "/usr/share/enchant",
-        "/usr/share/enchant-2",
-        "/usr/share/file",
-        "/usr/share/fontconfig",
-        "/usr/share/fonts",
-        "/usr/share/fonts-config",
-        "/usr/share/gir-1.0",
-        "/usr/share/gjs-1.0",
-        "/usr/share/glib-2.0",
-        "/usr/share/glvnd",
-        "/usr/share/gtk-2.0",
-        "/usr/share/gtk-3.0",
-        "/usr/share/gtk-engines",
-        "/usr/share/gtksourceview-3.0",
-        "/usr/share/gtksourceview-4",
-        "/usr/share/hunspell",
-        "/usr/share/hwdata",
-        "/usr/share/icons",
-        "/usr/share/icu",
-        "/usr/share/knotifications5",
-        "/usr/share/kservices5",
-        "/usr/share/Kvantum",
-        "/usr/share/kxmlgui5",
-        "/usr/share/libdrm",
-        "/usr/share/libthai",
-        "/usr/share/locale",
-        "/usr/share/mime",
-        "/usr/share/misc",
-        "/usr/share/Modules",
-        "/usr/share/myspell",
-        "/usr/share/p11-kit",
-        "/usr/share/perl",
-        "/usr/share/perl5",
-        "/usr/share/pixmaps",
-        "/usr/share/pki",
-        "/usr/share/plasma",
-        "/usr/share/publicsuffix",
-        "/usr/share/qt",
-        "/usr/share/qt4",
-        "/usr/share/qt5",
-        "/usr/share/qt5ct",
-        "/usr/share/sounds",
-        "/usr/share/tcl8.6",
-        "/usr/share/tcltk",
-        "/usr/share/terminfo",
-        "/usr/share/texlive",
-        "/usr/share/texmf",
-        "/usr/share/themes",
-        "/usr/share/thumbnail.so",
-        "/usr/share/uim",
-        "/usr/share/vulkan",
-        "/usr/share/X11",
-        "/usr/share/xml",
-        "/usr/share/zenity",
-        "/usr/share/zoneinfo",
-        NULL
-};
 static FileDB *share_out = NULL;
+static FileDB *share_skip = NULL;
 static void share_callback(char *ptr) {
        // extract the directory:
        assert(strncmp(ptr, "/usr/share", 10) == 0);
@@ -263,30 +214,21 @@ static void share_callback(char *ptr) {
        if (p2)
                *p2 = '\0';
-        int i = 0;
-        int found = 0;
+        if (!filedb_find(share_skip, p1))
-        while (share_skip[i]) {
+                share_out = filedb_add(share_out, p1);
-                if (strncmp(ptr, share_skip[i], strlen(share_skip[i])) == 0) {
-                        found = 1;
-                        break;
-                }
-                i++;
-        }
-        if (!found)
-                share_out = filedb_add(share_out, ptr);
 }
 void build_share(const char *fname, FILE *fp) {
        assert(fname);
+        share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "whitelist /usr/share/");
        process_files(fname, "/usr/share", share_callback);
-        if (share_out == NULL) {
+        // always whitelist /usr/share
-                fprintf(fp, "blacklist /usr/share\n");
+        if (share_out)
-        } else {
+                filedb_print(share_out, "whitelist /usr/share/", fp);
-                filedb_print(share_out, "whitelist ", fp);
+        fprintf(fp, "include whitelist-usr-share-common.inc\n");
-                fprintf(fp, "include whitelist-usr-share-common.inc\n");
-        }
 }
 //*******************************************
@@ -336,6 +278,7 @@ static char *dev_skip[] = {
        "/dev/null",
