2 files changed, 284 insertions, 19 deletions
diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h
index fcb824778..61ac8ac69 100644
--- a/src/include/etc_groups.h
+++ b/src/include/etc_groups.h
@@ -27,6 +27,7 @@
 static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
        "alternatives",
        "fonts",
+        "group",
        "ld.so.cache",
        "ld.so.conf",
        "ld.so.conf.d",
@@ -38,16 +39,16 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
        "login.defs", // firejail reading UID/GID MIN and MAX at startup
        "nsswitch.conf",
        "passwd",
-        "group",
+        "selinux",
        NULL
 };
-// @sound
+// @games
-static char *etc_group_sound[] = {
+static char *etc_group_games[] = {
-        "alsa",
+        "openal", // 3D sound
-        "asound.conf",
+        "timidity", // MIDI
-        "machine-id", // required by PulseAudio
+        "timidity.cfg",
-        "pulse",
+        "vulkan", // next generation OpenGL stack
        NULL
 };
@@ -55,8 +56,17 @@ static char *etc_group_sound[] = {
 static char*etc_group_network[] = {
        "hostname",
        "hosts",
-        "resolv.conf",
        "protocols",
+        "resolv.conf",
+        NULL
+};
+// @sound
+static char *etc_group_sound[] = {
+        "alsa",
+        "asound.conf",
+        "machine-id", // required by PulseAudio
+        "pulse",
        NULL
 };
@@ -72,24 +82,18 @@ static char *etc_group_tls_ca[] = {
 // @x11
 static char *etc_group_x11[] = {
-        "xdg",
+        "ati", // 3D
-        "drirc",
        "dconf",
+        "drirc",
        "gtk-2.0",
        "gtk-3.0",
        "kde4rc",
        "kde5rc",
+        "nvidia", // 3D
        "pango", // text rendering/internationalization
-        "nvidia",
+        "Trolltech.conf", // old QT config file
        "X11",
-        NULL
+        "xdg",
-};
-// @games
-static char *etc_group_games[] = {
-        "timidity", // MIDI
-        "timidity.cfg",
-        "openal", // 3D sound
        NULL
 };
diff --git a/src/tools/cleanup_etc.c b/src/tools/cleanup_etc.c
new file mode 100644
index 000000000..f57a1ddb1
--- /dev/null
+++ b/src/tools/cleanup_etc.c
@@ -0,0 +1,261 @@
+/*
+ * Copyright (C) 2014-2022 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <assert.h>
+#include "../include/etc_groups.h"
+#define errExit(msg)    do { char msgout[500]; sprintf(msgout, "Error %s:%s(%d)", msg, __FUNCTION__, __LINE__); perror(msgout); exit(1);} while (0)
+#define MAX_BUF 4098
+#define MAX_ARR 1024
+char *arr[MAX_ARR] = {NULL};
+int arr_cnt = 0;
+static int arr_tls_ca = 0;
+static int arr_x11 = 0;
+static int arr_games = 0;
+static char outbuf[256 * 1024];
+static char *outptr;
+static int arg_replace = 0;
+static int arg_debug = 0;
+void outprintf(char* fmt, ...) {
+        va_list args;
+        va_start(args,fmt);
+        outptr += vsprintf(outptr, fmt, args);
+        va_end(args);
+}
+static int arr_check(const char *fname, char **pptr) {
+        assert(fname);
+        assert(pptr);
+        while (*pptr != NULL) {
+                if (strcmp(fname, *pptr) == 0)
+                        return 1;
+                pptr++;
+        }
+        return 0;
+}
+static void arr_add(const char *fname) {
+        assert(fname);
+        assert(arr_cnt < MAX_ARR);
+        int i;
+        for (i = 0; i < arr_cnt; i++)
+                if (strcmp(arr[i], fname) == 0)
+                        return;
+        arr[arr_cnt] = strdup(fname);
+        if (!arr[arr_cnt])
+                errExit("strdup");
+        arr_cnt++;
+}
+int arr_cmp(const void *p1, const void *p2) {
+        char **ptr1 = (char **) p1;
+        char **ptr2 = (char **) p2;
+        return strcmp(*ptr1, *ptr2);
+}
+static void arr_sort(void) {
+        qsort(&arr[0], arr_cnt, sizeof(char *), arr_cmp);
+}
+static void arr_clean(void) {
+        int i;
+        for (i = 0; i < arr_cnt; i++) {
+                free(arr[i]);
+                arr[i] = NULL;
+        }
+        arr_cnt = 0;
+        arr_games = 0;
+        arr_tls_ca = 0;
+        arr_x11 = 0;
+}
