10 files changed, 459 insertions, 0 deletions

diff --git a/src/bash_completion/firecfg.bash_completion b/src/bash_completion/firecfg.bash_completion
new file mode 100644
index 000000000..79b74e49d
--- /dev/null
+++ b/src/bash_completion/firecfg.bash_completion
@@ -0,0 +1,39 @@
+# bash completion for firecfg                          -*- shell-script -*-
+#********************************************************************
+# Script based on completions/configure script in bash-completion package in
+# Debian. The original package is release under GPL v2 license, the webpage is
+# http://bash-completion.alioth.debian.org
+#*******************************************************************
+
+_firecfg()
+{
+    local cur prev words cword split
+    _init_completion -s || return
+
+    case $prev in
+        --help|--version)
+            return
+            ;;
+    esac
+
+    $split && return 0
+
+    # if $COMP_CONFIGURE_HINTS is not null, then completions of the form
+    # --option=SETTING will include 'SETTING' as a contextual hint
+    [[ "$cur" != -* ]] && return 0
+
+    if [[ -n $COMP_CONFIGURE_HINTS ]]; then
+        COMPREPLY=( $( compgen -W "$( $1 --help 2>&1 | \
+            awk '/^  --[A-Za-z]/ { print $1; \
+            if ($2 ~ /--[A-Za-z]/) print $2 }' | sed -e 's/[[,].*//g' )" \
+            -- "$cur" ) )
+        [[ $COMPREPLY == *=* ]] && compopt -o nospace
+    else
+        COMPREPLY=( $( compgen -W '$( _parse_help "$1" )' -- "$cur" ) )
+        [[ $COMPREPLY == *= ]] && compopt -o nospace
+    fi
+} &&
+complete -F _firecfg firecfg
+
+
+
diff --git a/src/firecfg/Makefile.in b/src/firecfg/Makefile.in
new file mode 100644
index 000000000..11f8b1e8d
--- /dev/null
+++ b/src/firecfg/Makefile.in
@@ -0,0 +1,38 @@
+all: firecfg
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+sysconfdir=@sysconfdir@
+
+VERSION=@PACKAGE_VERSION@
+NAME=@PACKAGE_NAME@
+HAVE_SECCOMP_H=@HAVE_SECCOMP_H@
+HAVE_SECCOMP=@HAVE_SECCOMP@
+HAVE_CHROOT=@HAVE_CHROOT@
+HAVE_BIND=@HAVE_BIND@
+HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
+HAVE_NETWORK=@HAVE_NETWORK@
+HAVE_USERNS=@HAVE_USERNS@
+HAVE_X11=@HAVE_X11@
+HAVE_FILE_TRANSFER=@HAVE_FILE_TRANSFER@
+
+
+H_FILE_LIST       = $(sort $(wildcard *.[h]))
+C_FILE_LIST       = $(sort $(wildcard *.c))
+OBJS = $(C_FILE_LIST:.c=.o)
+BINOBJS =  $(foreach file, $(OBJS), $file)
+CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"'  -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
+LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
+
+%.o : %.c $(H_FILE_LIST) ../include/common.h ../include/euid_common.h ../include/libnetlink.h ../include/pid.h
+        $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@
+
+firecfg: $(OBJS) ../lib/common.o
+        $(CC)  $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o $(LIBS)
+
+clean:; rm -f *.o firecfg firecfg.1 firecfg.1.gz
+
+distclean: clean
+        rm -fr Makefile
+
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
new file mode 100644
index 000000000..fb996966f
--- /dev/null
+++ b/src/firecfg/firecfg.config
@@ -0,0 +1,7 @@
+# /etc/firejail/firecfg.config - firecfg utility configuration file
+# This is the list of programs handled by firecfg utility
+#
+firefox
+iceweasel
+thunderbird
+vlc
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
new file mode 100644
index 000000000..7465f2d3e
--- /dev/null
+++ b/src/firecfg/main.c
@@ -0,0 +1,300 @@
+/*
+ * Copyright (C) 2014-2016 netblue30 (netblue30@yahoo.com)
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#include <sys/types.h>
+#include <dirent.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include "../include/common.h"
+
+static void usage(void) {
+        printf("firecfg - version %s\n\n", VERSION);
+        printf("Firecfg is the desktop configuration utility for Firejail software. The utility\n");
+        printf("creates several symbolic links to firejail executable. This allows the user to\n");
+        printf("sandbox applications automatically, just by clicking on a regular desktop\n");
+        printf("menues and icons.\n\n");
+        printf("The symbolic links are placed in /usr/local/bin. For more information, see\n");
+        printf("DESKTOP INTEGRATION section in man 1 firejail.\n\n");
+        printf("Usage: firecfg [OPTIONS]\n\n");
+        printf("   --clear - clear all firejail symbolic links\n\n");
+        printf("   --help, -? - this help screen.\n\n");
