From 02d37680c45cca9b5a8c05020cd3962b9425da80 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 25 Jan 2023 11:33:47 -0500 Subject: private-etc rework: file groups moved to src/include/etc_groups.h, new groups added --- src/firejail/Makefile | 4 ++- src/firejail/fs_etc.c | 72 +++++--------------------------------- src/include/etc_groups.h | 90 ++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 102 insertions(+), 64 deletions(-) create mode 100644 src/include/etc_groups.h diff --git a/src/firejail/Makefile b/src/firejail/Makefile index 4e241af7e..47edc5ac6 100644 --- a/src/firejail/Makefile +++ b/src/firejail/Makefile @@ -13,7 +13,9 @@ MOD_HDRS = \ ../include/seccomp.h \ ../include/syscall_i386.h \ ../include/syscall_x86_64.h \ -../include/firejail_user.h +../include/firejail_user.h \ +../include/etc_groups.h + MOD_OBJS = \ ../lib/common.o \ diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index bc7cd901c..ad5e8585d 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c @@ -25,67 +25,9 @@ #include #include #include +#include "../include/etc_groups.h" -#define ETC_MAX 256 static int etc_cnt = 0; -static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer - "alternatives", - "fonts", - "ld.so.cache", - "ld.so.conf", - "ld.so.conf.d", - "ld.so.preload", - "locale", - "locale.alias", - "locale.conf", - "locale.gen", - "localtime", - "nsswitch.conf", - "passwd", - NULL -}; - -static char*etc_group_network[] = { - "hostname", - "hosts", - "resolv.conf", - "protocols", - NULL -}; - -static char *etc_group_gnome[] = { - "xdg", - "drirc", - "dconf", - "gtk-2.0", - "gtk-3.0", - NULL -}; - -static char *etc_group_kde[] = { - "xdg", - "drirc", - "kde4rc", - "kde5rc", - NULL -}; - -static char *etc_group_sound[] = { - "alsa", - "asound.conf", - "machine-id", // required by PulseAudio - "pulse", - NULL -}; - -static char *etc_group_tls_ca[] = { - "ca-certificates", - "ca-certificates.conf", - "crypto-policies", - "pki", - "ssl", - NULL -}; static void etc_copy_group(char **pptr) { assert(pptr); @@ -137,10 +79,14 @@ char *fs_etc_build(char *str) { // look for standard groups if (strcmp(ptr, "TLS-CA") == 0) etc_copy_group(&etc_group_tls_ca[0]); - if (strcmp(ptr, "GNOME") == 0) - etc_copy_group(&etc_group_gnome[0]); - if (strcmp(ptr, "KDE") == 0) - etc_copy_group(&etc_group_kde[0]); + if (strcmp(ptr, "GUI") == 0) + etc_copy_group(&etc_group_gui[0]); + if (strcmp(ptr, "SOUND") == 0) + etc_copy_group(&etc_group_sound[0]); + if (strcmp(ptr, "NETWORK") == 0) + etc_copy_group(&etc_group_network[0]); + if (strcmp(ptr, "GAMES") == 0) + etc_copy_group(&etc_group_games[0]); else etc_add(ptr); ptr = strtok(NULL, ","); diff --git a/src/include/etc_groups.h b/src/include/etc_groups.h new file mode 100644 index 000000000..5242c9c3b --- /dev/null +++ b/src/include/etc_groups.h @@ -0,0 +1,90 @@ +/* + * Copyright (C) 2014-2022 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +#ifndef ETC_GROUPS_H +#define ETC_GROUPS_H + +#define ETC_MAX 256 + +// DEFAULT +static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer + "alternatives", + "fonts", + "ld.so.cache", + "ld.so.conf", + "ld.so.conf.d", + "ld.so.preload", + "locale", + "locale.alias", + "locale.conf", + "localtime", + "nsswitch.conf", + "passwd", + NULL +}; + +// SOUND +static char *etc_group_sound[] = { + "alsa", + "asound.conf", + "machine-id", // required by PulseAudio + "pulse", + NULL +}; + +// NETWORK +static char*etc_group_network[] = { + "hostname", + "hosts", + "resolv.conf", + "protocols", + NULL +}; + +// TLS-CA +static char *etc_group_tls_ca[] = { + "ca-certificates", + "crypto-policies", + "gcrypt", + "pki", + "ssl", + NULL +}; + +// GUI +static char *etc_group_gui[] = { + "xdg", + "drirc", + "dconf", + "gtk-2.0", + "gtk-3.0", + "kde4rc", + "kde5rc", + NULL +}; + +// GAMES +static char *etc_group_games[] = { + "timidity", // MIDI + "timidity.cfg", + "openal", // 3D sound +}; + +#endif -- cgit v1.2.3-54-g00ecf