+static char *arr_print(void) {
+        char *last_line = outptr;
+        outprintf("private-etc ");
+        if (arr_games)
+                outprintf("@games,");
+        if (arr_tls_ca)
+                outprintf("@tls-ca,");
+        if (arr_x11)
+                outprintf("@x11,");
+        int i;
+        for (i = 0; i < arr_cnt; i++)
+                outprintf("%s,", arr[i]);
+        if (*(outptr - 1) == ' ' || *(outptr - 1) == ',') {
+                outptr--;
+                *outptr = '\0';
+        }
+        outprintf("\n");
+        return last_line;
+}
+static void process_file(const char *fname) {
+        assert(fname);
+        FILE *fp = fopen(fname, "r");
+        if (!fp) {
+                fprintf(stderr, "Error: cannot open %s file\n", fname);
+                exit(1);
+        }
+        outptr = outbuf;
+        *outptr = '\0';
+        arr_clean();
+        char line[MAX_BUF];
+        char orig_line[MAX_BUF];
+        int cnt = 0;
+        int print = 0;
+        while (fgets(line, MAX_BUF, fp)) {
+                cnt++;
+                if (strncmp(line, "private-etc", 11) != 0)  {
+                        outprintf("%s", line);
+                        continue;
+                }
+                strcpy(orig_line,line);
+                char *ptr = strchr(line, '\n');
+                if (ptr)
+                        *ptr = '\0';
+                ptr = line + 12;
+                while (*ptr == ' ' || *ptr == '\t')
+                        ptr++;
+                // check for blanks and tabs
+                char *ptr2 = ptr;
+                while (*ptr2 != '\0') {
+                        if (*ptr2 == ' ' || *ptr2 == '\t') {
+                                fprintf(stderr, "Error: invalid private-etc line %s:%d\n", fname, cnt);
+                                exit(1);
+                        }
+                        ptr2++;
+                }
+                ptr = strtok(ptr, ",");
+                while (ptr) {
+                        if (arg_debug)
+                                printf("%s\n", ptr);
+                        if (arr_check(ptr, &etc_list[0]));
+                        else if (arr_check(ptr, &etc_group_sound[0]));
+                        else if (arr_check(ptr, &etc_group_network[0]));
+                        else if (strcmp(ptr, "@games") == 0)
+                                arr_games = 1;
+                        else if (strcmp(ptr, "@tls-ca") == 0)
+                                arr_tls_ca = 1;
+                        else if (strcmp(ptr, "@x11") == 0)
+                                arr_x11 = 1;
+                        else if (arr_check(ptr, &etc_group_games[0]))
+                                arr_games = 1;
+                        else if (arr_check(ptr, &etc_group_tls_ca[0]))
+                                arr_tls_ca = 1;
+                        else if (arr_check(ptr, &etc_group_x11[0]))
+                                arr_x11 = 1;
+                        else
+                                arr_add(ptr);
+                        ptr = strtok(NULL, ",");
+                }
+                arr_sort();
+                char *last_line = arr_print();
+                if (strcmp(last_line, orig_line) == 0) {
+                        fclose(fp);
+                        return;
+                }
+                printf("\n********************\nfile: %s\n\nold: %s\nnew: %s\n", fname, orig_line, last_line);
+                print = 1;
+        }
+        fclose(fp);
+        if (print && arg_replace) {
+                fp = fopen(fname, "w");
+                if (!fp) {
+                        fprintf(stderr, "Error: cannot open profile file\n");
+                        exit(1);
+                }
+                fprintf(fp, "%s", outbuf);
+                fclose(fp);
+        }
+}
+static void usage(void) {
+        printf("usage: cleanup-etc [options] file.profile [file.profile]\n");
+        printf("Group and clean private-etc entries in one or more profile files.\n");
+        printf("Options:\n");