+        printf("   --list - list all firejail symbolic links\n\n");
+        printf("   --version - print program version and exit.\n\n");
+        printf("Example:\n\n");
+        printf("   $ sudo firecfg\n");
+        printf("   /usr/local/bin/firefox created\n");
+        printf("   /usr/local/bin/vlc created\n");
+        printf("   [...]\n");
+        printf("   $ firecfg --list\n");
+        printf("   /usr/local/bin/firefox\n");
+        printf("   /usr/local/bin/vlc\n");
+        printf("   [...]\n");
+        printf("   $ sudo firecfg --clear\n");
+        printf("   /usr/local/bin/firefox removed\n");
+        printf("   /usr/local/bin/vlc removed\n");
+        printf("   [...]\n");
+        printf("\n");
+        printf("License GPL version 2 or later\n");
+        printf("Homepage: http://firejail.wordpress.com\n\n");
+}
+
+// return 1 if the program is found
+static int find(const char *program, const char *directory) {
+        int retval = 0;
+        
+        char *fname;
+        if (asprintf(&fname, "/%s/%s", directory, program) == -1)
+                errExit("asprintf");
+                
+        struct stat s;
+        if (stat(fname, &s) == 0)
+                retval = 1;
+        
+        free(fname);
+        return retval;
+}
+
+
+// return 1 if program is installed on the system
+static int which(const char *program) {
+        // check some well-known paths
+        if (find(program, "/bin") || find(program, "/usr/bin") ||
+             find(program, "/sbin") || find(program, "/usr/sbin"))
+                return 1;
+                
+        // check environment
+        char *path1 = getenv("PATH");
+        if (path1) {
+                char *path2 = strdup(path1);
+                if (!path2)
+                        errExit("strdup");
+                
+                // use path2 to count the entries
+                char *ptr = strtok(path2, ":");
+                while (ptr) {
+                        if (find(program, ptr)) {
+                                free(path2);
+                                return 1;
+                        }
+                        ptr = strtok(NULL, ":");
+                }
+                free(path2);
+        }
+        
+        return 0;
+}
+
+// return 1 if the file is a link
+static int is_link(const char *fname) {
+        assert(fname);
+        if (*fname == '\0')
+                return 0;
+
+        struct stat s;
+        if (lstat(fname, &s) == 0) {
+                if (S_ISLNK(s.st_mode))
+                        return 1;
+        }
+
+        return 0;
+}
+
+static void list(void) {
+        DIR *dir = opendir("/usr/local/bin");
+        if (!dir) {
+                fprintf(stderr, "Error: cannot open /usr/local/bin directory\n");
+                exit(1);
+        }
+
+        char *firejail_exec;
+        if (asprintf(&firejail_exec, "%s/bin/firejail", PREFIX) == -1)
+                errExit("asprintf");
+
+        struct dirent *entry;
+        while ((entry = readdir(dir)) != NULL) {
+                if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
+                        continue;
+                
+                char *fullname;
+                if (asprintf(&fullname, "/usr/local/bin/%s", entry->d_name) == -1)
+                        errExit("asprintf");
+                        
+                if (is_link(fullname)) {
+                        char* fname = realpath(fullname, NULL);
+                        if (fname) {
+                                if (strcmp(fname, firejail_exec) == 0)
+                                        printf("%s\n", fullname);
+                                free(fname);
+                        }
+                }
+                free(fullname);
+        }
+                        
+        closedir(dir);
+        free(firejail_exec);
+}
+
+static void clear(void) {
+        if (getuid() != 0) {
+                fprintf(stderr, "Error: you need to be root to run this command\n");
+                exit(1);
+        }
+
+        DIR *dir = opendir("/usr/local/bin");
+        if (!dir) {
+                fprintf(stderr, "Error: cannot open /usr/local/bin directory\n");
+                exit(1);
+        }
+
+        char *firejail_exec;
+        if (asprintf(&firejail_exec, "%s/bin/firejail", PREFIX) == -1)
+                errExit("asprintf");
+
+        struct dirent *entry;
+        while ((entry = readdir(dir)) != NULL) {
+                if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
