diff --git a/etc/apparmor/usr.lib.firejail.fnettrace b/etc/apparmor/usr.lib.firejail.fnettrace index ecce244ff..2a7bf764e 100644 --- a/etc/apparmor/usr.lib.firejail.fnettrace +++ b/etc/apparmor/usr.lib.firejail.fnettrace @@ -18,7 +18,7 @@ deny /tmp/.X[0-9]*-lock mrwkl, deny /tmp/systemd* mrwkl, deny /tmp/ssh* mrwkl, - + deny /etc/ssh/{,**} mrwkl, deny /etc/ssl/{,**} mrwkl, deny /etc/ca-certificates/{,**} mrwkl, diff --git a/etc/apparmor/usr.lib.firejail.fnettrace-icmp b/etc/apparmor/usr.lib.firejail.fnettrace-icmp index 4a85f114b..a6f1dd811 100644 --- a/etc/apparmor/usr.lib.firejail.fnettrace-icmp +++ b/etc/apparmor/usr.lib.firejail.fnettrace-icmp @@ -12,4 +12,3 @@ include network packet, network raw, } - diff --git a/gcov.sh b/gcov.sh index 6129f4468..8ce3415eb 100755 --- a/gcov.sh +++ b/gcov.sh @@ -24,7 +24,6 @@ gcov_generate() { /usr/bin/jailcheck --help sleep 2 - # --help -secondary programs /usr/lib/firejail/etc-cleanup --help /usr/lib/firejail/fbuilder --help @@ -78,5 +77,3 @@ make test-private-etc gcov_generate make test-seccomp-extra gcov_generate - - diff --git a/mkgcov.sh b/mkgcov.sh index 48608e0b9..ea54763d3 100755 --- a/mkgcov.sh +++ b/mkgcov.sh @@ -43,10 +43,3 @@ if test -f src/firejail/main.gcno; then src/fzenity \ src/lib fi - - - - - - - diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 1abc9e2a7..31776bc1a 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -169,7 +169,7 @@ static int disable_file(OPERATION op, const char *filename) { fwarning("cannot blacklist %s, mount failed\n", fname); retval = 1; } - + // files in /etc will be reprocessed during /etc rebuild if (strncmp(fname, "/etc/", 5) == 0) { ProfileEntry *prf = malloc(sizeof(ProfileEntry)); @@ -831,7 +831,7 @@ void fs_proc_sys_dev_boot(void) { } else fwarning("cannot hide pid 1 inside the sandbox\n"); - + // remove kernel symbol information if (!arg_allow_debuggers) { disable_file(BLACKLIST_FILE, "/usr/src/linux"); diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 172f01039..5adacb58b 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c @@ -27,7 +27,7 @@ // build a random host name static char *random_hostname(void) { assert(!arg_keep_hostname); - + char vowels[] = { 'a', 'e', 'i', 'o', 'u'}; char consonants[] = {'b', 'c', 'c', 'c', 'g', 'h', 'h', 'h', 'h', 'h', 'j', 'j', 'k', 'k', 'k', 'k', 'k', 'k', 'k', 'k', 'k', 'k', 'm', 'm', 'm', 'm', 'n', 'n', 'n', 'n', 'n', diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index f10a764a6..71d834bf3 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -983,12 +983,12 @@ int sandbox(void* sandbox_arg) { if (!arg_keep_hostname) { fs_hostname(); // /usr/bin/hostname is blacklisted in default.profile - // test this using cat /proc/sys/kernel/hostname, + // test this using cat /proc/sys/kernel/hostname, assert(cfg.hostname); if (sethostname(cfg.hostname, strlen(cfg.hostname)) < 0) errExit("sethostname"); } - + //**************************** // /etc overrides from the network namespace //**************************** diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index ae6239d8c..9cc4c9fc1 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c @@ -629,7 +629,7 @@ static void run_trace(void) { continue; } *ptr = '\0'; - + if (strstr(buf, "/../") || strstr(buf, "/./") || strstr(buf, "//") || @@ -653,7 +653,7 @@ static void run_trace(void) { sleep(4); continue; } - + printf("Saving stats in %s file...\n", buf); print_stats(fp); fclose(fp); diff --git a/src/fnettrace/runprog.c b/src/fnettrace/runprog.c index 8e41cb28c..54f67b45a 100644 --- a/src/fnettrace/runprog.c +++ b/src/fnettrace/runprog.c @@ -69,4 +69,3 @@ void killprogs(void) { p = p->next; } } - diff --git a/test/fcopy/fcopy.sh b/test/fcopy/fcopy.sh index 127054767..ec07016ea 100755 --- a/test/fcopy/fcopy.sh +++ b/test/fcopy/fcopy.sh @@ -33,5 +33,3 @@ rm -f src/dircopy.exp cd ../.. ./mkgcov.sh - - diff --git a/test/fnettrace/fnettrace-check-root.exp b/test/fnettrace/fnettrace-check-root.exp index 3612dd405..cf6995d70 100755 --- a/test/fnettrace/fnettrace-check-root.exp +++ b/test/fnettrace/fnettrace-check-root.exp @@ -43,4 +43,3 @@ expect { after 100 puts "\nexpect script done\r" - diff --git a/test/fnettrace/fnettrace-dns.exp b/test/fnettrace/fnettrace-dns.exp index f489787d7..e88deb796 100755 --- a/test/fnettrace/fnettrace-dns.exp +++ b/test/fnettrace/fnettrace-dns.exp @@ -24,4 +24,3 @@ expect { after 100 puts "\nexpect script done\r" - diff --git a/test/fnettrace/fnettrace-icmp.exp b/test/fnettrace/fnettrace-icmp.exp index 01cb64cc3..6de29537a 100755 --- a/test/fnettrace/fnettrace-icmp.exp +++ b/test/fnettrace/fnettrace-icmp.exp @@ -20,4 +20,3 @@ expect { after 100 puts "\nexpect script done\r" - diff --git a/test/fnettrace/fnettrace-sni.exp b/test/fnettrace/fnettrace-sni.exp index 1a7061efb..876fd0f01 100755 --- a/test/fnettrace/fnettrace-sni.exp +++ b/test/fnettrace/fnettrace-sni.exp @@ -20,4 +20,3 @@ expect { after 100 puts "\nexpect script done\r" - diff --git a/test/fnettrace/nettrace.exp b/test/fnettrace/nettrace.exp index 2be97d549..9b304174a 100755 --- a/test/fnettrace/nettrace.exp +++ b/test/fnettrace/nettrace.exp @@ -20,4 +20,3 @@ expect { sleep 1 puts "\nexpect script done\r" - diff --git a/test/utils/firemon-events.exp b/test/utils/firemon-events.exp index 3f697b065..4fc36850d 100755 --- a/test/utils/firemon-events.exp +++ b/test/utils/firemon-events.exp @@ -22,7 +22,5 @@ expect { -re "EXIT SANDBOX" } - sleep 1 puts "\nall done\r" - diff --git a/test/utils/jailcheck.exp b/test/utils/jailcheck.exp index 35ce9d82f..946feb893 100755 --- a/test/utils/jailcheck.exp +++ b/test/utils/jailcheck.exp @@ -32,4 +32,3 @@ expect { sleep 1 puts "\nall done\r" -