diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firecfg/firecfg.config | 2 | ||||
-rw-r--r-- | src/firejail/Makefile.in | 2 | ||||
-rw-r--r-- | src/firejail/firejail.h | 79 | ||||
-rw-r--r-- | src/include/rundefs.h | 102 | ||||
-rw-r--r-- | src/libpostexecseccomp/Makefile.in | 3 | ||||
-rw-r--r-- | src/libpostexecseccomp/libpostexecseccomp.c | 12 | ||||
-rw-r--r-- | src/libpostexecseccomp/libpostexecseccomp.h | 25 | ||||
-rw-r--r-- | src/libtracelog/Makefile.in | 2 | ||||
-rw-r--r-- | src/libtracelog/libtracelog.c | 2 |
9 files changed, 117 insertions, 112 deletions
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 5125d0cca..7aec0f82a 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -9,6 +9,7 @@ Cryptocat | |||
9 | Cyberfox | 9 | Cyberfox |
10 | Discord | 10 | Discord |
11 | DiscordCanary | 11 | DiscordCanary |
12 | Documents | ||
12 | FossaMail | 13 | FossaMail |
13 | Fritzing | 14 | Fritzing |
14 | Gitter | 15 | Gitter |
@@ -565,6 +566,7 @@ uefitool | |||
565 | uget-gtk | 566 | uget-gtk |
566 | unbound | 567 | unbound |
567 | unknown-horizons | 568 | unknown-horizons |
569 | utox | ||
568 | uudeview | 570 | uudeview |
569 | uzbl-browser | 571 | uzbl-browser |
570 | viewnior | 572 | viewnior |
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in index d0f43041c..8cb994aca 100644 --- a/src/firejail/Makefile.in +++ b/src/firejail/Makefile.in | |||
@@ -2,7 +2,7 @@ all: firejail | |||
2 | 2 | ||
3 | include ../common.mk | 3 | include ../common.mk |
4 | 4 | ||
5 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h | 5 | %.o : %.c $(H_FILE_LIST) ../include/rundefs.h ../include/common.h ../include/ldd_utils.h ../include/euid_common.h ../include/pid.h ../include/seccomp.h ../include/syscall.h ../include/firejail_user.h |
6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ | 6 | $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(INCLUDE) -c $< -o $@ |
7 | 7 | ||
8 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o | 8 | firejail: $(OBJS) ../lib/libnetlink.o ../lib/common.o ../lib/ldd_utils.o ../lib/firejail_user.o |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 4cb10c875..b2c18d79f 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -21,90 +21,13 @@ | |||
21 | #define FIREJAIL_H | 21 | #define FIREJAIL_H |
22 | #include "../include/common.h" | 22 | #include "../include/common.h" |
23 | #include "../include/euid_common.h" | 23 | #include "../include/euid_common.h" |
24 | #include "../include/rundefs.h" | ||
24 | #include <stdarg.h> | 25 | #include <stdarg.h> |
25 | #include <sys/stat.h> | 26 | #include <sys/stat.h> |
26 | 27 | ||
27 | // debug restricted shell | 28 | // debug restricted shell |
28 | //#define DEBUG_RESTRICTED_SHELL | 29 | //#define DEBUG_RESTRICTED_SHELL |
29 | 30 | ||
30 | // filesystem | ||
31 | #define RUN_FIREJAIL_BASEDIR "/run" | ||
32 | #define RUN_FIREJAIL_DIR "/run/firejail" | ||
33 | #define RUN_FIREJAIL_APPIMAGE_DIR "/run/firejail/appimage" | ||
34 | #define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place | ||
35 | #define RUN_FIREJAIL_LIB_DIR "/run/firejail/lib" | ||
36 | #define RUN_FIREJAIL_X11_DIR "/run/firejail/x11" | ||
37 | #define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network" | ||
38 | #define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth" | ||
39 | #define RUN_FIREJAIL_PROFILE_DIR "/run/firejail/profile" | ||