+        printf("   --debug - print debug messages\n");
+        printf("   --help - this help screen\n");
+        printf("   --replace - replace profile file\n");
+}
+int main(int argc, char **argv) {
+        if (argc < 2) {
+                fprintf(stderr, "Error: invalid number of parameters\n");
+                usage();
+                return 1;
+        }
+        int i;
+        for (i = 1; i < argc; i++) {
+                if (strcmp(argv[i], "-h") == 0 ||
+                     strcmp(argv[i], "-?") == 0 ||
+                     strcmp(argv[i], "--help") == 0) {
+                        usage();
+                        return 0;
+                }
+                else if (strcmp(argv[i], "--debug") == 0)
+                        arg_debug = 1;
+                else if (strcmp(argv[i], "--replace") == 0)
+                        arg_replace = 1;
+                else if (*argv[i] == '-') {
+                        fprintf(stderr, "Error: invalid program option %s\n", argv[i]);
+                        return 1;
+                }
+                else
+                        break;
+        }
+        for (; i < argc; i++)
+                process_file(argv[i]);
+        return 0;
+}
+\ No newline at end of file

diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h index fcb824778..61ac8ac69 100644 --- a/src/include/etc_groups.h +++ b/src/include/etc_groups.h
@@ -27,6 +27,7 @@
27	static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer	27	static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
28	"alternatives",	28	"alternatives",
29	"fonts",	29	"fonts",
		30	"group",
30	"ld.so.cache",	31	"ld.so.cache",
31	"ld.so.conf",	32	"ld.so.conf",
32	"ld.so.conf.d",	33	"ld.so.conf.d",
@@ -38,16 +39,16 @@ static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
38	"login.defs", // firejail reading UID/GID MIN and MAX at startup	39	"login.defs", // firejail reading UID/GID MIN and MAX at startup
39	"nsswitch.conf",	40	"nsswitch.conf",
40	"passwd",	41	"passwd",
41	"group",	42	"selinux",
42	NULL	43	NULL
43	};	44	};
44		45
45	// @sound	46	// @games
46	static char *etc_group_sound[] = {	47	static char *etc_group_games[] = {
47	"alsa",	48	"openal", // 3D sound
48	"asound.conf",	49	"timidity", // MIDI
49	"machine-id", // required by PulseAudio	50	"timidity.cfg",
50	"pulse",	51	"vulkan", // next generation OpenGL stack
51	NULL	52	NULL
52	};	53	};
53		54
@@ -55,8 +56,17 @@ static char *etc_group_sound[] = {
55	static char*etc_group_network[] = {	56	static char*etc_group_network[] = {
56	"hostname",	57	"hostname",
57	"hosts",	58	"hosts",
58	"resolv.conf",
59	"protocols",	59	"protocols",
		60	"resolv.conf",
		61	NULL
		62	};
		63
		64	// @sound
		65	static char *etc_group_sound[] = {
		66	"alsa",
		67	"asound.conf",
		68	"machine-id", // required by PulseAudio
		69	"pulse",
60	NULL	70	NULL
61	};	71	};
62		72
@@ -72,24 +82,18 @@ static char *etc_group_tls_ca[] = {
72		82
73	// @x11	83	// @x11
74	static char *etc_group_x11[] = {	84	static char *etc_group_x11[] = {
75	"xdg",	85	"ati", // 3D
76	"drirc",
77	"dconf",	86	"dconf",
		87	"drirc",
78	"gtk-2.0",	88	"gtk-2.0",
79	"gtk-3.0",	89	"gtk-3.0",
80	"kde4rc",	90	"kde4rc",
81	"kde5rc",	91	"kde5rc",
		92	"nvidia", // 3D
82	"pango", // text rendering/internationalization	93	"pango", // text rendering/internationalization
83	"nvidia",	94	"Trolltech.conf", // old QT config file
84	"X11",	95	"X11",
85	NULL	96	"xdg",
86	};
87
88	// @games
89	static char *etc_group_games[] = {
90	"timidity", // MIDI
91	"timidity.cfg",
92	"openal", // 3D sound
93	NULL	97	NULL
94	};	98	};
95		99


diff --git a/src/tools/cleanup_etc.c b/src/tools/cleanup_etc.c new file mode 100644 index 000000000..f57a1ddb1 --- /dev/null +++ b/src/tools/cleanup_etc.c
@@ -0,0 +1,261 @@
		1	/*
		2	* Copyright (C) 2014-2022 Firejail Authors
		3	*
		4	* This file is part of firejail project
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License as published by
		8	* the Free Software Foundation; either version 2 of the License, or
		9	* (at your option) any later version.