+                        continue;
+                
+                char *fullname;
+                if (asprintf(&fullname, "/usr/local/bin/%s", entry->d_name) == -1)
+                        errExit("asprintf");
+                        
+                if (is_link(fullname)) {
+                        char* fname = realpath(fullname, NULL);
+                        if (fname) {
+                                if (strcmp(fname, firejail_exec) == 0) {
+                                        printf("%s removed\n", fullname);
+                                        unlink(fullname);
+                                }
+                                free(fname);
+                        }
+                }
+                free(fullname);
+        }
+                        
+        closedir(dir);
+        free(firejail_exec);
+}
+
+static void set_file(const char *name, const char *firejail_exec) {
+        if (which(name) == 0)
+                return;
+
+        char *fname;
+        if (asprintf(&fname, "/usr/local/bin/%s", name) == -1)
+                errExit("asprintf");
+        
+        struct stat s;
+        if (stat(fname, &s) == 0)
+                ; //printf("%s already present\n", fname);
+        else {
+                int rv = symlink(firejail_exec, fname);
+                if (rv) {
+                        fprintf(stderr, "Error: cannot create %s symbolic link\n", fname);
+                        perror("symlink");
+                }
+                else
+                        printf("%s created\n", fname);
+        }
+        
+        free(fname);
+}
+
+#define MAX_BUF 1024
+static void set(void) {
+        if (getuid() != 0) {
+                fprintf(stderr, "Error: you need to be root to run this command\n");
+                exit(1);
+        }
+
+        char *cfgfile;
+        if (asprintf(&cfgfile, "%s/firejail/firecfg.config", LIBDIR) == -1)
+                errExit("asprintf");
+
+        char *firejail_exec;
+        if (asprintf(&firejail_exec, "%s/bin/firejail", PREFIX) == -1)
+                errExit("asprintf");
+
+        FILE *fp = fopen(cfgfile, "r");
+        if (!fp) {
+                fprintf(stderr, "Error: cannot open %s\n", cfgfile);
+                exit(1);
+        }
+        
+        char buf[MAX_BUF];
+        int lineno = 0;
+        while (fgets(buf, MAX_BUF,fp)) {
+                lineno++;
+                if (*buf == '#') // comments
+                        continue;
+                
+                // remove \n
+                char *ptr = strchr(buf, '\n');
+                if (ptr)
+                        *ptr = '\0';
+                
+                // do not accept .. and/or / in file name
+                if (strstr(buf, "..") || strchr(buf, '/')) {
+                        fprintf(stderr, "Error: invalid line %d in %s\n", lineno, cfgfile);
+                        exit(1);
+                }
+                
+                set_file(buf, firejail_exec);
+        }
+
+        free(cfgfile);
+        free(firejail_exec);
+}
+
+int main(int argc, char **argv) {
+        int i;
+        
+        for (i = 1; i < argc; i++) {
+                // default options
+                if (strcmp(argv[i], "--help") == 0 ||
+                    strcmp(argv[i], "-?") == 0) {
+                        usage();
+                        return 0;
+                }
+                else if (strcmp(argv[i], "--version") == 0) {
+                        printf("firecfg version %s\n\n", VERSION);
+                        return 0;
+                }
+                else if (strcmp(argv[i], "--clear") == 0) {
+                        clear();
+                        return 0;
+                }
+                else if (strcmp(argv[i], "--list") == 0) {
+                        list();
+                        return 0;
+                }
+                else {
+                        fprintf(stderr, "Error: invalid command line option\n");
+                        usage();
+                        return 1;
+                }
+        }
+        
+        set();
+        
+        return 0;
+}
+
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt
new file mode 100644
index 000000000..7d95892a4
--- /dev/null
+++ b/src/man/firecfg.txt
@@ -0,0 +1,70 @@
+.TH FIREMON 1 "MONTH YEAR" "VERSION" "firecfg man page"
+.SH NAME
+Firecfg \- Desktop configuration program for Firejail software.
