diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/faudit/caps.c | 2 | ||||
-rw-r--r-- | src/fbuilder/build_profile.c | 2 | ||||
-rw-r--r-- | src/firejail/cmdline.c | 2 | ||||
-rw-r--r-- | src/firejail/firejail.h | 6 | ||||
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_lib.c | 2 | ||||
-rw-r--r-- | src/firejail/ls.c | 4 | ||||
-rw-r--r-- | src/firejail/main.c | 4 | ||||
-rw-r--r-- | src/firejail/no_sandbox.c | 2 | ||||
-rw-r--r-- | src/firejail/x11.c | 10 | ||||
-rw-r--r-- | src/firemon/procevent.c | 2 | ||||
-rwxr-xr-x | src/fshaper/fshaper.sh | 4 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 | ||||
-rw-r--r-- | src/tools/testuid.c | 2 |
15 files changed, 24 insertions, 24 deletions
diff --git a/src/faudit/caps.c b/src/faudit/caps.c index 46c262c89..e0fb38488 100644 --- a/src/faudit/caps.c +++ b/src/faudit/caps.c | |||
@@ -43,7 +43,7 @@ static int extract_caps(uint64_t *val) { | |||
43 | return 1; | 43 | return 1; |
44 | } | 44 | } |
45 | 45 | ||
46 | // return 1 if the capability is in tbe map | 46 | // return 1 if the capability is in the map |
47 | static int check_capability(uint64_t map, int cap) { | 47 | static int check_capability(uint64_t map, int cap) { |
48 | int i; | 48 | int i; |
49 | uint64_t mask = 1ULL; | 49 | uint64_t mask = 1ULL; |
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 74f0da226..d9cb1f568 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -91,7 +91,7 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
91 | if (arg_debug) | 91 | if (arg_debug) |
92 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); | 92 | printf("command len %d + %d + 1\n", (int) (sizeof(cmdlist) / sizeof(char*)), argc - index); |
93 | char *cmd[len]; | 93 | char *cmd[len]; |
94 | cmd[0] = cmdlist[0]; // explicit assignemnt to clean scan-build error | 94 | cmd[0] = cmdlist[0]; // explicit assignment to clean scan-build error |
95 | 95 | ||
96 | // build command | 96 | // build command |
97 | unsigned i = 0; | 97 | unsigned i = 0; |
diff --git a/src/firejail/cmdline.c b/src/firejail/cmdline.c index 1fe5a2398..d616f3599 100644 --- a/src/firejail/cmdline.c +++ b/src/firejail/cmdline.c | |||
@@ -77,7 +77,7 @@ static void quote_cmdline(char *command_line, char *window_title, int len, int a | |||
77 | 77 | ||
78 | // enclose args by single quotes, | 78 | // enclose args by single quotes, |
79 | // and since single quote can't be represented in single quoted text | 79 | // and since single quote can't be represented in single quoted text |
80 | // each occurence of it should be enclosed by double quotes | 80 | // each occurrence of it should be enclosed by double quotes |
81 | in_quotes = false; | 81 | in_quotes = false; |
82 | for (j = 0; j < strlen(argv[i + index]); j++) { | 82 | for (j = 0; j < strlen(argv[i + index]); j++) { |
83 | // single quote | 83 | // single quote |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2e921ad37..c66904c1b 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -359,7 +359,7 @@ extern int arg_private_bin; // private bin directory | |||
359 | extern int arg_private_tmp; // private tmp directory | 359 | extern int arg_private_tmp; // private tmp directory |
360 | extern int arg_private_lib; // private lib directory | 360 | extern int arg_private_lib; // private lib directory |
361 | extern int arg_scan; // arp-scan all interfaces | 361 | extern int arg_scan; // arp-scan all interfaces |
362 | extern int arg_whitelist; // whitelist commad | 362 | extern int arg_whitelist; // whitelist command |
363 | extern int arg_nosound; // disable sound | 363 | extern int arg_nosound; // disable sound |
