diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/fbuilder/build_bin.c | 2 | ||||
-rw-r--r-- | src/fbuilder/build_fs.c | 12 | ||||
-rw-r--r-- | src/fbuilder/build_home.c | 2 | ||||
-rw-r--r-- | src/fbuilder/build_profile.c | 23 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 8 |
5 files changed, 26 insertions, 21 deletions
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c index 96bd351f3..431aebee6 100644 --- a/src/fbuilder/build_bin.c +++ b/src/fbuilder/build_bin.c | |||
@@ -121,6 +121,6 @@ void build_bin(const char *fname, FILE *fp) { | |||
121 | ptr = ptr->next; | 121 | ptr = ptr->next; |
122 | } | 122 | } |
123 | fprintf(fp, "\n"); | 123 | fprintf(fp, "\n"); |
124 | fprintf(fp, "# private-lib\n"); | 124 | fprintf(fp, "#private-lib\n"); |
125 | } | 125 | } |
126 | } | 126 | } |
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c index 495f71ab8..ac0cd455a 100644 --- a/src/fbuilder/build_fs.c +++ b/src/fbuilder/build_fs.c | |||
@@ -220,6 +220,10 @@ static void tmp_callback(char *ptr) { | |||
220 | // skip strace file | 220 | // skip strace file |
221 | if (strncmp(ptr, "/tmp/firejail-strace", 20) == 0) | 221 | if (strncmp(ptr, "/tmp/firejail-strace", 20) == 0) |
222 | return; | 222 | return; |
223 | if (strncmp(ptr, "/tmp/runtime-", 13) == 0) | ||
224 | return; | ||
225 | if (strcmp(ptr, "/tmp") == 0) | ||
226 | return; | ||
223 | 227 | ||
224 | tmp_out = filedb_add(tmp_out, ptr); | 228 | tmp_out = filedb_add(tmp_out, ptr); |
225 | } | 229 | } |
@@ -232,8 +236,7 @@ void build_tmp(const char *fname, FILE *fp) { | |||
232 | if (tmp_out == NULL) | 236 | if (tmp_out == NULL) |
233 | fprintf(fp, "private-tmp\n"); | 237 | fprintf(fp, "private-tmp\n"); |
234 | else { | 238 | else { |
235 | fprintf(fp, "\n"); | 239 | fprintf(fp, "#private-tmp\n"); |
236 | fprintf(fp, "# private-tmp\n"); | ||
237 | fprintf(fp, "# File accessed in /tmp directory:\n"); | 240 | fprintf(fp, "# File accessed in /tmp directory:\n"); |
238 | fprintf(fp, "# "); | 241 | fprintf(fp, "# "); |
239 | FileDB *ptr = tmp_out; | 242 | FileDB *ptr = tmp_out; |
@@ -310,9 +313,8 @@ void build_dev(const char *fname, FILE *fp) { | |||
310 | if (dev_out == NULL) | 313 | if (dev_out == NULL) |
311 | fprintf(fp, "private-dev\n"); | 314 | fprintf(fp, "private-dev\n"); |
312 | else { | 315 | else { |
313 | fprintf(fp, "\n"); | 316 | fprintf(fp, "#private-dev\n"); |
314 | fprintf(fp, "# private-dev\n"); | 317 | fprintf(fp, "# This is the list of devices accessed on top of regular private-dev devices:\n"); |
315 | fprintf(fp, "# This is the list of devices accessed (on top of regular private-dev devices:\n"); | ||
316 | fprintf(fp, "# "); | 318 | fprintf(fp, "# "); |
317 | FileDB *ptr = dev_out; | 319 | FileDB *ptr = dev_out; |
318 | while (ptr) { | 320 | while (ptr) { |
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c index 683009b71..d7706282a 100644 --- a/src/fbuilder/build_home.c +++ b/src/fbuilder/build_home.c | |||
@@ -141,7 +141,7 @@ void process_home(const char *fname, char *home, int home_len) { | |||
141 | } | 141 | } |
142 | 142 | ||
143 | // skip files and directories in whitelist-common.inc | 143 | // skip files and directories in whitelist-common.inc |
144 | if (filedb_find(db_skip, toadd)) { | 144 | if (strlen(toadd) == 0 || filedb_find(db_skip, toadd)) { |
145 | if (dir) | 145 | if (dir) |
146 | free(dir); | 146 | free(dir); |
147 | continue; | 147 | continue; |
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c index 96a83954d..0c1b57384 100644 --- a/src/fbuilder/build_profile.c +++ b/src/fbuilder/build_profile.c | |||
@@ -150,12 +150,12 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
150 | 150 | ||
151 | fprintf(fp, "### basic blacklisting\n"); | 151 | fprintf(fp, "### basic blacklisting\n"); |
152 | fprintf(fp, "include disable-common.inc\n"); | 152 | fprintf(fp, "include disable-common.inc\n"); |
153 | fprintf(fp, "# include disable-devel.inc\n"); | 153 | fprintf(fp, "#include disable-devel.inc\n"); |
154 | fprintf(fp, "# include disable-exec.inc\n"); | 154 | fprintf(fp, "#include disable-exec.inc\n"); |
155 | fprintf(fp, "# include disable-interpreters.inc\n"); | 155 | fprintf(fp, "#include disable-interpreters.inc\n"); |