+.SH SYNOPSIS
+firecfg [OPTIONS]
+.SH DESCRIPTION
+Firecfg is the desktop configuration utility for Firejail software. The utility
+creates several symbolic links to firejail executable. This allows the user to
+sandbox applications automatically, just by clicking on a regular desktop
+menues and icons.
+
+The symbolic links are placed in /usr/local/bin. For more information, see
+DESKTOP INTEGRATION section in man 1 firejail.
+
+.SH OPTIONS
+.TP
+\fB\-\-clear
+Clear all firejail symbolic links
+.TP
+\fB\-?\fR, \fB\-\-help\fR
+Print options end exit.
+.TP
+\fB\-\-list
+List all firejail symbolic links
+.TP
+\fB\-\-version
+Print program version and exit.
+
+
+.PP
+Example:
+.br
+
+.br
+$ sudo firecfg
+.br
+/usr/local/bin/firefox created
+.br
+/usr/local/bin/vlc created
+.br
+[...]
+.br
+$ firecfg --list
+.br
+/usr/local/bin/firefox
+.br
+/usr/local/bin/vlc
+.br
+[...]
+.br
+$ sudo firecfg --clear
+.br
+/usr/local/bin/firefox removed
+.br
+/usr/local/bin/vlc removed
+.br
+[...]
+
+.SH LICENSE
+This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+.PP
+Homepage: http://firejail.wordpress.com
+.SH SEE ALSO
+\&\flfirejail\fR\|(1),
+\&\flfiremon\fR\|(1),
+\&\flfirejail-profile\fR\|(5),
+\&\flfirejail-login\fR\|(5)
+\&\flfirejail-config\fR\|(5)
+
+
diff --git a/src/man/firejail-config.txt b/src/man/firejail-config.txt
index 55c35181a..687aedf59 100644
--- a/src/man/firejail-config.txt
+++ b/src/man/firejail-config.txt
@@ -58,6 +58,7 @@ Homepage: http://firejail.wordpress.com
 .SH SEE ALSO
 \&\flfirejail\fR\|(1),
 \&\flfiremon\fR\|(1),
+\&\flfirecfg\fR\|(1),
 \&\flfirejail-profile\fR\|(5)
 \&\flfirejail-login\fR\|(5)
 
diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt
index 13d045ee4..2825ca4cf 100644
--- a/src/man/firejail-login.txt
+++ b/src/man/firejail-login.txt
@@ -32,6 +32,7 @@ Homepage: http://firejail.wordpress.com
 .SH SEE ALSO
 \&\flfirejail\fR\|(1),
 \&\flfiremon\fR\|(1),
+\&\flfirecfg\fR\|(1),
 \&\flfirejail-profile\fR\|(5)
 \&\flfirejail-config\fR\|(5)
 
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 82a0d2503..b135ee615 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -351,6 +351,7 @@ Homepage: http://firejail.wordpress.com
 .SH SEE ALSO
 \&\flfirejail\fR\|(1),
 \&\flfiremon\fR\|(1),
+\&\flfirecfg\fR\|(1),
 \&\flfirejail-login\fR\|(5)
 \&\flfirejail-config\fR\|(5)
 
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 99a9429c7..806a68c3c 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1838,6 +1838,7 @@ This program is free software; you can redistribute it and/or modify it under th
 Homepage: http://firejail.wordpress.com
 .SH SEE ALSO
 \&\flfiremon\fR\|(1),
+\&\flfirecfg\fR\|(1),
 \&\flfirejail-profile\fR\|(5),
 \&\flfirejail-login\fR\|(5)
 \&\flfirejail-config\fR\|(5)
diff --git a/src/man/firemon.txt b/src/man/firemon.txt
index 78a6dd5ea..906b5cd9a 100644
--- a/src/man/firemon.txt
+++ b/src/man/firemon.txt
@@ -105,6 +105,7 @@ This program is free software; you can redistribute it and/or modify it under th
 Homepage: http://firejail.wordpress.com
 .SH SEE ALSO
 \&\flfirejail\fR\|(1),
+\&\flfirecfg\fR\|(1),
 \&\flfirejail-profile\fR\|(5),
 \&\flfirejail-login\fR\|(5)
 \&\flfirejail-config\fR\|(5)