364 | extern int arg_noautopulse; // disable automatic ~/.config/pulse init | 364 | extern int arg_noautopulse; // disable automatic ~/.config/pulse init |
365 | extern int arg_novideo; //disable video devices in /dev | 365 | extern int arg_novideo; //disable video devices in /dev |
@@ -380,7 +380,7 @@ extern char *arg_audit_prog; // audit | |||
380 | extern int arg_apparmor; // apparmor | 380 | extern int arg_apparmor; // apparmor |
381 | extern int arg_allow_debuggers; // allow debuggers | 381 | extern int arg_allow_debuggers; // allow debuggers |
382 | extern int arg_x11_block; // block X11 | 382 | extern int arg_x11_block; // block X11 |
383 | extern int arg_x11_xorg; // use X11 security extention | 383 | extern int arg_x11_xorg; // use X11 security extension |
384 | extern int arg_allusers; // all user home directories visible | 384 | extern int arg_allusers; // all user home directories visible |
385 | extern int arg_machineid; // preserve /etc/machine-id | 385 | extern int arg_machineid; // preserve /etc/machine-id |
386 | extern int arg_disable_mnt; // disable /mnt and /media | 386 | extern int arg_disable_mnt; // disable /mnt and /media |
@@ -437,7 +437,7 @@ void preproc_mount_mnt_dir(void); | |||
437 | void preproc_clean_run(void); | 437 | void preproc_clean_run(void); |
438 | 438 | ||
439 | // fs.c | 439 | // fs.c |
440 | // blacklist files or directoies by mounting empty files on top of them | 440 | // blacklist files or directories by mounting empty files on top of them |
441 | void fs_blacklist(void); | 441 | void fs_blacklist(void); |
442 | // remount a directory read-only | 442 | // remount a directory read-only |
443 | void fs_rdonly(const char *dir); | 443 | void fs_rdonly(const char *dir); |
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 38af1fccf..ff920b913 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -72,7 +72,7 @@ static void disable_file(OPERATION op, const char *filename) { | |||
72 | if (fname == NULL && errno == EACCES) { | 72 | if (fname == NULL && errno == EACCES) { |
73 | if (arg_debug) | 73 | if (arg_debug) |
74 | printf("Debug: no access to file %s, forcing mount\n", filename); | 74 | printf("Debug: no access to file %s, forcing mount\n", filename); |
75 | // realpath and stat funtions will fail on FUSE filesystems | 75 | // realpath and stat functions will fail on FUSE filesystems |
76 | // they don't seem to like a uid of 0 | 76 | // they don't seem to like a uid of 0 |
77 | // force mounting | 77 | // force mounting |
78 | int rv = mount(RUN_RO_DIR, filename, "none", MS_BIND, "mode=400,gid=0"); | 78 | int rv = mount(RUN_RO_DIR, filename, "none", MS_BIND, "mode=400,gid=0"); |
diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index a607280a0..d2e9da022 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c | |||
@@ -114,7 +114,7 @@ void fslib_copy_libs(const char *full_path) { | |||
114 | if (chown(RUN_LIB_FILE, getuid(), getgid())) | 114 | if (chown(RUN_LIB_FILE, getuid(), getgid())) |
115 | errExit("chown"); | 115 | errExit("chown"); |
116 | 116 | ||
117 | // run fldd to extact the list of files | 117 | // run fldd to extract the list of files |
118 | if (arg_debug || arg_debug_private_lib) | 118 | if (arg_debug || arg_debug_private_lib) |
119 | printf(" running fldd %s\n", full_path); | 119 | printf(" running fldd %s\n", full_path); |
120 | sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE); | 120 | sbox_run(SBOX_USER | SBOX_SECCOMP | SBOX_CAPS_NONE, 3, PATH_FLDD, full_path, RUN_LIB_FILE); |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 51370da60..164dc465a 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -353,7 +353,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
