From b286a6bc3a13161038dc918660722628057d28d7 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Tue, 14 Feb 2017 11:38:19 -0500
Subject: merge #1100 from zackw: removed libconnect

---
 .gitignore                  |  1 +
 Makefile.in                 |  4 +--
 README                      |  2 ++
 configure                   |  3 +--
 configure.ac                |  2 +-
 etc/firejail.config         |  2 +-
 platform/rpm/old-mkrpm.sh   |  2 --
 src/firejail/fs_trace.c     |  3 ---
 src/firejail/sandbox.c      |  8 +++---
 src/libconnect/Makefile.in  | 25 -----------------
 src/libconnect/libconnect.c | 66 ---------------------------------------------
 11 files changed, 11 insertions(+), 107 deletions(-)
 delete mode 100644 src/libconnect/Makefile.in
 delete mode 100644 src/libconnect/libconnect.c

diff --git a/.gitignore b/.gitignore
index 89bf3c4fa..1b2c7fc7b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@
 *.gcda
 *.gcno
 Makefile
+autom4te.cache/
 config.log
 config.status
 firejail-login.5
diff --git a/Makefile.in b/Makefile.in
index 7152019d4..7ed27c89d 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,6 +1,6 @@
 all: apps man filters
 MYLIBS = src/lib
-APPS = src/firejail src/firemon src/firecfg src/libtrace src/libtracelog src/ftee src/faudit src/libconnect src/fnet src/fseccomp src/fcopy
+APPS = src/firejail src/firemon src/firecfg src/libtrace src/libtracelog src/ftee src/faudit src/fnet src/fseccomp src/fcopy
 MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5
 SECCOMP_FILTERS = seccomp seccomp.i386 seccomp.amd64
 
@@ -79,7 +79,6 @@ realinstall:
 	install -m 0755 -d $(DESTDIR)/$(libdir)/firejail
 	install -c -m 0644 src/libtrace/libtrace.so $(DESTDIR)/$(libdir)/firejail/.
 	install -c -m 0644 src/libtracelog/libtracelog.so $(DESTDIR)/$(libdir)/firejail/.
-	install -c -m 0644 src/libconnect/libconnect.so $(DESTDIR)/$(libdir)/firejail/.
 	install -c -m 0755 src/ftee/ftee $(DESTDIR)/$(libdir)/firejail/.
 	install -c -m 0755 src/fshaper/fshaper.sh $(DESTDIR)/$(libdir)/firejail/.
 	install -c -m 0755 src/fgit/fgit-install.sh $(DESTDIR)/$(libdir)/firejail/.
@@ -142,7 +141,6 @@ install-strip: all
 	strip src/firecfg/firecfg
 	strip src/libtrace/libtrace.so
 	strip src/libtracelog/libtracelog.so
-	strip src/libconnect/libconnect.so
 	strip src/ftee/ftee
 	strip src/faudit/faudit
 	strip src/fnet/fnet
diff --git a/README b/README
index 66e196e97..617ec3ec8 100644
--- a/README
+++ b/README
@@ -101,6 +101,8 @@ valoq (https://github.com/valoq)
 	- added wget profile
 	- disable gnupg and systemd directories under /run/user
 	- added iridium browser profile
+Zack Weinberg (https://github.com/zackw)
+	- removed libconnect
 Igor Bukanov (https://github.com/ibukanov)
 	- found/fiixed privilege escalation in --hosts-file option
 Cat (https://github.com/ecat3)
diff --git a/configure b/configure
index 74f47a7c4..4ff257b66 100755
--- a/configure
+++ b/configure
@@ -3793,7 +3793,7 @@ if test "$prefix" = /usr; then
 	sysconfdir="/etc"
 fi
 
-ac_config_files="$ac_config_files Makefile src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/ftee/Makefile src/faudit/Makefile src/libconnect/Makefile src/fseccomp/Makefile"
+ac_config_files="$ac_config_files Makefile src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -4513,7 +4513,6 @@ do
     "src/firecfg/Makefile") CONFIG_FILES="$CONFIG_FILES src/firecfg/Makefile" ;;
     "src/ftee/Makefile") CONFIG_FILES="$CONFIG_FILES src/ftee/Makefile" ;;
     "src/faudit/Makefile") CONFIG_FILES="$CONFIG_FILES src/faudit/Makefile" ;;
-    "src/libconnect/Makefile") CONFIG_FILES="$CONFIG_FILES src/libconnect/Makefile" ;;
     "src/fseccomp/Makefile") CONFIG_FILES="$CONFIG_FILES src/fseccomp/Makefile" ;;
 
   *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
diff --git a/configure.ac b/configure.ac
index 6a6c40b40..c04bfed89 100644
--- a/configure.ac
+++ b/configure.ac
@@ -168,7 +168,7 @@ fi
 
 AC_OUTPUT(Makefile src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile \
 src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile \
-src/ftee/Makefile src/faudit/Makefile src/libconnect/Makefile src/fseccomp/Makefile)
+src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile)
 
 echo
 echo "Configuration options:"
diff --git a/etc/firejail.config b/etc/firejail.config
index 5498b2112..766802a7d 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -85,6 +85,6 @@
 # Firejail window title in Xephyr, default enabled.
 # xephyr-window-title yes
 