		10	*
		11	* This program is distributed in the hope that it will be useful,
		12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	* GNU General Public License for more details.
		15	*
		16	* You should have received a copy of the GNU General Public License along
		17	* with this program; if not, write to the Free Software Foundation, Inc.,
		18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
		19	*/
		20
		21	#include <stdio.h>
		22	#include <stdlib.h>
		23	#include <string.h>
		24	#include <stdarg.h>
		25	#include <assert.h>
		26	#include "../include/etc_groups.h"
		27	#define errExit(msg) do { char msgout[500]; sprintf(msgout, "Error %s:%s(%d)", msg, __FUNCTION__, __LINE__); perror(msgout); exit(1);} while (0)
		28
		29
		30
		31	#define MAX_BUF 4098
		32	#define MAX_ARR 1024
		33	char *arr[MAX_ARR] = {NULL};
		34	int arr_cnt = 0;
		35
		36	static int arr_tls_ca = 0;
		37	static int arr_x11 = 0;
		38	static int arr_games = 0;
		39	static char outbuf[256 * 1024];
		40	static char *outptr;
		41	static int arg_replace = 0;
		42	static int arg_debug = 0;
		43
		44	void outprintf(char* fmt, ...) {
		45	va_list args;
		46	va_start(args,fmt);
		47	outptr += vsprintf(outptr, fmt, args);
		48	va_end(args);
		49	}
		50
		51
		52
		53	static int arr_check(const char fname, char *pptr) {
		54	assert(fname);
		55	assert(pptr);
		56
		57	while (*pptr != NULL) {
		58	if (strcmp(fname, *pptr) == 0)
		59	return 1;
		60	pptr++;
		61	}
		62
		63	return 0;
		64	}
		65
		66
		67
		68	static void arr_add(const char *fname) {
		69	assert(fname);
		70	assert(arr_cnt < MAX_ARR);
		71
		72	int i;
		73	for (i = 0; i < arr_cnt; i++)
		74	if (strcmp(arr[i], fname) == 0)
		75	return;
		76
		77	arr[arr_cnt] = strdup(fname);
		78	if (!arr[arr_cnt])
		79	errExit("strdup");
		80	arr_cnt++;
		81	}
		82
		83	int arr_cmp(const void p1, const void p2) {
		84	char ptr1 = (char ) p1;
		85	char ptr2 = (char ) p2;
		86
		87	return strcmp(ptr1, ptr2);
		88	}
		89
		90	static void arr_sort(void) {
		91	qsort(&arr[0], arr_cnt, sizeof(char *), arr_cmp);
		92	}
		93
		94	static void arr_clean(void) {
		95	int i;
		96	for (i = 0; i < arr_cnt; i++) {
		97	free(arr[i]);
		98	arr[i] = NULL;
		99	}
		100
		101	arr_cnt = 0;
		102	arr_games = 0;
		103	arr_tls_ca = 0;
		104	arr_x11 = 0;
		105	}
		106
		107	static char *arr_print(void) {
		108	char *last_line = outptr;
		109	outprintf("private-etc ");
		110
		111	if (arr_games)
		112	outprintf("@games,");
		113	if (arr_tls_ca)
		114	outprintf("@tls-ca,");
		115	if (arr_x11)
		116	outprintf("@x11,");
		117
		118	int i;
		119	for (i = 0; i < arr_cnt; i++)
		120	outprintf("%s,", arr[i]);
		121	if ((outptr - 1) == ' ' \|\| (outptr - 1) == ',') {
		122	outptr--;
		123	*outptr = '\0';
		124	}
		125	outprintf("\n");
		126
		127	return last_line;
		128	}
		129
		130	static void process_file(const char *fname) {
		131	assert(fname);
		132
		133	FILE *fp = fopen(fname, "r");
		134	if (!fp) {
		135	fprintf(stderr, "Error: cannot open %s file\n", fname);
		136	exit(1);
		137	}
		138
		139	outptr = outbuf;
		140	*outptr = '\0';
		141	arr_clean();
		142
		143	char line[MAX_BUF];