353 | exit(1); | 353 | exit(1); |
354 | } | 354 | } |
355 | 355 | ||
356 | // copy the temporary file into the destionation file | 356 | // copy the temporary file into the destination file |
357 | child = fork(); | 357 | child = fork(); |
358 | if (child < 0) | 358 | if (child < 0) |
359 | errExit("fork"); | 359 | errExit("fork"); |
@@ -428,7 +428,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
428 | exit(1); | 428 | exit(1); |
429 | } | 429 | } |
430 | 430 | ||
431 | // copy the temporary file into the destionation file | 431 | // copy the temporary file into the destination file |
432 | child = fork(); | 432 | child = fork(); |
433 | if (child < 0) | 433 | if (child < 0) |
434 | errExit("fork"); | 434 | errExit("fork"); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 4eb92658c..f35b2a925 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -93,7 +93,7 @@ int arg_private_bin = 0; // private bin directory | |||
93 | int arg_private_tmp = 0; // private tmp directory | 93 | int arg_private_tmp = 0; // private tmp directory |
94 | int arg_private_lib = 0; // private lib directory | 94 | int arg_private_lib = 0; // private lib directory |
95 | int arg_scan = 0; // arp-scan all interfaces | 95 | int arg_scan = 0; // arp-scan all interfaces |
96 | int arg_whitelist = 0; // whitelist commad | 96 | int arg_whitelist = 0; // whitelist command |
97 | int arg_nosound = 0; // disable sound | 97 | int arg_nosound = 0; // disable sound |
98 | int arg_noautopulse = 0; // disable automatic ~/.config/pulse init | 98 | int arg_noautopulse = 0; // disable automatic ~/.config/pulse init |
99 | int arg_novideo = 0; //disable video devices in /dev | 99 | int arg_novideo = 0; //disable video devices in /dev |
@@ -114,7 +114,7 @@ char *arg_audit_prog = NULL; // audit | |||
114 | int arg_apparmor = 0; // apparmor | 114 | int arg_apparmor = 0; // apparmor |
115 | int arg_allow_debuggers = 0; // allow debuggers | 115 | int arg_allow_debuggers = 0; // allow debuggers |
116 | int arg_x11_block = 0; // block X11 | 116 | int arg_x11_block = 0; // block X11 |
117 | int arg_x11_xorg = 0; // use X11 security extention | 117 | int arg_x11_xorg = 0; // use X11 security extension |
118 | int arg_allusers = 0; // all user home directories visible | 118 | int arg_allusers = 0; // all user home directories visible |
119 | int arg_machineid = 0; // preserve /etc/machine-id | 119 | int arg_machineid = 0; // preserve /etc/machine-id |
120 | int arg_allow_private_blacklist = 0; // blacklist things in private directories | 120 | int arg_allow_private_blacklist = 0; // blacklist things in private directories |
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c index 7c5cc1df9..78322807b 100644 --- a/src/firejail/no_sandbox.c +++ b/src/firejail/no_sandbox.c | |||
@@ -190,7 +190,7 @@ void run_no_sandbox(int argc, char **argv) { | |||
190 | 190 | ||
191 | int prog_index = 0; | 191 | int prog_index = 0; |
192 | // find first non option arg: | 192 | // find first non option arg: |
193 | // - first argument not starting wiht --, | 193 | // - first argument not starting with --, |
194 | // - whatever follows after -c (example: firejail -c ls) | 194 | // - whatever follows after -c (example: firejail -c ls) |
195 | for (i = 1; i < argc; i++) { | 195 | for (i = 1; i < argc; i++) { |
196 | if (strcmp(argv[i], "-c") == 0) { | 196 | if (strcmp(argv[i], "-c") == 0) { |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 9a15a06c8..c30ab5956 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -228,7 +228,7 @@ void x11_start_xvfb(int argc, char **argv) { | |||
