1 files changed, 0 insertions, 192 deletions
diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c
deleted file mode 100644
index fbc0e06f4..000000000
--- a/src/fbuilder/build_seccomp.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * Copyright (C) 2014-2018 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#include "fbuilder.h"
-void build_seccomp(const char *fname, FILE *fp) {
-        assert(fname);
-        assert(fp);
-        FILE *fp2 = fopen(fname, "r");
-        if (!fp2) {
-                fprintf(stderr, "Error: cannot open %s\n", fname);
-                exit(1);
-        }
-        char buf[MAX_BUF];
-        int line = 1;
-        int position = 0;
-        int cnt = 0;
-        while (fgets(buf, MAX_BUF, fp2)) {
-                // remove \n
-                char *ptr = strchr(buf, '\n');
-                if (ptr)
-                        *ptr = '\0';
-                // first line:
-                //% time     seconds  usecs/call     calls    errors syscall
-                if (line == 1) {
-                        // extract syscall position
-                        ptr = strstr(buf, "syscall");
-                        if (*buf != '%' || ptr == NULL) {
-                                // skip this line, it could be garbage from strace
-                                continue;
-                        }
-                        position = (int) (ptr - buf);
-                }
-                else if (line == 2) {
-                        if (*buf != '-') {
-                                fprintf(stderr, "Error: invalid strace output\n%s\n", buf);
-                                exit(1);
-                        }
-                }
-                else {
-                        // get out on the next "----" line
-                        if (*buf == '-')
-                                break;
-                        if (line == 3)
-                                fprintf(fp, "# seccomp.keep %s", buf + position);
-                        else
-                                fprintf(fp, ",%s", buf + position);
-                        cnt++;
-                }
-                line++;
-        }
-        fprintf(fp, "\n");
-        fprintf(fp, "# %d syscalls total\n", cnt);
-        fprintf(fp, "# Probably you will need to add more syscalls to seccomp.keep. Look for\n");
-        fprintf(fp, "# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while\n");
-        fprintf(fp, "# running your sandbox.\n");
-        fclose(fp2);
-}
-//***************************************
-// protocol
-//***************************************
-int unix_s = 0;
-int inet = 0;
-int inet6 = 0;
-int netlink = 0;
-int packet = 0;
-static void process_protocol(const char *fname) {
-        assert(fname);
-        // process trace file
-        FILE *fp = fopen(fname, "r");
-        if (!fp) {
-                fprintf(stderr, "Error: cannot open %s\n", fname);
-                exit(1);
-        }
-        char buf[MAX_BUF];
-        while (fgets(buf, MAX_BUF, fp)) {
-                // remove \n
-                char *ptr = strchr(buf, '\n');
-                if (ptr)
-                        *ptr = '\0';
-                // parse line: 4:galculator:access /etc/fonts/conf.d:0
-                // number followed by :
-                ptr = buf;
-                if (!isdigit(*ptr))
-                        continue;
-                while (isdigit(*ptr))
-                        ptr++;
-                if (*ptr != ':')
-                        continue;
-                ptr++;
-                // next :
-                ptr = strchr(ptr, ':');
-                if (!ptr)
-                        continue;
-                ptr++;
-                if (strncmp(ptr, "socket ", 7) == 0)
-                        ptr +=  7;
-                else
-                        continue;
-                if (strncmp(ptr, "AF_LOCAL ", 9) == 0)
-                        unix_s = 1;
-                else if (strncmp(ptr, "AF_INET ", 8) == 0)
-                        inet = 1;
-                else if (strncmp(ptr, "AF_INET6 ", 9) == 0)
-                        inet6 = 1;
-                else if (strncmp(ptr, "AF_NETLINK ", 9) == 0)
-                        netlink = 1;
-                else if (strncmp(ptr, "AF_PACKET ", 9) == 0)
-                        packet = 1;
-        }
-        fclose(fp);
-}
-// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
-void build_protocol(const char *fname, FILE *fp) {
-        assert(fname);
-        // run fname
-        process_protocol(fname);
-        // run all the rest
-        struct stat s;
-        int i;
-        for (i = 1; i <= 5; i++) {
-                char *newname;
-                if (asprintf(&newname, "%s.%d", fname, i) == -1)
-                        errExit("asprintf");
-                if (stat(newname, &s) == 0)
-                        process_protocol(newname);
-                free(newname);
-        }
-        int net = 0;
-        if (unix_s || inet || inet6 || netlink || packet) {
-                fprintf(fp, "protocol ");
