From 2993298aaa7b6e70dd1bfc1b698db77390f397fd Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Thu, 29 Jun 2023 18:22:10 -0300
Subject: firecfg: parse config files in /etc/firejail/firecfg.d

As suggested by @WhyNotHugo[1].

[1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459
---
 Makefile              |  1 +
 src/firecfg/firecfg.h |  4 ++++
 src/firecfg/main.c    | 30 +++++++++++++++++++++++++++++-
 3 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 3055e226a..c25e9f501 100644
--- a/Makefile
+++ b/Makefile
@@ -228,6 +228,7 @@ endif
 	install -m 0644 -t $(DESTDIR)$(docdir) COPYING README RELNOTES etc/templates/*
 	# profiles and settings
 	install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail
+	install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail/firecfg.d
 	install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config
 	install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h
index 6e17c20cf..11e3ebc67 100644
--- a/src/firecfg/firecfg.h
+++ b/src/firecfg/firecfg.h
@@ -37,7 +37,11 @@
 #include "../include/common.h"
 #define MAX_BUF 4096
 
+// config files
 #define FIRECFG_CFGFILE SYSCONFDIR "/firecfg.config"
+#define FIRECFG_CONF_GLOB SYSCONFDIR "/firecfg.d/*.conf"
+
+// programs
 #define FIREJAIL_EXEC PREFIX "/bin/firejail"
 #define FIREJAIL_WELCOME_SH LIBDIR "/firejail/firejail-welcome.sh"
 #define FZENITY_EXEC        LIBDIR "/firejail/fzenity"
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index 0d995a6dd..35fa850f1 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -20,6 +20,8 @@
 
 #include "firecfg.h"
 #include "../include/firejail_user.h"
+#include <glob.h>
+
 int arg_debug = 0;
 char *arg_bindir = "/usr/local/bin";
 int arg_guide = 0;
@@ -209,6 +211,29 @@ static void set_links_firecfg(const char *cfgfile) {
 	}
 
 	fclose(fp);
+	printf("\n");
+}
+
+// parse all config files matching pattern
+static void set_links_firecfg_glob(const char *pattern) {
+	printf("Looking for config files in %s\n", pattern);
+
+	glob_t globbuf;
+	int globerr = glob(pattern, 0, NULL, &globbuf);
+	if (globerr == GLOB_NOMATCH) {
+		fprintf(stderr, "No matches for glob pattern %s\n", pattern);
+		goto out;
+	} else if (globerr != 0) {
+		fprintf(stderr, "Warning: Failed to match glob pattern %s: %s\n",
+		        pattern, strerror(errno));
+		goto out;
+	}
+
+	size_t i;
+	for (i = 0; i < globbuf.gl_pathc; i++)
+		set_links_firecfg(globbuf.gl_pathv[i]);
+out:
+	globfree(&globbuf);
 }
 
 // parse ~/.config/firejail/ directory
@@ -450,12 +475,15 @@ int main(int argc, char **argv) {
 	// clear all symlinks
 	clean();
 
+	// set new symlinks based on .conf files
+	set_links_firecfg_glob(FIRECFG_CONF_GLOB);
+
 	// set new symlinks based on firecfg.config
 	set_links_firecfg(FIRECFG_CFGFILE);
 
 	if (getuid() == 0) {
 		// add user to firejail access database - only for root
-		printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
+		printf("Adding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
 		// temporarily set the umask, access database must be world-readable
 		mode_t orig_umask = umask(022);
 		firejail_user_add(user);
-- 
cgit v1.2.3-70-g09d2