        "/dev/full",
        "/dev/random",
+        "/dev/srandom",
        "/dev/urandom",
        "/dev/sr0",
        "/dev/cdrom",

diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index b35380b96..8700e0ba1 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c
@@ -146,106 +146,57 @@ void build_etc(const char fname, FILE fp) {
146	//*******************************************	146	//*******************************************
147	// var directory	147	// var directory
148	//*******************************************	148	//*******************************************
		149	#if 0
		150	// todo: load the list from whitelist-var-common.inc
		151	static char *var_skip[] = {
		152	"/var/lib/ca-certificates",
		153	"/var/lib/dbus",
		154	"/var/lib/menu-xdg",
		155	"/var/lib/uim",
		156	"/var/cache/fontconfig",
		157	"/var/tmp",
		158	"/var/run",
		159	"/var/lock",
		160	NULL
		161	};
		162	#endif
149	static FileDB *var_out = NULL;	163	static FileDB *var_out = NULL;
		164	static FileDB *var_skip = NULL;
150	static void var_callback(char *ptr) {	165	static void var_callback(char *ptr) {
151	if (strcmp(ptr, "/var/lib") == 0)	166	// extract the directory:
152	;	167	assert(strncmp(ptr, "/var", 4) == 0);
153	else if (strcmp(ptr, "/var/cache") == 0)	168	char *p1 = ptr + 4;
154	;	169	if (*p1 != '/')
155	else if (strncmp(ptr, "/var/lib/menu-xdg", 17) == 0)	170	return;
156	var_out = filedb_add(var_out, "/var/lib/menu-xdg");	171	p1++;
157	else if (strncmp(ptr, "/var/cache/fontconfig", 21) == 0)	172
158	var_out = filedb_add(var_out, "/var/cache/fontconfig");	173	if (*p1 == '/') // double '/'
159	else	174	p1++;
160	var_out = filedb_add(var_out, ptr);	175	if (*p1 == '\0')
		176	return;
		177
		178	if (!filedb_find(var_skip, p1))
		179	var_out = filedb_add(var_out, p1);
161	}	180	}
162		181
163	void build_var(const char fname, FILE fp) {	182	void build_var(const char fname, FILE fp) {
164	assert(fname);	183	assert(fname);
165		184
		185	var_skip = filedb_load_whitelist(var_skip, "whitelist-var-common.inc", "whitelist /var/");
166	process_files(fname, "/var", var_callback);	186	process_files(fname, "/var", var_callback);
167		187
168	if (var_out == NULL) {	188	// always whitelist /var
169	fprintf(fp, "blacklist /var\n");	189	if (var_out)
170	} else {	190	filedb_print(var_out, "whitelist /var/", fp);
171	filedb_print(var_out, "whitelist ", fp);	191	fprintf(fp, "include whitelist-var-common.inc\n");
172	fprintf(fp, "include whitelist-var-common.inc\n");
173	}
174	}	192	}
175		193
176		194
177	//*******************************************	195	//*******************************************
178	// usr/share directory	196	// usr/share directory
179	//*******************************************	197	//*******************************************
180	// todo: load the list from whitelist-usr-share-common.inc
181	static char *share_skip[] = {
182	"/usr/share/alsa",
183	"/usr/share/applications",
184	"/usr/share/ca-certificates",
185	"/usr/share/crypto-policies",
186	"/usr/share/cursors",
187	"/usr/share/dconf",
188	"/usr/share/distro-info",
189	"/usr/share/drirc.d",
190	"/usr/share/enchant",
191	"/usr/share/enchant-2",
192	"/usr/share/file",
193	"/usr/share/fontconfig",
194	"/usr/share/fonts",
195	"/usr/share/fonts-config",