40 | #define RUN_NETWORK_LOCK_FILE "/run/firejail/firejail-network.lock" | ||
41 | #define RUN_DIRECTORY_LOCK_FILE "/run/firejail/firejail-run.lock" | ||
42 | #define RUN_RO_DIR "/run/firejail/firejail.ro.dir" | ||
43 | #define RUN_RO_FILE "/run/firejail/firejail.ro.file" | ||
44 | #define RUN_MNT_DIR "/run/firejail/mnt" // a tmpfs is mounted on this directory before any of the files below are created | ||
45 | #define RUN_CGROUP_CFG "/run/firejail/mnt/cgroup" | ||
46 | #define RUN_CPU_CFG "/run/firejail/mnt/cpu" | ||
47 | #define RUN_GROUPS_CFG "/run/firejail/mnt/groups" | ||
48 | #define RUN_PROTOCOL_CFG "/run/firejail/mnt/protocol" | ||
49 | #define RUN_NONEWPRIVS_CFG "/run/firejail/mnt/nonewprivs" | ||
50 | #define RUN_HOME_DIR "/run/firejail/mnt/home" | ||
51 | #define RUN_ETC_DIR "/run/firejail/mnt/etc" | ||
52 | #define RUN_OPT_DIR "/run/firejail/mnt/opt" | ||
53 | #define RUN_SRV_DIR "/run/firejail/mnt/srv" | ||
54 | #define RUN_BIN_DIR "/run/firejail/mnt/bin" | ||
55 | #define RUN_PULSE_DIR "/run/firejail/mnt/pulse" | ||
56 | #define RUN_LIB_DIR "/run/firejail/mnt/lib" | ||
57 | #define RUN_LIB_FILE "/run/firejail/mnt/libfiles" | ||
58 | #define RUN_DNS_ETC "/run/firejail/mnt/dns-etc" | ||
59 | |||
60 | #define RUN_SECCOMP_DIR "/run/firejail/mnt/seccomp" | ||
61 | #define RUN_SECCOMP_LIST "/run/firejail/mnt/seccomp/seccomp.list" // list of seccomp files installed | ||
62 | #define RUN_SECCOMP_PROTOCOL "/run/firejail/mnt/seccomp/seccomp.protocol" // protocol filter | ||
63 | #define RUN_SECCOMP_CFG "/run/firejail/mnt/seccomp/seccomp" // configured filter | ||
64 | #define RUN_SECCOMP_32 "/run/firejail/mnt/seccomp/seccomp.32" // 32bit arch filter installed on 64bit architectures | ||
65 | #define RUN_SECCOMP_MDWX "/run/firejail/mnt/seccomp/seccomp.mdwx" // filter for memory-deny-write-execute | ||
66 | #define RUN_SECCOMP_BLOCK_SECONDARY "/run/firejail/mnt/seccomp/seccomp.block_secondary" // secondary arch blocking filter | ||
67 | #define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp/seccomp.postexec" // filter for post-exec library | ||
68 | #define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp") // default filter built during make | ||
69 | #define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug") // default filter built during make | ||
70 | #define PATH_SECCOMP_32 (LIBDIR "/firejail/seccomp.32") // 32bit arch filter built during make | ||
71 | #define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx") // filter for memory-deny-write-execute built during make | ||
72 | #define PATH_SECCOMP_BLOCK_SECONDARY (LIBDIR "/firejail/seccomp.block_secondary") // secondary arch blocking filter built during make | ||
73 | |||
74 | |||
75 | #define RUN_DEV_DIR "/run/firejail/mnt/dev" | ||
76 | #define RUN_DEVLOG_FILE "/run/firejail/mnt/devlog" | ||
77 | |||
78 | #define RUN_WHITELIST_X11_DIR "/run/firejail/mnt/orig-x11" | ||
79 | #define RUN_WHITELIST_HOME_DIR "/run/firejail/mnt/orig-home" // default home directory masking | ||
80 | #define RUN_WHITELIST_RUN_DIR "/run/firejail/mnt/orig-run" // default run directory masking | ||
81 | #define RUN_WHITELIST_HOME_USER_DIR "/run/firejail/mnt/orig-home-user" // home directory whitelisting | ||
82 | #define RUN_WHITELIST_RUN_USER_DIR "/run/firejail/mnt/orig-run-user" // run directory whitelisting | ||
83 | #define RUN_WHITELIST_TMP_DIR "/run/firejail/mnt/orig-tmp" | ||
