1 files changed, 0 insertions, 170 deletions
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c
deleted file mode 100644
index 125487c41..000000000
--- a/src/fbuilder/build_profile.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "fbuilder.h"
-#include <sys/wait.h>
-#include <fcntl.h>
-#define TRACE_OUTPUT "/tmp/firejail-trace"
-#define STRACE_OUTPUT "/tmp/firejail-strace"
-static char *cmdlist[] = {
-        "/usr/bin/firejail",
-        "--quiet",
-        "--output=" TRACE_OUTPUT,
-        "--noprofile",
-        "--caps.drop=all",
-        "--nonewprivs",
-        "--trace",
-        "--shell=none",
-        "/usr/bin/strace", // also used as a marker in build_profile()
-        "-c",
-        "-f",
-        "-o" STRACE_OUTPUT,
-};
-static void clear_tmp_files(void) {
-        unlink(STRACE_OUTPUT);
-        unlink(TRACE_OUTPUT);
-        // run all the rest
-        int i;
-        for (i = 1; i <= 5; i++) {
-                char *newname;
-                if (asprintf(&newname, "%s.%d", TRACE_OUTPUT, i) == -1)
-                        errExit("asprintf");
-                unlink(newname);
-                free(newname);
-        }
-}
-void build_profile(int argc, char **argv, int index, FILE *fp) {
-        // next index is the application name
-        if (index >= argc) {
-                fprintf(stderr, "Error: application name missing\n");
-                exit(1);
-        }
-        // clean /tmp files
-        clear_tmp_files();
-        // detect strace
-        int have_strace = 0;
-        if (access("/usr/bin/strace", X_OK) == 0)
-                have_strace = 1;
-        // calculate command length
-        unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1;
-        if (arg_debug)
-                printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index);
-        char *cmd[len];
-        cmd[0] = cmdlist[0];    // explicit assignemnt to clean scan-build error
-        // build command
-        unsigned i = 0;
-        for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) {
-                // skip strace if not installed
-                if (have_strace == 0 && strcmp(cmdlist[i], "/usr/bin/strace") == 0)
-                        break;
-                cmd[i] = cmdlist[i];
-        }
-        int i2 = index;
-        for (; i < (len - 1); i++, i2++)
-                cmd[i] = argv[i2];
-        assert(i < len);
-        cmd[i] = NULL;
-        if (arg_debug) {
-                for (i = 0; i < len; i++)
-                        printf("\t%s\n", cmd[i]);
-        }
-        // fork and execute
-        pid_t child = fork();
-        if (child == -1)
-                errExit("fork");
-        if (child == 0) {
-                assert(cmd[0]);
-                int rv = execvp(cmd[0], cmd);
-                (void) rv;
-                errExit("execv");
-        }
-        // wait for all processes to finish
-        int status;
-        if (waitpid(child, &status, 0) != child)
-                errExit("waitpid");
-        if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
-                printf("\n\n\n");
-                fprintf(fp, "############################################\n");
-                fprintf(fp, "# %s profile\n", argv[index]);
-                fprintf(fp, "############################################\n");
-                fprintf(fp, "# Persistent global definitions\n");
-                fprintf(fp, "# include /etc/firejail/globals.local\n");
-                fprintf(fp, "\n");
-                fprintf(fp, "### basic blacklisting\n");
-                fprintf(fp, "include /etc/firejail/disable-common.inc\n");
-                fprintf(fp, "# include /etc/firejail/disable-devel.inc\n");
-                fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n");
-                fprintf(fp, "# include /etc/firejail/disable-programs.inc\n");
-                fprintf(fp, "\n");
-                fprintf(fp, "### home directory whitelisting\n");
-                build_home(TRACE_OUTPUT, fp);
-                fprintf(fp, "\n");
-                fprintf(fp, "### filesystem\n");
-                build_tmp(TRACE_OUTPUT, fp);
-                build_dev(TRACE_OUTPUT, fp);
-                build_etc(TRACE_OUTPUT, fp);
-                build_var(TRACE_OUTPUT, fp);
-                build_bin(TRACE_OUTPUT, fp);
-                build_share(TRACE_OUTPUT, fp);
-                fprintf(fp, "\n");
-                fprintf(fp, "### security filters\n");
-                fprintf(fp, "caps.drop all\n");
-                fprintf(fp, "nonewprivs\n");
-                fprintf(fp, "seccomp\n");
-                if (have_strace)
-                        build_seccomp(STRACE_OUTPUT, fp);
-                else {
-                        fprintf(fp, "# If you install strace on your system, Firejail will also create a\n");
-                        fprintf(fp, "# whitelisted seccomp filter.\n");
-                }