196	"/usr/share/gir-1.0",
197	"/usr/share/gjs-1.0",
198	"/usr/share/glib-2.0",
199	"/usr/share/glvnd",
200	"/usr/share/gtk-2.0",
201	"/usr/share/gtk-3.0",
202	"/usr/share/gtk-engines",
203	"/usr/share/gtksourceview-3.0",
204	"/usr/share/gtksourceview-4",
205	"/usr/share/hunspell",
206	"/usr/share/hwdata",
207	"/usr/share/icons",
208	"/usr/share/icu",
209	"/usr/share/knotifications5",
210	"/usr/share/kservices5",
211	"/usr/share/Kvantum",
212	"/usr/share/kxmlgui5",
213	"/usr/share/libdrm",
214	"/usr/share/libthai",
215	"/usr/share/locale",
216	"/usr/share/mime",
217	"/usr/share/misc",
218	"/usr/share/Modules",
219	"/usr/share/myspell",
220	"/usr/share/p11-kit",
221	"/usr/share/perl",
222	"/usr/share/perl5",
223	"/usr/share/pixmaps",
224	"/usr/share/pki",
225	"/usr/share/plasma",
226	"/usr/share/publicsuffix",
227	"/usr/share/qt",
228	"/usr/share/qt4",
229	"/usr/share/qt5",
230	"/usr/share/qt5ct",
231	"/usr/share/sounds",
232	"/usr/share/tcl8.6",
233	"/usr/share/tcltk",
234	"/usr/share/terminfo",
235	"/usr/share/texlive",
236	"/usr/share/texmf",
237	"/usr/share/themes",
238	"/usr/share/thumbnail.so",
239	"/usr/share/uim",
240	"/usr/share/vulkan",
241	"/usr/share/X11",
242	"/usr/share/xml",
243	"/usr/share/zenity",
244	"/usr/share/zoneinfo",
245	NULL
246	};
247
248	static FileDB *share_out = NULL;	198	static FileDB *share_out = NULL;
		199	static FileDB *share_skip = NULL;
249	static void share_callback(char *ptr) {	200	static void share_callback(char *ptr) {
250	// extract the directory:	201	// extract the directory:
251	assert(strncmp(ptr, "/usr/share", 10) == 0);	202	assert(strncmp(ptr, "/usr/share", 10) == 0);
@@ -263,30 +214,21 @@ static void share_callback(char *ptr) {
263	if (p2)	214	if (p2)
264	*p2 = '\0';	215	*p2 = '\0';
265		216
266	int i = 0;	217
267	int found = 0;	218	if (!filedb_find(share_skip, p1))
268	while (share_skip[i]) {	219	share_out = filedb_add(share_out, p1);
269	if (strncmp(ptr, share_skip[i], strlen(share_skip[i])) == 0) {
270	found = 1;
271	break;
272	}
273	i++;
274	}
275	if (!found)
276	share_out = filedb_add(share_out, ptr);
277	}	220	}
278		221
279	void build_share(const char fname, FILE fp) {	222	void build_share(const char fname, FILE fp) {
280	assert(fname);	223	assert(fname);
281		224
		225	share_skip = filedb_load_whitelist(share_skip, "whitelist-usr-share-common.inc", "whitelist /usr/share/");
282	process_files(fname, "/usr/share", share_callback);	226	process_files(fname, "/usr/share", share_callback);
283		227
284	if (share_out == NULL) {	228	// always whitelist /usr/share
285	fprintf(fp, "blacklist /usr/share\n");	229	if (share_out)
286	} else {	230	filedb_print(share_out, "whitelist /usr/share/", fp);
287	filedb_print(share_out, "whitelist ", fp);	231	fprintf(fp, "include whitelist-usr-share-common.inc\n");
288	fprintf(fp, "include whitelist-usr-share-common.inc\n");
289	}
290	}	232	}
291		233
292	//*******************************************	234	//*******************************************
@@ -336,6 +278,7 @@ static char *dev_skip[] = {
336	"/dev/null",	278	"/dev/null",
337	"/dev/full",	279	"/dev/full",
338	"/dev/random",	280	"/dev/random",
		281	"/dev/srandom",
339	"/dev/urandom",	282	"/dev/urandom",
340	"/dev/sr0",	283	"/dev/sr0",
341	"/dev/cdrom",	284	"/dev/cdrom",