github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

firecfg: parse config files in /etc/firejail/firecfg.d

Browse source 
As suggested by @WhyNotHugo[1].

[1] https://github.com/netblue30/firejail/issues/2097#issuecomment-1179160459
This commit is contained in:
Kelvin M. Klann 2023-06-29 18:22:10 -03:00
parent 62162e3a49
commit 2993298aaa
3 changed files with 34 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Makefile
View file

@ -228,6 +228,7 @@ endif
install -m 0644 -t $(DESTDIR)$(docdir) COPYING README RELNOTES etc/templates/*
# profiles and settings
install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail
install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail/firecfg.d
install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config
install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config
sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"

4
src/firecfg/firecfg.h
View file

@ -37,7 +37,11 @@
#include "../include/common.h"
#define MAX_BUF 4096
// config files
#define FIRECFG_CFGFILE SYSCONFDIR "/firecfg.config"
#define FIRECFG_CONF_GLOB SYSCONFDIR "/firecfg.d/*.conf"
// programs
#define FIREJAIL_EXEC PREFIX "/bin/firejail"
#define FIREJAIL_WELCOME_SH LIBDIR "/firejail/firejail-welcome.sh"
#define FZENITY_EXEC LIBDIR "/firejail/fzenity"

30
src/firecfg/main.c
View file

@ -20,6 +20,8 @@
#include "firecfg.h"
#include "../include/firejail_user.h"
#include <glob.h>
int arg_debug = 0;
char *arg_bindir = "/usr/local/bin";
int arg_guide = 0;
@ -209,6 +211,29 @@ static void set_links_firecfg(const char *cfgfile) {
}
fclose(fp);
printf("\n");
}
// parse all config files matching pattern
static void set_links_firecfg_glob(const char *pattern) {
printf("Looking for config files in %s\n", pattern);
glob_t globbuf;
int globerr = glob(pattern, 0, NULL, &globbuf);
if (globerr == GLOB_NOMATCH) {
fprintf(stderr, "No matches for glob pattern %s\n", pattern);
goto out;
} else if (globerr != 0) {
fprintf(stderr, "Warning: Failed to match glob pattern %s: %s\n",
pattern, strerror(errno));
goto out;
}
size_t i;
for (i = 0; i < globbuf.gl_pathc; i++)
set_links_firecfg(globbuf.gl_pathv[i]);
out:
globfree(&globbuf);
}
// parse ~/.config/firejail/ directory
@ -450,12 +475,15 @@ int main(int argc, char **argv) {
// clear all symlinks
clean();
// set new symlinks based on .conf files
set_links_firecfg_glob(FIRECFG_CONF_GLOB);
// set new symlinks based on firecfg.config
set_links_firecfg(FIRECFG_CFGFILE);
if (getuid() == 0) {
// add user to firejail access database - only for root
printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
printf("Adding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
// temporarily set the umask, access database must be world-readable
mode_t orig_umask = umask(022);
firejail_user_add(user);