From 0440911064611f9c414c13a6fe053da5018c36fa Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 14 Jul 2023 08:48:26 -0300 Subject: firecfg: rename get_user to get_sudo_user To make it match the function used in src/jailcheck/utils.c. --- src/firecfg/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/firecfg/main.c b/src/firecfg/main.c index da962c35d..ccb55457c 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c @@ -288,7 +288,7 @@ static void set_links_homedir(const char *homedir) { free(firejail_exec); } -static char *get_user(void) { +static char *get_sudo_user(void) { char *user = getenv("SUDO_USER"); if (!user) { user = getpwuid(getuid())->pw_name; @@ -326,7 +326,7 @@ int main(int argc, char **argv) { int bindir_set = 0; // user setup - char *user = get_user(); + char *user = get_sudo_user(); assert(user); uid_t uid; gid_t gid; -- cgit v1.2.3-54-g00ecf From 03a01071970a21b306b9916feb95c0993356d902 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 14 Jul 2023 09:06:57 -0300 Subject: firecfg: add const to a few functions/variables To make it clearer that they are not modified later. --- src/firecfg/desktop_files.c | 2 +- src/firecfg/firecfg.h | 2 +- src/firecfg/main.c | 13 ++++++------- 3 files changed, 8 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index 963e05ff3..7ac60f70c 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c @@ -108,7 +108,7 @@ static int have_profile(const char *filename, const char *homedir) { return rv; } -void fix_desktop_files(char *homedir) { +void fix_desktop_files(const char *homedir) { assert(homedir); struct stat sb; diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h index 825bf8d03..8f74a1198 100644 --- a/src/firecfg/firecfg.h +++ b/src/firecfg/firecfg.h @@ -49,6 +49,6 @@ int is_link(const char *fname); void sound(void); // desktop_files.c -void fix_desktop_files(char *homedir); +void fix_desktop_files(const char *homedir); #endif diff --git a/src/firecfg/main.c b/src/firecfg/main.c index ccb55457c..a6cae995e 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c @@ -288,8 +288,8 @@ static void set_links_homedir(const char *homedir) { free(firejail_exec); } -static char *get_sudo_user(void) { - char *user = getenv("SUDO_USER"); +static const char *get_sudo_user(void) { + const char *user = getenv("SUDO_USER"); if (!user) { user = getpwuid(getuid())->pw_name; if (!user) { @@ -301,13 +301,13 @@ static char *get_sudo_user(void) { return user; } -static char *get_homedir(const char *user, uid_t *uid, gid_t *gid) { +static const char *get_homedir(const char *user, uid_t *uid, gid_t *gid) { // find home directory struct passwd *pw = getpwnam(user); if (!pw) goto errexit; - char *home = pw->pw_dir; + const char *home = pw->pw_dir; if (!home) goto errexit; @@ -326,12 +326,11 @@ int main(int argc, char **argv) { int bindir_set = 0; // user setup - char *user = get_sudo_user(); + const char *user = get_sudo_user(); assert(user); uid_t uid; gid_t gid; - char *home = get_homedir(user, &uid, &gid); - + const char *home = get_homedir(user, &uid, &gid); // check for --bindir for (i = 1; i < argc; i++) { -- cgit v1.2.3-54-g00ecf From e7225b64469b6ada187764ee9f663ad1039f20b0 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 14 Jul 2023 04:23:58 -0300 Subject: feature: add doas support in firecfg and jailcheck Closes #5899. Suggested-by: @shaggonit --- src/firecfg/main.c | 5 ++++- src/jailcheck/main.c | 2 +- src/jailcheck/utils.c | 5 ++++- src/man/firecfg.1.in | 4 +++- src/man/jailcheck.1.in | 5 ++--- 5 files changed, 14 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/firecfg/main.c b/src/firecfg/main.c index a6cae995e..4ec81c5b3 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c @@ -289,7 +289,10 @@ static void set_links_homedir(const char *homedir) { } static const char *get_sudo_user(void) { - const char *user = getenv("SUDO_USER"); + const char *doas_user = getenv("DOAS_USER"); + const char *sudo_user = getenv("SUDO_USER"); + const char *user = doas_user ? doas_user : sudo_user; + if (!user) { user = getpwuid(getuid())->pw_name; if (!user) { diff --git a/src/jailcheck/main.c b/src/jailcheck/main.c index 93d334c7a..6cc5cf904 100644 --- a/src/jailcheck/main.c +++ b/src/jailcheck/main.c @@ -86,7 +86,7 @@ int main(int argc, char **argv) { // user setup if (getuid() != 0) { - fprintf(stderr, "Error: you need to be root (via sudo) to run this program\n"); + fprintf(stderr, "Error: you need to be root (via sudo or doas) to run this program\n"); exit(1); } user_name = get_sudo_user(); diff --git a/src/jailcheck/utils.c b/src/jailcheck/utils.c index 97fe8833b..930820604 100644 --- a/src/jailcheck/utils.c +++ b/src/jailcheck/utils.c @@ -26,7 +26,10 @@ #define BUFLEN 4096 char *get_sudo_user(void) { - char *user = getenv("SUDO_USER"); + char *doas_user = getenv("DOAS_USER"); + char *sudo_user = getenv("SUDO_USER"); + char *user = doas_user ? doas_user : sudo_user; + if (!user) { user = getpwuid(getuid())->pw_name; if (!user) { diff --git a/src/man/firecfg.1.in b/src/man/firecfg.1.in index 42add6a41..a85fbc5da 100644 --- a/src/man/firecfg.1.in +++ b/src/man/firecfg.1.in @@ -23,7 +23,9 @@ The integration covers: - programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE/LXQT, MATE and XFCE desktop managers are supported in this moment .RE - +.PP +Note: The examples use \fBsudo\fR, but \fBdoas\fR is also supported. +.PP To set it up, run "sudo firecfg" after installing Firejail software. The same command should also be run after installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin diff --git a/src/man/jailcheck.1.in b/src/man/jailcheck.1.in index e889ea91b..eea5987b7 100644 --- a/src/man/jailcheck.1.in +++ b/src/man/jailcheck.1.in @@ -24,9 +24,8 @@ them from inside the sandbox. \fB5. Seccomp test .TP \fB6. Networking test -.TP -The program is started as root using sudo. - +.PP +The program should be started using \fBsudo\fR or \fBdoas\fR. .SH OPTIONS .TP \fB\-\-debug -- cgit v1.2.3-54-g00ecf