From 6ca44b90841224e740d464ea1b8107cae6f63d31 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 25 Mar 2016 10:43:53 -0400 Subject: firecfg utility --- .gitignore | 3 +++ README.md | 46 +++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 67 ++++++++++++++++++++++++++++++++++++++++++++++ src/firecfg/main.c | 26 +++++++++++++----- src/firejail/main.c | 1 - src/man/firecfg.txt | 2 +- 6 files changed, 136 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index 408290b85..85e317827 100644 --- a/.gitignore +++ b/.gitignore @@ -8,9 +8,12 @@ config.log config.status firejail-login.5 firejail-profile.5 +firejail-config.5 firejail.1 firemon.1 +firecfg.1 src/firejail/firejail src/firemon/firemon +src/firecfg/firecfg src/ftee/ftee src/tags diff --git a/README.md b/README.md index 9b045d50c..0e9c280bd 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,52 @@ FILE TRANSFER $ firejail --get=mybrowser ~/Downloads/xpra-clipboard.png ````` +## FIrecfg +````` +NAME + Firecfg - Desktop configuration program for Firejail software. + +SYNOPSIS + firecfg [OPTIONS] + +DESCRIPTION + Firecfg is the desktop configuration utility for Firejail software. The + utility creates several symbolic links to firejail executable. This + allows the user to sandbox applications automatically, just by clicking + on a regular desktop menus and icons. + + The symbolic links are placed in /usr/local/bin. For more information, + see DESKTOP INTEGRATION section in man 1 firejail. + +OPTIONS + --clear + Clear all firejail symbolic links + + -?, --help + Print options end exit. + + --list List all firejail symbolic links + + --version + Print program version and exit. + + Example: + + $ sudo firecfg + /usr/local/bin/firefox created + /usr/local/bin/vlc created + [...] + $ firecfg --list + /usr/local/bin/firefox + /usr/local/bin/vlc + [...] + $ sudo firecfg --clear + /usr/local/bin/firefox removed + /usr/local/bin/vlc removed + [...] +````` + + ## Compile time and run time configuration support Most Linux kernel security features require root privileges during configuration. diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index fb996966f..13bcc5110 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -1,7 +1,74 @@ # /etc/firejail/firecfg.config - firecfg utility configuration file # This is the list of programs handled by firecfg utility # + +# browsers/email firefox iceweasel +chromium-browser +chromium +conkeror thunderbird +epiphany +flashpeak-slimjet +google-chrome-beta +google-chrome-stable +google-chrome-unstable +google-chrome +icecat +icedove +kmail +midori +opera-beta +opera +qutebrowser +seamonkey +seamonkey-bin +vivaldi-beta +vivaldi + +# bittorrent/ftp +deluge +filezilla +qbittorrent +rtorrent +tranmission-gtk +transmission-qt + +# office +cherrytree +evince +fbreader +localc +lodraw +loffice +lofromtemplate +loimpress +lomath +loweb +lowriter +Mathematica +mathematica + +# Media vlc +audacious +clementine +deadbeef +parole +rhythmbox +totem + +# chat/messaging +bitlbee +empathy +gnome-mplayer +hexchat +pidgin +qtox +quassel +xchat + +# games +hedgewars +wesnot diff --git a/src/firecfg/main.c b/src/firecfg/main.c index 7465f2d3e..0c6b278b5 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c @@ -30,7 +30,7 @@ static void usage(void) { printf("Firecfg is the desktop configuration utility for Firejail software. The utility\n"); printf("creates several symbolic links to firejail executable. This allows the user to\n"); printf("sandbox applications automatically, just by clicking on a regular desktop\n"); - printf("menues and icons.\n\n"); + printf("menus and icons.\n\n"); printf("The symbolic links are placed in /usr/local/bin. For more information, see\n"); printf("DESKTOP INTEGRATION section in man 1 firejail.\n\n"); printf("Usage: firecfg [OPTIONS]\n\n"); @@ -245,21 +245,33 @@ static void set(void) { lineno++; if (*buf == '#') // comments continue; + + // do not accept .. and/or / in file name + if (strstr(buf, "..") || strchr(buf, '/')) { + fprintf(stderr, "Error: invalid line %d in %s\n", lineno, cfgfile); + exit(1); + } // remove \n char *ptr = strchr(buf, '\n'); if (ptr) *ptr = '\0'; + + // trim spaces + ptr = buf; + while (*ptr == ' ' || *ptr == '\t') + ptr++; + char *start = ptr; - // do not accept .. and/or / in file name - if (strstr(buf, "..") || strchr(buf, '/')) { - fprintf(stderr, "Error: invalid line %d in %s\n", lineno, cfgfile); - exit(1); - } + // empty line + if (*start == '\0') + continue; - set_file(buf, firejail_exec); + // set link + set_file(start, firejail_exec); } + fclose(fp); free(cfgfile); free(firejail_exec); } diff --git a/src/firejail/main.c b/src/firejail/main.c index 612d9c667..1f8907e4c 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -2041,7 +2041,6 @@ int main(int argc, char **argv) { gid_t audiogid = get_audio_gid(); if (ttygid) { sprintf(ptr, "%d %d 1\n", audiogid, audiogid); - ptr += strlen(ptr); } EUID_ROOT(); diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index 7d95892a4..a97e5b76f 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt @@ -7,7 +7,7 @@ firecfg [OPTIONS] Firecfg is the desktop configuration utility for Firejail software. The utility creates several symbolic links to firejail executable. This allows the user to sandbox applications automatically, just by clicking on a regular desktop -menues and icons. +menus and icons. The symbolic links are placed in /usr/local/bin. For more information, see DESKTOP INTEGRATION section in man 1 firejail. -- cgit v1.2.3-54-g00ecf