-# Xephyr command extra parameters. None by default, and the declaration is commented out.
+# Xephyr command extra parameters. None by default; these are examples.
 # xephyr-extra-params -keybd ephyr,,,xkbmodel=evdev
 # xephyr-extra-params -grayscale
diff --git a/platform/rpm/old-mkrpm.sh b/platform/rpm/old-mkrpm.sh
index 017d5e1c3..6c8a4c240 100755
--- a/platform/rpm/old-mkrpm.sh
+++ b/platform/rpm/old-mkrpm.sh
@@ -24,7 +24,6 @@ install -m 755 /usr/lib/firejail/fshaper.sh  firejail-$VERSION/usr/lib/firejail/
 install -m 755 /usr/lib/firejail/ftee  firejail-$VERSION/usr/lib/firejail/.
 install -m 644 /usr/lib/firejail/libtrace.so  firejail-$VERSION/usr/lib/firejail/.
 install -m 644 /usr/lib/firejail/libtracelog.so  firejail-$VERSION/usr/lib/firejail/.
-install -m 644 /usr/lib/firejail/libconnect.so  firejail-$VERSION/usr/lib/firejail/.
 
 mkdir -p firejail-$VERSION/usr/share/man/man1
 install -m 644 /usr/share/man/man1/firejail.1.gz firejail-$VERSION/usr/share/man/man1/.
@@ -436,7 +435,6 @@ rm -rf %{buildroot}
 
 /usr/lib/firejail/libtrace.so
 /usr/lib/firejail/libtracelog.so
-/usr/lib/firejail/libconnect.so
 /usr/lib/firejail/faudit
 /usr/lib/firejail/ftee
 /usr/lib/firejail/firecfg.config
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c
index 9e1dd546e..2a58d1eb2 100644
--- a/src/firejail/fs_trace.c
+++ b/src/firejail/fs_trace.c
@@ -60,9 +60,6 @@ void fs_trace(void) {
 			printf("Blacklist violations are logged to syslog\n");
 	}	
 
-	if (mask_x11_abstract_socket)
-		fprintf(fp, "%s/firejail/libconnect.so\n", LIBDIR);
-
 	SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH);
 	fclose(fp);
 	
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 3fddc654b..1af9e7286 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -585,7 +585,7 @@ int sandbox(void* sandbox_arg) {
 #endif	
 
 	// trace pre-install
-	if (arg_trace || arg_tracelog || mask_x11_abstract_socket)
+	if (arg_trace || arg_tracelog)
 		fs_trace_preload();
 
 	// store hosts file
@@ -622,7 +622,7 @@ int sandbox(void* sandbox_arg) {
 		//****************************
 		// trace pre-install, this time inside chroot
 		//****************************
-		if (arg_trace || arg_tracelog || mask_x11_abstract_socket)
+		if (arg_trace || arg_tracelog)
 			fs_trace_preload();
 	}
 	else 
@@ -685,7 +685,7 @@ int sandbox(void* sandbox_arg) {
 		else {
 			fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep);
 			// create /etc/ld.so.preload file again
-			if (arg_trace || arg_tracelog || mask_x11_abstract_socket)
+			if (arg_trace || arg_tracelog)
 				fs_trace_preload();
 		}
 	}
@@ -781,7 +781,7 @@ int sandbox(void* sandbox_arg) {
 	//****************************
 	// install trace
 	//****************************
-	if (arg_trace || arg_tracelog || mask_x11_abstract_socket)
+	if (arg_trace || arg_tracelog)
 		fs_trace();
 		
 	//****************************
diff --git a/src/libconnect/Makefile.in b/src/libconnect/Makefile.in
deleted file mode 100644
index 5b7a8d0f1..000000000
--- a/src/libconnect/Makefile.in
+++ /dev/null
@@ -1,25 +0,0 @@
-PREFIX=@prefix@
-VERSION=@PACKAGE_VERSION@
-NAME=@PACKAGE_NAME@
-HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
-
-H_FILE_LIST       = $(sort $(wildcard *.[h]))
-C_FILE_LIST       = $(sort $(wildcard *.c))
-OBJS = $(C_FILE_LIST:.c=.o)
-BINOBJS =  $(foreach file, $(OBJS), $file)
-CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security
-LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now 
-
-all: libconnect.so
-
-%.o : %.c $(H_FILE_LIST)
-	$(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@
-
-libconnect.so: $(OBJS)
-	$(CC) $(LDFLAGS) -shared -fPIC -z relro -o $@ $(OBJS) -ldl
-
-
-clean:; rm -f $(OBJS) libconnect.so
-
-distclean: clean
-	rm -fr Makefile
diff --git a/src/libconnect/libconnect.c b/src/libconnect/libconnect.c
deleted file mode 100644
index d79dcc4cb..000000000
--- a/src/libconnect/libconnect.c
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright (C) 2014-2017 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <dlfcn.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <sys/un.h>
-#include <sys/stat.h>
-#include <dirent.h>
-#include <errno.h>
-
-//#define DEBUG
-
-//static int check_sockaddr(int sockfd, const char *call, const struct sockaddr *addr, int rv) {
-static int check_sockaddr(const struct sockaddr *addr) {
-	if (addr->sa_family == AF_UNIX) {
-		struct sockaddr_un *a = (struct sockaddr_un *) addr;
-		if (a->sun_path[0] == '\0' && strstr(a->sun_path + 1, "X11-unix")) {
-//			printf("@%s\n", a->sun_path + 1);
-			errno = ENOENT;
-			return -1;
-		}
-	}
-	
-	return 0;
-}
-
-//
-// syscalls
-//
-
-// connect
-typedef int (*orig_connect_t)(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
-static orig_connect_t orig_connect = NULL;
-int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) {
-	if (!orig_connect)
-		orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect");
-			
-	if (check_sockaddr(addr) == -1)
-		return -1;
-		
- 	return orig_connect(sockfd, addr, addrlen);
-}
-- 
cgit v1.2.3-70-g09d2