-                fprintf(fp, "\n");
-                fprintf(fp, "### network\n");
-                build_protocol(TRACE_OUTPUT, fp);
-                fprintf(fp, "\n");
-                fprintf(fp, "### environment\n");
-                fprintf(fp, "shell none\n");
-        }
-        else {
-                fprintf(stderr, "Error: cannot run the sandbox\n");
-                exit(1);
-        }
-}

diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c deleted file mode 100644 index 125487c41..000000000 --- a/src/fbuilder/build_profile.c +++ /dev/null
@@ -1,170 +0,0 @@
1	/*
2	* Copyright (C) 2014-2018 Firejail Authors
3	*
4	* This file is part of firejail project
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 2 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License along
17	* with this program; if not, write to the Free Software Foundation, Inc.,
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/
20
21	#include "fbuilder.h"
22	#include <sys/wait.h>
23	#include <fcntl.h>
24
25	#define TRACE_OUTPUT "/tmp/firejail-trace"
26	#define STRACE_OUTPUT "/tmp/firejail-strace"
27
28	static char *cmdlist[] = {
29	"/usr/bin/firejail",
30	"--quiet",
31	"--output=" TRACE_OUTPUT,
32	"--noprofile",
33	"--caps.drop=all",
34	"--nonewprivs",
35	"--trace",
36	"--shell=none",
37	"/usr/bin/strace", // also used as a marker in build_profile()
38	"-c",
39	"-f",
40	"-o" STRACE_OUTPUT,
41	};
42
43	static void clear_tmp_files(void) {
44	unlink(STRACE_OUTPUT);
45	unlink(TRACE_OUTPUT);
46
47	// run all the rest
48	int i;
49	for (i = 1; i <= 5; i++) {
50	char *newname;
51	if (asprintf(&newname, "%s.%d", TRACE_OUTPUT, i) == -1)
52	errExit("asprintf");
53	unlink(newname);
54	free(newname);
55	}
56
57	}
58
59	void build_profile(int argc, char *argv, int index, FILE fp) {
60	// next index is the application name
61	if (index >= argc) {
62	fprintf(stderr, "Error: application name missing\n");
63	exit(1);
64	}
65
66	// clean /tmp files
67	clear_tmp_files();
68
69	// detect strace
70	int have_strace = 0;
71	if (access("/usr/bin/strace", X_OK) == 0)
72	have_strace = 1;
73
74	// calculate command length
75	unsigned len = (int) sizeof(cmdlist) / sizeof(char*) + argc - index + 1;
76	if (arg_debug)
77	printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index);
78	char *cmd[len];
79	cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error
80
81	// build command
82	unsigned i = 0;
83	for (i = 0; i < (int) sizeof(cmdlist) / sizeof(char*); i++) {
84	// skip strace if not installed
85	if (have_strace == 0 && strcmp(cmdlist[i], "/usr/bin/strace") == 0)
86	break;
87	cmd[i] = cmdlist[i];
88	}
89
90	int i2 = index;
91	for (; i < (len - 1); i++, i2++)
92	cmd[i] = argv[i2];
93	assert(i < len);
94	cmd[i] = NULL;
95
96	if (arg_debug) {
97	for (i = 0; i < len; i++)
98	printf("\t%s\n", cmd[i]);
99	}
100
101	// fork and execute
102	pid_t child = fork();
103	if (child == -1)
104	errExit("fork");
105	if (child == 0) {
106	assert(cmd[0]);
107	int rv = execvp(cmd[0], cmd);
108	(void) rv;
109	errExit("execv");
110	}
111
112	// wait for all processes to finish
113	int status;
114	if (waitpid(child, &status, 0) != child)
115	errExit("waitpid");
116
117	if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
118	printf("\n\n\n");
119	fprintf(fp, "############################################\n");
120	fprintf(fp, "# %s profile\n", argv[index]);
121	fprintf(fp, "############################################\n");
122	fprintf(fp, "# Persistent global definitions\n");
123	fprintf(fp, "# include /etc/firejail/globals.local\n");
124	fprintf(fp, "\n");
125
126	fprintf(fp, "### basic blacklisting\n");
127	fprintf(fp, "include /etc/firejail/disable-common.inc\n");
128	fprintf(fp, "# include /etc/firejail/disable-devel.inc\n");
129	fprintf(fp, "include /etc/firejail/disable-passwdmgr.inc\n");
130	fprintf(fp, "# include /etc/firejail/disable-programs.inc\n");
131	fprintf(fp, "\n");
132
133	fprintf(fp, "### home directory whitelisting\n");
134	build_home(TRACE_OUTPUT, fp);
135	fprintf(fp, "\n");
136
137	fprintf(fp, "### filesystem\n");
138	build_tmp(TRACE_OUTPUT, fp);
139	build_dev(TRACE_OUTPUT, fp);
140	build_etc(TRACE_OUTPUT, fp);
141	build_var(TRACE_OUTPUT, fp);
142	build_bin(TRACE_OUTPUT, fp);
143	build_share(TRACE_OUTPUT, fp);
144	fprintf(fp, "\n");
145
146	fprintf(fp, "### security filters\n");
147	fprintf(fp, "caps.drop all\n");
148	fprintf(fp, "nonewprivs\n");
149	fprintf(fp, "seccomp\n");
150	if (have_strace)
151	build_seccomp(STRACE_OUTPUT, fp);
152	else {
153	fprintf(fp, "# If you install strace on your system, Firejail will also create a\n");
154	fprintf(fp, "# whitelisted seccomp filter.\n");
155	}
156	fprintf(fp, "\n");
157
158	fprintf(fp, "### network\n");
159	build_protocol(TRACE_OUTPUT, fp);
160	fprintf(fp, "\n");
161
162	fprintf(fp, "### environment\n");
163	fprintf(fp, "shell none\n");
164
165	}
166	else {
167	fprintf(stderr, "Error: cannot run the sandbox\n");
168	exit(1);
169	}
170	}