84 | #define RUN_WHITELIST_MEDIA_DIR "/run/firejail/mnt/orig-media" | ||
85 | #define RUN_WHITELIST_MNT_DIR "/run/firejail/mnt/orig-mnt" | ||
86 | #define RUN_WHITELIST_VAR_DIR "/run/firejail/mnt/orig-var" | ||
87 | #define RUN_WHITELIST_DEV_DIR "/run/firejail/mnt/orig-dev" | ||
88 | #define RUN_WHITELIST_OPT_DIR "/run/firejail/mnt/orig-opt" | ||
89 | #define RUN_WHITELIST_SRV_DIR "/run/firejail/mnt/orig-srv" | ||
90 | #define RUN_WHITELIST_ETC_DIR "/run/firejail/mnt/orig-etc" | ||
91 | #define RUN_WHITELIST_SHARE_DIR "/run/firejail/mnt/orig-share" | ||
92 | #define RUN_WHITELIST_MODULE_DIR "/run/firejail/mnt/orig-module" | ||
93 | |||
94 | #define RUN_XAUTHORITY_FILE "/run/firejail/mnt/.Xauthority" | ||
95 | #define RUN_XAUTHORITY_SEC_FILE "/run/firejail/mnt/sec.Xauthority" | ||
96 | #define RUN_ASOUNDRC_FILE "/run/firejail/mnt/.asoundrc" | ||
97 | #define RUN_HOSTNAME_FILE "/run/firejail/mnt/hostname" | ||
98 | #define RUN_HOSTS_FILE "/run/firejail/mnt/hosts" | ||
99 | #define RUN_MACHINEID "/run/firejail/mnt/machine-id" | ||
100 | #define RUN_LDPRELOAD_FILE "/run/firejail/mnt/ld.so.preload" | ||
101 | #define RUN_UTMP_FILE "/run/firejail/mnt/utmp" | ||
102 | #define RUN_PASSWD_FILE "/run/firejail/mnt/passwd" | ||
103 | #define RUN_GROUP_FILE "/run/firejail/mnt/group" | ||
104 | #define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger" | ||
105 | #define RUN_UMASK_FILE "/run/firejail/mnt/umask" | ||
106 | #define RUN_OVERLAY_ROOT "/run/firejail/mnt/oroot" | ||
107 | #define RUN_READY_FOR_JOIN "/run/firejail/mnt/ready-for-join" | ||
108 | 31 | ||
109 | 32 | ||
110 | // profiles | 33 | // profiles |
diff --git a/src/include/rundefs.h b/src/include/rundefs.h new file mode 100644 index 000000000..67d7cfa4f --- /dev/null +++ b/src/include/rundefs.h | |||
@@ -0,0 +1,102 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2019 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | |||
21 | #ifndef RUNDEFS_H | ||
22 | #define RUNDEFS_H | ||
23 | // filesystem | ||
24 | #define RUN_FIREJAIL_BASEDIR "/run" | ||
25 | #define RUN_FIREJAIL_DIR "/run/firejail" | ||
26 | #define RUN_FIREJAIL_APPIMAGE_DIR "/run/firejail/appimage" | ||
27 | #define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place | ||
28 | #define RUN_FIREJAIL_LIB_DIR "/run/firejail/lib" | ||
29 | #define RUN_FIREJAIL_X11_DIR "/run/firejail/x11" | ||
30 | #define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network" | ||
31 | #define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth" | ||
32 | #define RUN_FIREJAIL_PROFILE_DIR "/run/firejail/profile" | ||
33 | #define RUN_NETWORK_LOCK_FILE "/run/firejail/firejail-network.lock" | ||
34 | #define RUN_DIRECTORY_LOCK_FILE "/run/firejail/firejail-run.lock" | ||
35 | #define RUN_RO_DIR "/run/firejail/firejail.ro.dir" | ||
36 | #define RUN_RO_FILE "/run/firejail/firejail.ro.file" | ||
37 | #define RUN_MNT_DIR "/run/firejail/mnt" // a tmpfs is mounted on this directory before any of the files below are created | ||
38 | #define RUN_CGROUP_CFG "/run/firejail/mnt/cgroup" | ||
39 | #define RUN_CPU_CFG "/run/firejail/mnt/cpu" | ||
40 | #define RUN_GROUPS_CFG "/run/firejail/mnt/groups" | ||
41 | #define RUN_PROTOCOL_CFG "/run/firejail/mnt/protocol" | ||
42 | #define RUN_NONEWPRIVS_CFG "/run/firejail/mnt/nonewprivs" | ||
43 | #define RUN_HOME_DIR "/run/firejail/mnt/home" | ||
44 | #define RUN_ETC_DIR "/run/firejail/mnt/etc" | ||