156 | fprintf(fp, "include disable-passwdmgr.inc\n"); | 156 | fprintf(fp, "include disable-passwdmgr.inc\n"); |
157 | fprintf(fp, "# include disable-programs.inc\n"); | 157 | fprintf(fp, "#include disable-programs.inc\n"); |
158 | fprintf(fp, "# include disable-xdg.inc\n"); | 158 | fprintf(fp, "#include disable-xdg.inc\n"); |
159 | fprintf(fp, "\n"); | 159 | fprintf(fp, "\n"); |
160 | 160 | ||
161 | fprintf(fp, "### home directory whitelisting\n"); | 161 | fprintf(fp, "### home directory whitelisting\n"); |
@@ -163,18 +163,17 @@ void build_profile(int argc, char **argv, int index, FILE *fp) { | |||
163 | fprintf(fp, "\n"); | 163 | fprintf(fp, "\n"); |
164 | 164 | ||
165 | fprintf(fp, "### filesystem\n"); | 165 | fprintf(fp, "### filesystem\n"); |
166 | fprintf(fp, "# /usr/share:\n"); | 166 | fprintf(fp, "### /usr/share:\n"); |
167 | build_share(trace_output, fp); | 167 | build_share(trace_output, fp); |
168 | fprintf(fp, "# /var:\n"); | 168 | fprintf(fp, "### /var:\n"); |
169 | build_var(trace_output, fp); | 169 | build_var(trace_output, fp); |
170 | fprintf(fp, "\n"); | 170 | fprintf(fp, "### /bin:\n"); |
171 | fprintf(fp, "# $PATH:\n"); | ||
172 | build_bin(trace_output, fp); | 171 | build_bin(trace_output, fp); |
173 | fprintf(fp, "# /dev:\n"); | 172 | fprintf(fp, "### /dev:\n"); |
174 | build_dev(trace_output, fp); | 173 | build_dev(trace_output, fp); |
175 | fprintf(fp, "# /etc:\n"); | 174 | fprintf(fp, "### /etc:\n"); |
176 | build_etc(trace_output, fp); | 175 | build_etc(trace_output, fp); |
177 | fprintf(fp, "# /tmp:\n"); | 176 | fprintf(fp, "### /tmp:\n"); |
178 | build_tmp(trace_output, fp); | 177 | build_tmp(trace_output, fp); |
179 | fprintf(fp, "\n"); | 178 | fprintf(fp, "\n"); |
180 | 179 | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index be50d5f44..35954cfb8 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -74,6 +74,7 @@ autokey-run | |||
74 | autokey-shell | 74 | autokey-shell |
75 | avidemux3_qt5 | 75 | avidemux3_qt5 |
76 | aweather | 76 | aweather |
77 | ballbuster | ||
77 | baloo_file | 78 | baloo_file |
78 | baloo_filemetadata_temp_extractor | 79 | baloo_filemetadata_temp_extractor |
79 | balsa | 80 | balsa |
@@ -147,6 +148,7 @@ cmus | |||
147 | code | 148 | code |
148 | code-oss | 149 | code-oss |
149 | cola | 150 | cola |
151 | colorful | ||
150 | com.github.bleakgrey.tootle | 152 | com.github.bleakgrey.tootle |
151 | com.github.dahenson.agenda | 153 | com.github.dahenson.agenda |
152 | com.github.johnfactotum.Foliate | 154 | com.github.johnfactotum.Foliate |
@@ -236,6 +238,7 @@ ffplay | |||
236 | ffprobe | 238 | ffprobe |
237 | file-roller | 239 | file-roller |
238 | filezilla | 240 | filezilla |
241 | firedragon | ||
239 | firefox | 242 | firefox |
240 | firefox-beta | 243 | firefox-beta |
241 | firefox-developer-edition | 244 | firefox-developer-edition |
@@ -293,6 +296,8 @@ git-cola | |||
293 | github-desktop | 296 | github-desktop |
294 | gitter | 297 | gitter |
295 | # gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102 | 298 | # gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102 |
299 | gl-117 | ||
300 | glaxium | ||
296 | globaltime | 301 | globaltime |
297 | gmpc | 302 | gmpc |
298 | gnome-2048 | 303 | gnome-2048 |
@@ -615,6 +620,7 @@ penguin-command | |||
615 | photoflare | 620 | photoflare |
616 | picard | 621 | picard |
617 | pidgin | 622 | pidgin |
623 | pinball | ||
618 | #ping - disabled until we fix #1912 | 624 | #ping - disabled until we fix #1912 |
619 | pingus | 625 | pingus |
620 | pinta | 626 | pinta |
@@ -673,7 +679,6 @@ runenpass.sh | |||
673 | sayonara | 679 | sayonara |
674 | scallion | 680 | scallion |
675 | scorched3d | 681 | scorched3d |
676 | scorched3d-wrapper | ||
677 | scorchwentbonkers | 682 | scorchwentbonkers |
678 | scribus | 683 | scribus |
679 | sdat2img | 684 | sdat2img |
@@ -867,7 +872,6 @@ xmr-stak | |||
867 | xonotic | 872 | xonotic |
868 | xonotic-glx | 873 | xonotic-glx |
869 | xonotic-sdl | 874 | xonotic-sdl |
870 | xonotic-sdl-wrapper | ||
871 | xournal | 875 | xournal |
872 | xournalpp | 876 | xournalpp |
873 | xpdf | 877 | xpdf |