228 | 228 | ||
229 | assert(xvfb_screen); | 229 | assert(xvfb_screen); |
230 | 230 | ||
231 | char *server_argv[256] = { // rest initialyzed to NULL | 231 | char *server_argv[256] = { // rest initialized to NULL |
232 | "Xvfb", display_str, "-screen", "0", xvfb_screen | 232 | "Xvfb", display_str, "-screen", "0", xvfb_screen |
233 | }; | 233 | }; |
234 | unsigned pos = 0; | 234 | unsigned pos = 0; |
@@ -418,7 +418,7 @@ void x11_start_xephyr(int argc, char **argv) { | |||
418 | pid_t jail = 0; | 418 | pid_t jail = 0; |
419 | pid_t server = 0; | 419 | pid_t server = 0; |
420 | 420 | ||
421 | // default xephyr screen can be overwriten by a --xephyr-screen= command line option | 421 | // default xephyr screen can be overwritten by a --xephyr-screen= command line option |
422 | char *newscreen = extract_setting(argc, argv, "--xephyr-screen="); | 422 | char *newscreen = extract_setting(argc, argv, "--xephyr-screen="); |
423 | if (newscreen) | 423 | if (newscreen) |
424 | xephyr_screen = newscreen; | 424 | xephyr_screen = newscreen; |
@@ -446,7 +446,7 @@ void x11_start_xephyr(int argc, char **argv) { | |||
446 | errExit("asprintf"); | 446 | errExit("asprintf"); |
447 | 447 | ||
448 | assert(xephyr_screen); | 448 | assert(xephyr_screen); |
449 | char *server_argv[256] = { // rest initialyzed to NULL | 449 | char *server_argv[256] = { // rest initialized to NULL |
450 | "Xephyr", "-ac", "-br", "-noreset", "-screen", xephyr_screen | 450 | "Xephyr", "-ac", "-br", "-noreset", "-screen", xephyr_screen |
451 | }; | 451 | }; |
452 | unsigned pos = 0; | 452 | unsigned pos = 0; |
@@ -627,7 +627,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { | |||
627 | pid_t server = 0; | 627 | pid_t server = 0; |
628 | 628 | ||
629 | // build the start command | 629 | // build the start command |
630 | char *server_argv[256] = { // rest initialyzed to NULL | 630 | char *server_argv[256] = { // rest initialized to NULL |
631 | "xpra", "start", display_str, "--no-daemon", | 631 | "xpra", "start", display_str, "--no-daemon", |
632 | }; | 632 | }; |
633 | unsigned pos = 0; | 633 | unsigned pos = 0; |
@@ -861,7 +861,7 @@ void x11_start_xpra_new(int argc, char **argv, char *display_str) { | |||
861 | pid_t server = 0; | 861 | pid_t server = 0; |
862 | 862 | ||
863 | // build the start command | 863 | // build the start command |
864 | char *server_argv[256] = { // rest initialyzed to NULL | 864 | char *server_argv[256] = { // rest initialized to NULL |
865 | "xpra", "start", display_str, "--daemon=no", "--attach=yes", "--exit-with-children=yes" | 865 | "xpra", "start", display_str, "--daemon=no", "--attach=yes", "--exit-with-children=yes" |
866 | }; | 866 | }; |
867 | unsigned spos = 0; | 867 | unsigned spos = 0; |
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 5b16191be..64d7d8f2d 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -385,7 +385,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
385 | int add_new = 0; | 385 | int add_new = 0; |
386 | if (pids[pid].level < 0) // not a firejail process | 386 | if (pids[pid].level < 0) // not a firejail process |
387 | continue; | 387 | continue; |
388 | else if (pids[pid].level == 0) { // new porcess, do we track it? | 388 | else if (pids[pid].level == 0) { // new process, do we track it? |
389 | if (pid_is_firejail(pid) && mypid == 0) { | 389 | if (pid_is_firejail(pid) && mypid == 0) { |
390 | pids[pid].level = 1; | 390 | pids[pid].level = 1; |
391 | add_new = 1; | 391 | add_new = 1; |