45 | #define RUN_OPT_DIR "/run/firejail/mnt/opt" | ||
46 | #define RUN_SRV_DIR "/run/firejail/mnt/srv" | ||
47 | #define RUN_BIN_DIR "/run/firejail/mnt/bin" | ||
48 | #define RUN_PULSE_DIR "/run/firejail/mnt/pulse" | ||
49 | #define RUN_LIB_DIR "/run/firejail/mnt/lib" | ||
50 | #define RUN_LIB_FILE "/run/firejail/mnt/libfiles" | ||
51 | #define RUN_DNS_ETC "/run/firejail/mnt/dns-etc" | ||
52 | |||
53 | #define RUN_SECCOMP_DIR "/run/firejail/mnt/seccomp" | ||
54 | #define RUN_SECCOMP_LIST "/run/firejail/mnt/seccomp/seccomp.list" // list of seccomp files installed | ||
55 | #define RUN_SECCOMP_PROTOCOL "/run/firejail/mnt/seccomp/seccomp.protocol" // protocol filter | ||
56 | #define RUN_SECCOMP_CFG "/run/firejail/mnt/seccomp/seccomp" // configured filter | ||
57 | #define RUN_SECCOMP_32 "/run/firejail/mnt/seccomp/seccomp.32" // 32bit arch filter installed on 64bit architectures | ||
58 | #define RUN_SECCOMP_MDWX "/run/firejail/mnt/seccomp/seccomp.mdwx" // filter for memory-deny-write-execute | ||
59 | #define RUN_SECCOMP_BLOCK_SECONDARY "/run/firejail/mnt/seccomp/seccomp.block_secondary" // secondary arch blocking filter | ||
60 | #define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp/seccomp.postexec" // filter for post-exec library | ||
61 | #define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp") // default filter built during make | ||
62 | #define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug") // default filter built during make | ||
63 | #define PATH_SECCOMP_32 (LIBDIR "/firejail/seccomp.32") // 32bit arch filter built during make | ||
64 | #define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx") // filter for memory-deny-write-execute built during make | ||
65 | #define PATH_SECCOMP_BLOCK_SECONDARY (LIBDIR "/firejail/seccomp.block_secondary") // secondary arch blocking filter built during make | ||
66 | |||
67 | |||
68 | #define RUN_DEV_DIR "/run/firejail/mnt/dev" | ||
69 | #define RUN_DEVLOG_FILE "/run/firejail/mnt/devlog" | ||
70 | |||
71 | #define RUN_WHITELIST_X11_DIR "/run/firejail/mnt/orig-x11" | ||
72 | #define RUN_WHITELIST_HOME_DIR "/run/firejail/mnt/orig-home" // default home directory masking | ||
73 | #define RUN_WHITELIST_RUN_DIR "/run/firejail/mnt/orig-run" // default run directory masking | ||
74 | #define RUN_WHITELIST_HOME_USER_DIR "/run/firejail/mnt/orig-home-user" // home directory whitelisting | ||
75 | #define RUN_WHITELIST_RUN_USER_DIR "/run/firejail/mnt/orig-run-user" // run directory whitelisting | ||
76 | #define RUN_WHITELIST_TMP_DIR "/run/firejail/mnt/orig-tmp" | ||
77 | #define RUN_WHITELIST_MEDIA_DIR "/run/firejail/mnt/orig-media" | ||
78 | #define RUN_WHITELIST_MNT_DIR "/run/firejail/mnt/orig-mnt" | ||
79 | #define RUN_WHITELIST_VAR_DIR "/run/firejail/mnt/orig-var" | ||
80 | #define RUN_WHITELIST_DEV_DIR "/run/firejail/mnt/orig-dev" | ||
81 | #define RUN_WHITELIST_OPT_DIR "/run/firejail/mnt/orig-opt" | ||
82 | #define RUN_WHITELIST_SRV_DIR "/run/firejail/mnt/orig-srv" | ||
83 | #define RUN_WHITELIST_ETC_DIR "/run/firejail/mnt/orig-etc" | ||
84 | #define RUN_WHITELIST_SHARE_DIR "/run/firejail/mnt/orig-share" | ||
85 | #define RUN_WHITELIST_MODULE_DIR "/run/firejail/mnt/orig-module" | ||
86 | |||
87 | #define RUN_XAUTHORITY_FILE "/run/firejail/mnt/.Xauthority" | ||
88 | #define RUN_XAUTHORITY_SEC_FILE "/run/firejail/mnt/sec.Xauthority" | ||
