From 96c920e166b40bbe50f216e294f2efac154a1cb2 Mon Sep 17 00:00:00 2001 From: Fred Barclay Date: Wed, 24 May 2017 14:13:52 -0500 Subject: Remove trailing whitespace from src/ --- src/fseccomp/Makefile.in | 1 - src/fseccomp/errno.c | 2 +- src/fseccomp/main.c | 8 ++++---- src/fseccomp/protocol.c | 14 +++++++------- src/fseccomp/seccomp.c | 13 ++++++------- src/fseccomp/seccomp_file.c | 7 +++---- src/fseccomp/seccomp_print.c | 10 +++++----- src/fseccomp/seccomp_secondary.c | 13 ++++++------- src/fseccomp/syscall.c | 10 +++++----- 9 files changed, 37 insertions(+), 41 deletions(-) (limited to 'src/fseccomp') diff --git a/src/fseccomp/Makefile.in b/src/fseccomp/Makefile.in index 04c46f128..13025fbca 100644 --- a/src/fseccomp/Makefile.in +++ b/src/fseccomp/Makefile.in @@ -42,4 +42,3 @@ clean:; rm -f *.o fseccomp *.gcov *.gcda *.gcno distclean: clean rm -fr Makefile - diff --git a/src/fseccomp/errno.c b/src/fseccomp/errno.c index 3e92a1f9d..e5cd4e226 100644 --- a/src/fseccomp/errno.c +++ b/src/fseccomp/errno.c @@ -167,7 +167,7 @@ static ErrnoEntry errnolist[] = { {"ENOTSUP", ENOTSUP}, #ifdef ENOATTR {"ENOATTR", ENOATTR}, -#endif +#endif }; int errno_find_name(const char *name) { diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index 7e0239a5f..e322b5bbb 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c @@ -46,7 +46,7 @@ int i; for (i = 0; i < argc; i++) printf("*%s* ", argv[i]); printf("\n"); -} +} #endif if (argc < 2) { usage(); @@ -56,7 +56,7 @@ printf("\n"); char *quiet = getenv("FIREJAIL_QUIET"); if (quiet && strcmp(quiet, "yes") == 0) arg_quiet = 1; - + if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) { usage(); return 0; @@ -71,7 +71,7 @@ printf("\n"); protocol_build_filter(argv[3], argv[4]); else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "64") == 0) seccomp_secondary_64(argv[3]); - else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "32") == 0) + else if (argc == 4 && strcmp(argv[1], "secondary") == 0 && strcmp(argv[2], "32") == 0) seccomp_secondary_32(argv[3]); else if (argc == 3 && strcmp(argv[1], "default") == 0) seccomp_default(argv[2], 0); @@ -95,4 +95,4 @@ printf("\n"); } return 0; -} \ No newline at end of file +} diff --git a/src/fseccomp/protocol.c b/src/fseccomp/protocol.c index 4a0fadb3c..43bc3d562 100644 --- a/src/fseccomp/protocol.c +++ b/src/fseccomp/protocol.c @@ -87,7 +87,7 @@ static struct sock_filter *find_protocol_domain(const char *p) { } return NULL; -} +} #endif void protocol_print(void) { @@ -119,7 +119,7 @@ void protocol_build_filter(const char *prlist, const char *fname) { struct sock_filter filter[32]; // big enough memset(&filter[0], 0, sizeof(filter)); uint8_t *ptr = (uint8_t *) &filter[0]; - + // header struct sock_filter filter_start[] = { VALIDATE_ARCHITECTURE, @@ -153,7 +153,7 @@ printf("whitelist_len %u, struct sock_filter len %u\n", whitelist_len, (unsigned char *token = strtok(tmplist, ","); if (!token) errExit("strtok"); - + while (token) { struct sock_filter *domain = find_protocol_domain(token); if (domain == NULL) { @@ -179,7 +179,7 @@ printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns #endif - } + } free(tmplist); // add end of filter @@ -201,14 +201,14 @@ printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns } printf("\n"); } -#endif +#endif // save filter to file int dst = open(fname, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (dst < 0) { fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname); exit(1); } - + int size = (int) ((uintptr_t) ptr - (uintptr_t) (filter)); int written = 0; while (written < size) { @@ -220,5 +220,5 @@ printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns written += rv; } close(dst); -#endif // SYS_socket +#endif // SYS_socket } diff --git a/src/fseccomp/seccomp.c b/src/fseccomp/seccomp.c index 25a151a78..c12edfd90 100644 --- a/src/fseccomp/seccomp.c +++ b/src/fseccomp/seccomp.c @@ -257,7 +257,7 @@ void seccomp_default(const char *fname, int allow_debuggers) { filter_init(fd); add_default_list(fd, allow_debuggers); filter_end_blacklist(fd); - + // close file close(fd); } @@ -281,7 +281,7 @@ void seccomp_drop(const char *fname, char *list, int allow_debuggers) { exit(1); } filter_end_blacklist(fd); - + // close file close(fd); } @@ -305,7 +305,7 @@ void seccomp_default_drop(const char *fname, char *list, int allow_debuggers) { exit(1); } filter_end_blacklist(fd); - + // close file close(fd); } @@ -326,15 +326,14 @@ void seccomp_keep(const char *fname, char *list) { filter_add_whitelist(fd, SYS_setgroups, 0); filter_add_whitelist(fd, SYS_dup, 0); filter_add_whitelist(fd, SYS_prctl, 0); - + if (syscall_check_list(list, filter_add_whitelist, fd, 0)) { fprintf(stderr, "Error fseccomp: cannot build