aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/fbuilder/build_bin.c2
-rw-r--r--src/fbuilder/build_fs.c12
-rw-r--r--src/fbuilder/build_home.c2
-rw-r--r--src/fbuilder/build_profile.c23
-rw-r--r--src/firecfg/firecfg.config8
5 files changed, 26 insertions, 21 deletions
diff --git a/src/fbuilder/build_bin.c b/src/fbuilder/build_bin.c
index 96bd351f3..431aebee6 100644
--- a/src/fbuilder/build_bin.c
+++ b/src/fbuilder/build_bin.c
@@ -121,6 +121,6 @@ void build_bin(const char *fname, FILE *fp) {
121 ptr = ptr->next; 121 ptr = ptr->next;
122 } 122 }
123 fprintf(fp, "\n"); 123 fprintf(fp, "\n");
124 fprintf(fp, "# private-lib\n"); 124 fprintf(fp, "#private-lib\n");
125 } 125 }
126} 126}
diff --git a/src/fbuilder/build_fs.c b/src/fbuilder/build_fs.c
index 495f71ab8..ac0cd455a 100644
--- a/src/fbuilder/build_fs.c
+++ b/src/fbuilder/build_fs.c
@@ -220,6 +220,10 @@ static void tmp_callback(char *ptr) {
220 // skip strace file 220 // skip strace file
221 if (strncmp(ptr, "/tmp/firejail-strace", 20) == 0) 221 if (strncmp(ptr, "/tmp/firejail-strace", 20) == 0)
222 return; 222 return;
223 if (strncmp(ptr, "/tmp/runtime-", 13) == 0)
224 return;
225 if (strcmp(ptr, "/tmp") == 0)
226 return;
223 227
224 tmp_out = filedb_add(tmp_out, ptr); 228 tmp_out = filedb_add(tmp_out, ptr);
225} 229}
@@ -232,8 +236,7 @@ void build_tmp(const char *fname, FILE *fp) {
232 if (tmp_out == NULL) 236 if (tmp_out == NULL)
233 fprintf(fp, "private-tmp\n"); 237 fprintf(fp, "private-tmp\n");
234 else { 238 else {
235 fprintf(fp, "\n"); 239 fprintf(fp, "#private-tmp\n");
236 fprintf(fp, "# private-tmp\n");
237 fprintf(fp, "# File accessed in /tmp directory:\n"); 240 fprintf(fp, "# File accessed in /tmp directory:\n");
238 fprintf(fp, "# "); 241 fprintf(fp, "# ");
239 FileDB *ptr = tmp_out; 242 FileDB *ptr = tmp_out;
@@ -310,9 +313,8 @@ void build_dev(const char *fname, FILE *fp) {
310 if (dev_out == NULL) 313 if (dev_out == NULL)
311 fprintf(fp, "private-dev\n"); 314 fprintf(fp, "private-dev\n");
312 else { 315 else {
313 fprintf(fp, "\n"); 316 fprintf(fp, "#private-dev\n");
314 fprintf(fp, "# private-dev\n"); 317 fprintf(fp, "# This is the list of devices accessed on top of regular private-dev devices:\n");
315 fprintf(fp, "# This is the list of devices accessed (on top of regular private-dev devices:\n");
316 fprintf(fp, "# "); 318 fprintf(fp, "# ");
317 FileDB *ptr = dev_out; 319 FileDB *ptr = dev_out;
318 while (ptr) { 320 while (ptr) {
diff --git a/src/fbuilder/build_home.c b/src/fbuilder/build_home.c
index 683009b71..d7706282a 100644
--- a/src/fbuilder/build_home.c
+++ b/src/fbuilder/build_home.c
@@ -141,7 +141,7 @@ void process_home(const char *fname, char *home, int home_len) {
141 } 141 }
142 142
143 // skip files and directories in whitelist-common.inc 143 // skip files and directories in whitelist-common.inc
144 if (filedb_find(db_skip, toadd)) { 144 if (strlen(toadd) == 0 || filedb_find(db_skip, toadd)) {
145 if (dir) 145 if (dir)
146 free(dir); 146 free(dir);
147 continue; 147 continue;
diff --git a/src/fbuilder/build_profile.c b/src/fbuilder/build_profile.c
index 96a83954d..0c1b57384 100644
--- a/src/fbuilder/build_profile.c
+++ b/src/fbuilder/build_profile.c
@@ -150,12 +150,12 @@ void build_profile(int argc, char **argv, int index, FILE *fp) {
150 150
151 fprintf(fp, "### basic blacklisting\n"); 151 fprintf(fp, "### basic blacklisting\n");
152 fprintf(fp, "include disable-common.inc\n"); 152 fprintf(fp, "include disable-common.inc\n");
153 fprintf(fp, "# include disable-devel.inc\n"); 153 fprintf(fp, "#include disable-devel.inc\n");
154 fprintf(fp, "# include disable-exec.inc\n"); 154 fprintf(fp, "#include disable-exec.inc\n");