		144	char orig_line[MAX_BUF];
		145	int cnt = 0;
		146	int print = 0;
		147	while (fgets(line, MAX_BUF, fp)) {
		148	cnt++;
		149	if (strncmp(line, "private-etc", 11) != 0) {
		150	outprintf("%s", line);
		151	continue;
		152	}
		153
		154	strcpy(orig_line,line);
		155	char *ptr = strchr(line, '\n');
		156	if (ptr)
		157	*ptr = '\0';
		158
		159	ptr = line + 12;
		160	while (ptr == ' ' \|\| ptr == '\t')
		161	ptr++;
		162
		163	// check for blanks and tabs
		164	char *ptr2 = ptr;
		165	while (*ptr2 != '\0') {
		166	if (ptr2 == ' ' \|\| ptr2 == '\t') {
		167	fprintf(stderr, "Error: invalid private-etc line %s:%d\n", fname, cnt);
		168	exit(1);
		169	}
		170	ptr2++;
		171	}
		172
		173	ptr = strtok(ptr, ",");
		174	while (ptr) {
		175	if (arg_debug)
		176	printf("%s\n", ptr);
		177	if (arr_check(ptr, &etc_list[0]));
		178	else if (arr_check(ptr, &etc_group_sound[0]));
		179	else if (arr_check(ptr, &etc_group_network[0]));
		180	else if (strcmp(ptr, "@games") == 0)
		181	arr_games = 1;
		182	else if (strcmp(ptr, "@tls-ca") == 0)
		183	arr_tls_ca = 1;
		184	else if (strcmp(ptr, "@x11") == 0)
		185	arr_x11 = 1;
		186	else if (arr_check(ptr, &etc_group_games[0]))
		187	arr_games = 1;
		188	else if (arr_check(ptr, &etc_group_tls_ca[0]))
		189	arr_tls_ca = 1;
		190	else if (arr_check(ptr, &etc_group_x11[0]))
		191	arr_x11 = 1;
		192	else
		193	arr_add(ptr);
		194
		195	ptr = strtok(NULL, ",");
		196	}
		197
		198	arr_sort();
		199	char *last_line = arr_print();
		200	if (strcmp(last_line, orig_line) == 0) {
		201	fclose(fp);
		202	return;
		203	}
		204	printf("\n********************\nfile: %s\n\nold: %s\nnew: %s\n", fname, orig_line, last_line);
		205	print = 1;
		206	}
		207
		208	fclose(fp);
		209
		210	if (print && arg_replace) {
		211	fp = fopen(fname, "w");
		212	if (!fp) {
		213	fprintf(stderr, "Error: cannot open profile file\n");
		214	exit(1);
		215	}
		216	fprintf(fp, "%s", outbuf);
		217	fclose(fp);
		218	}
		219	}
		220
		221	static void usage(void) {
		222	printf("usage: cleanup-etc [options] file.profile [file.profile]\n");
		223	printf("Group and clean private-etc entries in one or more profile files.\n");
		224	printf("Options:\n");
		225	printf(" --debug - print debug messages\n");
		226	printf(" --help - this help screen\n");
		227	printf(" --replace - replace profile file\n");
		228	}
		229
		230	int main(int argc, char **argv) {
		231	if (argc < 2) {
		232	fprintf(stderr, "Error: invalid number of parameters\n");
		233	usage();
		234	return 1;
		235	}
		236
		237	int i;
		238	for (i = 1; i < argc; i++) {
		239	if (strcmp(argv[i], "-h") == 0 \|\|
		240	strcmp(argv[i], "-?") == 0 \|\|
		241	strcmp(argv[i], "--help") == 0) {
		242	usage();
		243	return 0;
		244	}
		245	else if (strcmp(argv[i], "--debug") == 0)
		246	arg_debug = 1;
		247	else if (strcmp(argv[i], "--replace") == 0)
		248	arg_replace = 1;
		249	else if (*argv[i] == '-') {
		250	fprintf(stderr, "Error: invalid program option %s\n", argv[i]);
		251	return 1;
		252	}
		253	else
		254	break;
		255	}
		256
		257	for (; i < argc; i++)
		258	process_file(argv[i]);
		259
		260	return 0;
		261	} \ No newline at end of file