89 | #define RUN_ASOUNDRC_FILE "/run/firejail/mnt/.asoundrc" | ||
90 | #define RUN_HOSTNAME_FILE "/run/firejail/mnt/hostname" | ||
91 | #define RUN_HOSTS_FILE "/run/firejail/mnt/hosts" | ||
92 | #define RUN_MACHINEID "/run/firejail/mnt/machine-id" | ||
93 | #define RUN_LDPRELOAD_FILE "/run/firejail/mnt/ld.so.preload" | ||
94 | #define RUN_UTMP_FILE "/run/firejail/mnt/utmp" | ||
95 | #define RUN_PASSWD_FILE "/run/firejail/mnt/passwd" | ||
96 | #define RUN_GROUP_FILE "/run/firejail/mnt/group" | ||
97 | #define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger" | ||
98 | #define RUN_UMASK_FILE "/run/firejail/mnt/umask" | ||
99 | #define RUN_OVERLAY_ROOT "/run/firejail/mnt/oroot" | ||
100 | #define RUN_READY_FOR_JOIN "/run/firejail/mnt/ready-for-join" | ||
101 | |||
102 | #endif | ||
diff --git a/src/libpostexecseccomp/Makefile.in b/src/libpostexecseccomp/Makefile.in index 92803342c..8d6dde4e0 100644 --- a/src/libpostexecseccomp/Makefile.in +++ b/src/libpostexecseccomp/Makefile.in | |||
@@ -13,13 +13,12 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now | |||
13 | 13 | ||
14 | all: libpostexecseccomp.so | 14 | all: libpostexecseccomp.so |
15 | 15 | ||
16 | %.o : %.c $(H_FILE_LIST) | 16 | %.o : %.c $(H_FILE_LIST) ../include/seccomp.h ../include/rundefs.h |
17 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 17 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
18 | 18 | ||
19 | libpostexecseccomp.so: $(OBJS) | 19 | libpostexecseccomp.so: $(OBJS) |
20 | $(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl | 20 | $(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl |
21 | 21 | ||
22 | |||
23 | clean:; rm -f $(OBJS) libpostexecseccomp.so | 22 | clean:; rm -f $(OBJS) libpostexecseccomp.so |
24 | 23 | ||
25 | distclean: clean | 24 | distclean: clean |
diff --git a/src/libpostexecseccomp/libpostexecseccomp.c b/src/libpostexecseccomp/libpostexecseccomp.c index e51445de4..3983510ec 100644 --- a/src/libpostexecseccomp/libpostexecseccomp.c +++ b/src/libpostexecseccomp/libpostexecseccomp.c | |||
@@ -17,19 +17,22 @@ | |||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | 17 | * with this program; if not, write to the Free Software Foundation, Inc., |
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "libpostexecseccomp.h" | ||
21 | #include "../include/seccomp.h" | 20 | #include "../include/seccomp.h" |
21 | #include "../include/rundefs.h" | ||
22 | #include <fcntl.h> | 22 | #include <fcntl.h> |
23 | #include <linux/filter.h> | 23 | #include <linux/filter.h> |
24 | #include <sys/mman.h> | 24 | #include <sys/mman.h> |
25 | #include <sys/prctl.h> | 25 | #include <sys/prctl.h> |
26 | #include <unistd.h> | 26 | #include <unistd.h> |
27 | #include <stdio.h> | ||
27 | 28 | ||
28 | __attribute__((constructor)) | 29 | __attribute__((constructor)) |
29 | static void load_seccomp(void) { | 30 | static void load_seccomp(void) { |
30 | int fd = open(RUN_SECCOMP_POSTEXEC, O_RDONLY); | 31 | int fd = open(RUN_SECCOMP_POSTEXEC, O_RDONLY); |
31 | if (fd == -1) | 32 | if (fd == -1) { |
33 | fprintf(stderr, "Error: cannot open seccomp postexec filter file %s\n", RUN_SECCOMP_POSTEXEC); | ||
32 | return; | 34 | return; |
35 | } | ||
33 | 36 | ||
34 | off_t size = lseek(fd, 0, SEEK_END); | 37 | off_t size = lseek(fd, 0, SEEK_END); |
35 | if (size <= 0) { | 38 | if (size <= 0) { |
@@ -40,11 +43,12 @@ static void load_seccomp(void) { | |||