155 fprintf(fp, "# include disable-interpreters.inc\n"); 155 fprintf(fp, "#include disable-interpreters.inc\n");
156 fprintf(fp, "include disable-passwdmgr.inc\n"); 156 fprintf(fp, "include disable-passwdmgr.inc\n");
157 fprintf(fp, "# include disable-programs.inc\n"); 157 fprintf(fp, "#include disable-programs.inc\n");
158 fprintf(fp, "# include disable-xdg.inc\n"); 158 fprintf(fp, "#include disable-xdg.inc\n");
159 fprintf(fp, "\n"); 159 fprintf(fp, "\n");
160 160
161 fprintf(fp, "### home directory whitelisting\n"); 161 fprintf(fp, "### home directory whitelisting\n");
@@ -163,18 +163,17 @@ void build_profile(int argc, char **argv, int index, FILE *fp) {
163 fprintf(fp, "\n"); 163 fprintf(fp, "\n");
164 164
165 fprintf(fp, "### filesystem\n"); 165 fprintf(fp, "### filesystem\n");
166 fprintf(fp, "# /usr/share:\n"); 166 fprintf(fp, "### /usr/share:\n");
167 build_share(trace_output, fp); 167 build_share(trace_output, fp);
168 fprintf(fp, "# /var:\n"); 168 fprintf(fp, "### /var:\n");
169 build_var(trace_output, fp); 169 build_var(trace_output, fp);
170 fprintf(fp, "\n"); 170 fprintf(fp, "### /bin:\n");
171 fprintf(fp, "# $PATH:\n");
172 build_bin(trace_output, fp); 171 build_bin(trace_output, fp);
173 fprintf(fp, "# /dev:\n"); 172 fprintf(fp, "### /dev:\n");
174 build_dev(trace_output, fp); 173 build_dev(trace_output, fp);
175 fprintf(fp, "# /etc:\n"); 174 fprintf(fp, "### /etc:\n");
176 build_etc(trace_output, fp); 175 build_etc(trace_output, fp);
177 fprintf(fp, "# /tmp:\n"); 176 fprintf(fp, "### /tmp:\n");
178 build_tmp(trace_output, fp); 177 build_tmp(trace_output, fp);
179 fprintf(fp, "\n"); 178 fprintf(fp, "\n");
180 179
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index be50d5f44..35954cfb8 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -74,6 +74,7 @@ autokey-run
74autokey-shell 74autokey-shell
75avidemux3_qt5 75avidemux3_qt5
76aweather 76aweather
77ballbuster
77baloo_file 78baloo_file
78baloo_filemetadata_temp_extractor 79baloo_filemetadata_temp_extractor
79balsa 80balsa
@@ -147,6 +148,7 @@ cmus
147code 148code
148code-oss 149code-oss
149cola 150cola
151colorful
150com.github.bleakgrey.tootle 152com.github.bleakgrey.tootle
151com.github.dahenson.agenda 153com.github.dahenson.agenda
152com.github.johnfactotum.Foliate 154com.github.johnfactotum.Foliate
@@ -236,6 +238,7 @@ ffplay
236ffprobe 238ffprobe
237file-roller 239file-roller
238filezilla 240filezilla
241firedragon
239firefox 242firefox
240firefox-beta 243firefox-beta
241firefox-developer-edition 244firefox-developer-edition
@@ -293,6 +296,8 @@ git-cola
293github-desktop 296github-desktop
294gitter 297gitter
295# gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102 298# gjs -- https://github.com/netblue30/firejail/issues/3333#issuecomment-612601102
299gl-117
300glaxium
296globaltime 301globaltime
297gmpc 302gmpc
298gnome-2048 303gnome-2048
@@ -615,6 +620,7 @@ penguin-command
615photoflare 620photoflare
616picard 621picard
617pidgin 622pidgin
623pinball
618#ping - disabled until we fix #1912 624#ping - disabled until we fix #1912
619pingus 625pingus
620pinta 626pinta
@@ -673,7 +679,6 @@ runenpass.sh
673sayonara 679sayonara
674scallion 680scallion
675scorched3d 681scorched3d
676scorched3d-wrapper
677scorchwentbonkers 682scorchwentbonkers
678scribus 683scribus
679sdat2img 684sdat2img
@@ -867,7 +872,6 @@ xmr-stak
867xonotic 872xonotic
868xonotic-glx 873xonotic-glx
869xonotic-sdl 874xonotic-sdl
870xonotic-sdl-wrapper
871xournal 875xournal
872xournalpp 876xournalpp
873xpdf 877xpdf
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 19:36:29 +0000