-                if (unix_s)
-                        fprintf(fp, "unix,");
-                if (inet) {
-                        fprintf(fp, "inet,");
-                        net = 1;
-                }
-                if (inet6) {
-                        fprintf(fp, "inet6,");
-                        net = 1;
-                }
-                if (netlink)
-                        fprintf(fp, "netlink,");
-                if (packet) {
-                        fprintf(fp, "packet");
-                        net = 1;
-                }
-                fprintf(fp, "\n");
-        }
-        if (net == 0)
-                fprintf(fp, "net none\n");
-        else {
-                fprintf(fp, "# net eth0\n");
-                fprintf(fp, "netfilter\n");
-        }
-}

diff --git a/src/fbuilder/build_seccomp.c b/src/fbuilder/build_seccomp.c deleted file mode 100644 index fbc0e06f4..000000000 --- a/src/fbuilder/build_seccomp.c +++ /dev/null
@@ -1,192 +0,0 @@
1	/*
2	* Copyright (C) 2014-2018 Firejail Authors
3	*
4	* This file is part of firejail project
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 2 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License along
17	* with this program; if not, write to the Free Software Foundation, Inc.,
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/
20
21	#include "fbuilder.h"
22
23	void build_seccomp(const char fname, FILE fp) {
24	assert(fname);
25	assert(fp);
26
27	FILE *fp2 = fopen(fname, "r");
28	if (!fp2) {
29	fprintf(stderr, "Error: cannot open %s\n", fname);
30	exit(1);
31	}
32
33	char buf[MAX_BUF];
34	int line = 1;
35	int position = 0;
36	int cnt = 0;
37	while (fgets(buf, MAX_BUF, fp2)) {
38	// remove \n
39	char *ptr = strchr(buf, '\n');
40	if (ptr)
41	*ptr = '\0';
42
43	// first line:
44	//% time seconds usecs/call calls errors syscall
45	if (line == 1) {
46	// extract syscall position
47	ptr = strstr(buf, "syscall");
48	if (*buf != '%' \|\| ptr == NULL) {
49	// skip this line, it could be garbage from strace
50	continue;
51	}
52	position = (int) (ptr - buf);
53	}
54	else if (line == 2) {
55	if (*buf != '-') {
56	fprintf(stderr, "Error: invalid strace output\n%s\n", buf);
57	exit(1);
58	}
59	}
60	else {
61	// get out on the next "----" line
62	if (*buf == '-')
63	break;
64
65	if (line == 3)
66	fprintf(fp, "# seccomp.keep %s", buf + position);
67	else
68	fprintf(fp, ",%s", buf + position);
69	cnt++;
70	}
71	line++;
72	}
73	fprintf(fp, "\n");
74	fprintf(fp, "# %d syscalls total\n", cnt);
75	fprintf(fp, "# Probably you will need to add more syscalls to seccomp.keep. Look for\n");
76	fprintf(fp, "# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while\n");
77	fprintf(fp, "# running your sandbox.\n");
78
79	fclose(fp2);
80	}
81
82	//***************************************
83	// protocol
84	//***************************************
85	int unix_s = 0;
86	int inet = 0;
87	int inet6 = 0;
88	int netlink = 0;
89	int packet = 0;
90	static void process_protocol(const char *fname) {
91	assert(fname);
92
93	// process trace file
94	FILE *fp = fopen(fname, "r");
95	if (!fp) {
96	fprintf(stderr, "Error: cannot open %s\n", fname);
97	exit(1);
98	}
99
100	char buf[MAX_BUF];
101	while (fgets(buf, MAX_BUF, fp)) {
102	// remove \n
103	char *ptr = strchr(buf, '\n');
104	if (ptr)
105	*ptr = '\0';
106
107	// parse line: 4:galculator:access /etc/fonts/conf.d:0
108	// number followed by :
109	ptr = buf;
110	if (!isdigit(*ptr))
111	continue;
112	while (isdigit(*ptr))
113	ptr++;
114	if (*ptr != ':')
115	continue;
116	ptr++;
117
118	// next :
119	ptr = strchr(ptr, ':');
120	if (!ptr)
121	continue;
122	ptr++;
123	if (strncmp(ptr, "socket ", 7) == 0)
124	ptr += 7;
125	else
126	continue;
127
128	if (strncmp(ptr, "AF_LOCAL ", 9) == 0)
129	unix_s = 1;
130	else if (strncmp(ptr, "AF_INET ", 8) == 0)
131	inet = 1;
132	else if (strncmp(ptr, "AF_INET6 ", 9) == 0)
133	inet6 = 1;
134	else if (strncmp(ptr, "AF_NETLINK ", 9) == 0)
135	netlink = 1;
136	else if (strncmp(ptr, "AF_PACKET ", 9) == 0)
137	packet = 1;
138	}
139
140	fclose(fp);
141	}
142
143
144	// process fname, fname.1, fname.2, fname.3, fname.4, fname.5
145	void build_protocol(const char fname, FILE fp) {
146	assert(fname);
147
148	// run fname
149	process_protocol(fname);
150
151	// run all the rest
152	struct stat s;
153	int i;
154	for (i = 1; i <= 5; i++) {
155	char *newname;
156	if (asprintf(&newname, "%s.%d", fname, i) == -1)
157	errExit("asprintf");
158	if (stat(newname, &s) == 0)
159	process_protocol(newname);
160	free(newname);
161	}
162
163	int net = 0;
164	if (unix_s \|\| inet \|\| inet6 \|\| netlink \|\| packet) {
165	fprintf(fp, "protocol ");
166	if (unix_s)
167	fprintf(fp, "unix,");
168	if (inet) {
169	fprintf(fp, "inet,");
170	net = 1;
171	}
172	if (inet6) {
173	fprintf(fp, "inet6,");
174	net = 1;
175	}
176	if (netlink)
177	fprintf(fp, "netlink,");
178	if (packet) {
179	fprintf(fp, "packet");
180	net = 1;
181	}
182	fprintf(fp, "\n");
183	}
184
185	if (net == 0)
186	fprintf(fp, "net none\n");
187	else {
188	fprintf(fp, "# net eth0\n");
189	fprintf(fp, "netfilter\n");
190	}
191	}
192