40 | struct sock_filter *filter = MAP_FAILED; | 43 | struct sock_filter *filter = MAP_FAILED; |
41 | if (size != 0) | 44 | if (size != 0) |
42 | filter = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0); | 45 | filter = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0); |
43 | |||
44 | close(fd); | 46 | close(fd); |
45 | 47 | ||
46 | if (filter == MAP_FAILED) | 48 | if (filter == MAP_FAILED) { |
49 | fprintf(stderr, "Error: cannot map seccomp postexec filter data\n"); | ||
47 | return; | 50 | return; |
51 | } | ||
48 | 52 | ||
49 | // install filter | 53 | // install filter |
50 | struct sock_fprog prog = { | 54 | struct sock_fprog prog = { |
diff --git a/src/libpostexecseccomp/libpostexecseccomp.h b/src/libpostexecseccomp/libpostexecseccomp.h deleted file mode 100644 index 908364d43..000000000 --- a/src/libpostexecseccomp/libpostexecseccomp.h +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2014-2019 Firejail Authors | ||
3 | * | ||
4 | * This file is part of firejail project | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License as published by | ||
8 | * the Free Software Foundation; either version 2 of the License, or | ||
9 | * (at your option) any later version. | ||
10 | * | ||
11 | * This program is distributed in the hope that it will be useful, | ||
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
14 | * GNU General Public License for more details. | ||
15 | * | ||
16 | * You should have received a copy of the GNU General Public License along | ||
17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
19 | */ | ||
20 | #ifndef LIBPOSTEXECSECCOMP_H | ||
21 | #define LIBPOSTEXECSECCOMP_H | ||
22 | |||
23 | #define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp.postexec" | ||
24 | |||
25 | #endif | ||
diff --git a/src/libtracelog/Makefile.in b/src/libtracelog/Makefile.in index 3927c762a..5c27f3cb3 100644 --- a/src/libtracelog/Makefile.in +++ b/src/libtracelog/Makefile.in | |||
@@ -13,7 +13,7 @@ LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now | |||
13 | 13 | ||
14 | all: libtracelog.so | 14 | all: libtracelog.so |
15 | 15 | ||
16 | %.o : %.c $(H_FILE_LIST) | 16 | %.o : %.c $(H_FILE_LIST) ../include/rundefs.h |
17 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 17 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
18 | 18 | ||
19 | libtracelog.so: $(OBJS) | 19 | libtracelog.so: $(OBJS) |
diff --git a/src/libtracelog/libtracelog.c b/src/libtracelog/libtracelog.c index 420c9370c..3641a81af 100644 --- a/src/libtracelog/libtracelog.c +++ b/src/libtracelog/libtracelog.c | |||
@@ -32,6 +32,7 @@ | |||
32 | #include <syslog.h> | 32 | #include <syslog.h> |
33 | #include <dirent.h> | 33 | #include <dirent.h> |
34 | #include <limits.h> | 34 | #include <limits.h> |
35 | #include "../include/rundefs.h" | ||
35 | 36 | ||
36 | //#define DEBUG | 37 | //#define DEBUG |
37 | 38 | ||
@@ -163,7 +164,6 @@ static char *storage_find(const char *str) { | |||
163 | // | 164 | // |
164 | // load blacklist form /run/firejail/mnt/fslogger | 165 | // load blacklist form /run/firejail/mnt/fslogger |
165 | // | 166 | // |
166 | #define RUN_FSLOGGER_FILE "/run/firejail/mnt/fslogger" | ||
167 | #define MAXBUF 4096 | 167 | #define MAXBUF 4096 |
168 | static int blacklist_loaded = 0; | 168 | static int blacklist_loaded = 0; |
169 | static char *sandbox_pid_str = NULL; | 169 | static char *sandbox_pid_str = NULL; |