seccomp filter\n"); exit(1); } - + filter_end_whitelist(fd); - + // close file close(fd); } - diff --git a/src/fseccomp/seccomp_file.c b/src/fseccomp/seccomp_file.c index d706b3359..c1e8d406f 100644 --- a/src/fseccomp/seccomp_file.c +++ b/src/fseccomp/seccomp_file.c @@ -24,7 +24,7 @@ static void write_to_file(int fd, void *data, int size) { assert(data); assert(size); - + int written = 0; while (written < size) { int rv = write(fd, (unsigned char *) data + written, size - written); @@ -69,7 +69,7 @@ void filter_init(int fd) { void filter_add_whitelist(int fd, int syscall, int arg) { (void) arg; - + struct sock_filter filter[] = { WHITELIST(syscall) }; @@ -78,7 +78,7 @@ void filter_add_whitelist(int fd, int syscall, int arg) { void filter_add_blacklist(int fd, int syscall, int arg) { (void) arg; - + struct sock_filter filter[] = { BLACKLIST(syscall) }; @@ -105,4 +105,3 @@ void filter_end_whitelist(int fd) { }; write_to_file(fd, filter, sizeof(filter)); } - diff --git a/src/fseccomp/seccomp_print.c b/src/fseccomp/seccomp_print.c index d18f2efa5..67555e554 100644 --- a/src/fseccomp/seccomp_print.c +++ b/src/fseccomp/seccomp_print.c @@ -26,7 +26,7 @@ static int filter_cnt = 0; static void load_seccomp(const char *fname) { assert(fname); - + // open filter file int fd = open(fname, O_RDONLY); if (fd == -1) @@ -40,7 +40,7 @@ static void load_seccomp(const char *fname) { goto errexit; unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); filter_cnt = entries; - + // read filter filter = malloc(size); if (filter == NULL) @@ -53,7 +53,7 @@ static void load_seccomp(const char *fname) { goto errexit; rd += rv; } - + // close file close(fd); return; @@ -67,7 +67,7 @@ errexit: void filter_print(const char *fname) { assert(fname); load_seccomp(fname); - + // start filter struct sock_filter start[] = { VALIDATE_ARCHITECTURE, @@ -86,7 +86,7 @@ void filter_print(const char *fname) { printf("Invalid seccomp filter %s\n", fname); return; } - + // loop trough blacklists int i = 4; while (i < filter_cnt) { diff --git a/src/fseccomp/seccomp_secondary.c b/src/fseccomp/seccomp_secondary.c index 79c85eb75..8270b7018 100644 --- a/src/fseccomp/seccomp_secondary.c +++ b/src/fseccomp/seccomp_secondary.c @@ -28,7 +28,7 @@ void seccomp_secondary_64(const char *fname) { EXAMINE_SYSCALL, BLACKLIST(165), // mount BLACKLIST(166), // umount2 -// todo: implement --allow-debuggers +// todo: implement --allow-debuggers BLACKLIST(101), // ptrace BLACKLIST(246), // kexec_load BLACKLIST(304), // open_by_handle_at @@ -77,7 +77,7 @@ void seccomp_secondary_64(const char *fname) { BLACKLIST(169), // reboot BLACKLIST(180), // nfsservctl BLACKLIST(177), // get_kernel_syms - + RETURN_ALLOW }; @@ -87,7 +87,7 @@ void seccomp_secondary_64(const char *fname) { fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname); exit(1); } - + int size = (int) sizeof(filter); int written = 0; while (written < size) { @@ -109,7 +109,7 @@ void seccomp_secondary_32(const char *fname) { EXAMINE_SYSCALL, BLACKLIST(21), // mount BLACKLIST(52), // umount2 -// todo: implement --allow-debuggers +// todo: implement --allow-debuggers BLACKLIST(26), // ptrace BLACKLIST(283), // kexec_load BLACKLIST(341), // name_to_handle_at @@ -157,7 +157,7 @@ void seccomp_secondary_32(const char *fname) { BLACKLIST(88), // reboot BLACKLIST(169), // nfsservctl BLACKLIST(130), // get_kernel_syms - + RETURN_ALLOW }; @@ -167,7 +167,7 @@ void seccomp_secondary_32(const char *fname) { fprintf(stderr, "Error fseccomp: cannot open %s file\n", fname); exit(1); } - + int size = (int) sizeof(filter); int written = 0; while (written < size) { @@ -180,4 +180,3 @@ void seccomp_secondary_32(const char *fname) { } close(dst); } - diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c index b86c1c489..0a86dade0 100644 --- a/src/fseccomp/syscall.c +++ b/src/fseccomp/syscall.c @@ -43,7 +43,7 @@ int syscall_find_name(const char *name) { if (strcmp(name, syslist[i].name) == 0) return syslist[i].nr; } - + return -1; } @@ -54,7 +54,7 @@ char *syscall_find_nr(int nr) { if (nr == syslist[i].nr) return syslist[i].name; } - + return "unknown"; } @@ -75,7 +75,7 @@ static void syscall_process_name(const char *name, int *syscall_nr, int *error_n if (strlen(name) == 0) goto error; *error_nr = -1; - + // syntax check char *str = strdup(name); if (!str) @@ -101,7 +101,7 @@ static void syscall_process_name(const char *name, int *syscall_nr, int *error_n free(str); return; - + error: fprintf(stderr, "Error fseccomp: invalid syscall list entry %s\n", name); exit(1); @@ -142,7 +142,7 @@ int syscall_check_list(const char *slist, void (*callback)(int fd, int syscall, } ptr = strtok(NULL, ","); } - + free(str); return 0; } -- cgit v1.2.3-54-g00ecf