diff --git a/src/fshaper/fshaper.sh b/src/fshaper/fshaper.sh index 470137895..30a07fb86 100755 --- a/src/fshaper/fshaper.sh +++ b/src/fshaper/fshaper.sh | |||
@@ -21,7 +21,7 @@ if [ "$1" = "--clear" ]; then | |||
21 | fi | 21 | fi |
22 | 22 | ||
23 | DEV=$2 | 23 | DEV=$2 |
24 | echo "Removing bandwith limits" | 24 | echo "Removing bandwidth limits" |
25 | /sbin/tc qdisc del dev $DEV root 2> /dev/null > /dev/null | 25 | /sbin/tc qdisc del dev $DEV root 2> /dev/null > /dev/null |
26 | /sbin/tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null | 26 | /sbin/tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null |
27 | exit | 27 | exit |
@@ -30,7 +30,7 @@ fi | |||
30 | 30 | ||
31 | if [ "$1" = "--set" ]; then | 31 | if [ "$1" = "--set" ]; then |
32 | DEV=$2 | 32 | DEV=$2 |
33 | echo "Removing bandwith limit" | 33 | echo "Removing bandwidth limit" |
34 | /sbin/tc qdisc del dev $DEV ingress #2> /dev/null > /dev/null | 34 | /sbin/tc qdisc del dev $DEV ingress #2> /dev/null > /dev/null |
35 | 35 | ||
36 | if [ $# -ne 4 ]; then | 36 | if [ $# -ne 4 ]; then |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 251346bd5..4e22796c9 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -275,7 +275,7 @@ Build a new /lib directory and bring in the libraries required by the applicatio | |||
275 | This feature is still under development, see \fBman 1 firejail\fR for some examples. | 275 | This feature is still under development, see \fBman 1 firejail\fR for some examples. |
276 | .TP | 276 | .TP |
277 | \fBprivate-opt file,directory | 277 | \fBprivate-opt file,directory |
278 | Build a new /optin a temporary | 278 | Build a new /opt in a temporary |
279 | filesystem, and copy the files and directories in the list. | 279 | filesystem, and copy the files and directories in the list. |
280 | All modifications are discarded when the sandbox is closed. | 280 | All modifications are discarded when the sandbox is closed. |
281 | .TP | 281 | .TP |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 2fe2e8bfa..8898c6791 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1712,7 +1712,7 @@ vm86, vm86old, vmsplice and vserver. | |||
1712 | To help creating useful seccomp filters more easily, the following | 1712 | To help creating useful seccomp filters more easily, the following |
1713 | system call groups are defined: @clock, @cpu-emulation, @debug, | 1713 | system call groups are defined: @clock, @cpu-emulation, @debug, |
1714 | @default, @default-nodebuggers, @default-keep, @module, @obsolete, | 1714 | @default, @default-nodebuggers, @default-keep, @module, @obsolete, |
1715 | @privileged, @raw-io, @reboot, @resources and @swap. In addtion, a | 1715 | @privileged, @raw-io, @reboot, @resources and @swap. In addition, a |
1716 | system call can be specified by its number instead of name with prefix | 1716 | system call can be specified by its number instead of name with prefix |
1717 | $, so for example $165 would be equal to mount on i386. | 1717 | $, so for example $165 would be equal to mount on i386. |
1718 | 1718 | ||
diff --git a/src/tools/testuid.c b/src/tools/testuid.c index 633b9773e..51395a98d 100644 --- a/src/tools/testuid.c +++ b/src/tools/testuid.c | |||
@@ -30,7 +30,7 @@ | |||
30 | static void print_status(void) { | 30 | static void print_status(void) { |
31 | FILE *fp = fopen("/proc/self/status", "r"); | 31 | FILE *fp = fopen("/proc/self/status", "r"); |
32 | if (!fp) { | 32 | if (!fp) { |
33 | fprintf(stderr, "Error, cannot open staus file\n"); | 33 | fprintf(stderr, "Error, cannot open status file\n"); |
34 | exit(1); | 34 | exit(1); |
35 | } | 35 | } |
36 | 36 | ||