diff options
Diffstat (limited to 'src/fbuilder/build_profile.c')
-rw-r--r-- | src/fbuilder/build_profile.c | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index de9f79232..5fead41c5 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -43,7 +43,7 @@ static char *cmdlist[] = { | |||
43 | static void clear_tmp_files(void) { | 43 | static void clear_tmp_files(void) { |
44 | unlink(STRACE_OUTPUT); | 44 | unlink(STRACE_OUTPUT); |
45 | unlink(TRACE_OUTPUT); | 45 | unlink(TRACE_OUTPUT); |
46 | 46 | ||
47 | // run all the rest | 47 | // run all the rest |
48 | int i; | 48 | int i; |
49 | for (i = 1; i <= 5; i++) { | 49 | for (i = 1; i <= 5; i++) { |
@@ -62,22 +62,22 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
62 | fprintf(stderr, "Error: application name missing\n"); | 62 | fprintf(stderr, "Error: application name missing\n"); |
63 | exit(1); | 63 | exit(1); |
64 | } | 64 | } |
65 | 65 | ||
66 | // clean /tmp files | 66 | // clean /tmp files |
67 | clear_tmp_files(); | 67 | clear_tmp_files(); |
68 | 68 | ||
69 | // detect strace | 69 | // detect strace |
70 | int have_strace = 0; | 70 | int have_strace = 0; |
71 | if (access("/usr/bin/strace", X_OK) == 0) | 71 | if (access("/usr/bin/strace", X_OK) == 0) |
72 | have_strace = 1; | 72 | have_strace = 1; |
73 | 73 | ||
74 | // calculate command length | 74 | // calculate command length |
75 | unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1; | 75 | unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1; |
76 | if (arg_debug) | 76 | if (arg_debug) |
77 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); | 77 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); |
78 | char *cmd[len]; | 78 | char *cmd[len]; |
79 | cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error | 79 | cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error |
80 | 80 | ||
81 | // build command | 81 | // build command |
82 | unsigned i = 0; | 82 | unsigned i = 0; |
83 | for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) { | 83 | for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) { |
@@ -97,7 +97,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
97 | for (i = 0; i < len; i++) | 97 | for (i = 0; i < len; i++) |
98 | printf("\t%s\n", cmd[i]); | 98 | printf("\t%s\n", cmd[i]); |
99 | } | 99 | } |
100 | 100 | ||
101 | // fork and execute | 101 | // fork and execute |
102 | pid_t child = fork(); | 102 | pid_t child = fork(); |
103 | if (child == -1) | 103 | if (child == -1) |
@@ -108,7 +108,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
108 | (void) rv; | 108 | (void) rv; |
109 | errExit("execv"); | 109 | errExit("execv"); |
110 | } | 110 | } |
111 | 111 | ||
112 | // wait for all processes to finish | 112 | // wait for all processes to finish |
113 | int status; | 113 | int status; |
114 | if (waitpid(child, &status, 0) != child) | 114 | if (waitpid(child, &status, 0) != child) |
@@ -122,18 +122,18 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
122 | fprintf(fp, "# Persistent global definitions\n"); | 122 | fprintf(fp, "# Persistent global definitions\n"); |
123 | fprintf(fp, "# include /etc/firejail/globals.local\n"); | 123 | fprintf(fp, "# include /etc/firejail/globals.local\n"); |
124 | fprintf(fp, "\n"); | 124 | fprintf(fp, "\n"); |
125 | 125 | ||
126 | fprintf(fp, "### basic blacklisting\n"); | 126 | fprintf(fp, "### basic blacklisting\n"); |
127 | fprintf(fp, "include /etc/firejail/disable-common.inc\n"); | 127 | fprintf(fp, "include /etc/firejail/disable-common.inc\n"); |
128 | fprintf(fp, "# include /etc/firejail/disable-devel.inc\n"); | 128 | fprintf(fp, "# include /etc/firejail/disable-devel.inc\n"); |
129 | fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n"); | 129 | fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n"); |
130 | fprintf(fp, "# include /etc/firejail/disable-programs.inc\n"); | 130 | fprintf(fp, "# include /etc/firejail/disable-programs.inc\n"); |
131 | fprintf(fp, "\n"); | 131 | fprintf(fp, "\n"); |
132 | 132 | ||
133 | fprintf(fp, "### home directory whitelisting\n"); | 133 | fprintf(fp, "### home directory whitelisting\n"); |
134 | build_home(TRACE_OUTPUT, fp); | 134 | build_home(TRACE_OUTPUT, fp); |
135 | fprintf(fp, "\n"); | 135 | fprintf(fp, "\n"); |
136 | 136 | ||
137 | fprintf(fp, "### filesystem\n"); | 137 | fprintf(fp, "### filesystem\n"); |
138 | build_tmp(TRACE_OUTPUT, fp); | 138 | build_tmp(TRACE_OUTPUT, fp); |
139 | build_dev(TRACE_OUTPUT, fp); | 139 | build_dev(TRACE_OUTPUT, fp); |
@@ -158,7 +158,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
158 | fprintf(fp, "### network\n"); | 158 | fprintf(fp, "### network\n"); |
159 | build_protocol(TRACE_OUTPUT, fp); | 159 | build_protocol(TRACE_OUTPUT, fp); |
160 | fprintf(fp, "\n"); | 160 | fprintf(fp, "\n"); |
161 | 161 | ||
162 | fprintf(fp, "### environment\n"); | 162 | fprintf(fp, "### environment\n"); |
163 | fprintf(fp, "shell none\n"); | 163 | fprintf(fp, "shell none\n"); |
164 | 164 | ||