github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

fix whitespace (fbwrap)

Browse source 
Found with `git diff --check`.

Related commits:

* 33d07c232 ("bwrap replacement - part 1", 2025-12-18)
* 8c14d83f3 ("bwrap replacement - part3", 2025-12-18)
* 180e3f464 ("bwrap replacement - part4", 2025-12-18)
* a723510c2 ("bwrap replacement - part 7 - --allow-bwrap option", 2025-12-22)
* 6cf8a5454 ("bwrap replacement - part 8 - fixes", 2025-12-22)
This commit is contained in:
Kelvin M. Klann 2025-12-28 09:28:37 -03:00
parent 170519d83d
commit 3ae2b5a5cd
3 changed files with 36 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

44
src/fbwrap/main.c
View file

@ -99,7 +99,7 @@ int main(int argc, char **argv) {
usage();
return 1;
}
if (strcmp(argv[1], "-h") == 0 ||
strcmp(argv[1], "-?") == 0 ||
strcmp(argv[1], "-v") == 0 ||
@ -113,7 +113,7 @@ int main(int argc, char **argv) {
#ifdef DEBUG
printf("%s:%s():%d %s\n", __FILE__, __PRETTY_FUNCTION__, __LINE__, argv[i]);
#endif
if (*argv[i] != '/') // enforcing $(PATH) for our target
if (*argv[i] != '/') // enforcing $(PATH) for our target
continue;
if (ok_to_run(argv[i])) {
fprintf(stderr, "Info: fbwrap target program %s found\n", argv[i]);
@ -136,25 +136,25 @@ int main(int argc, char **argv) {
fprintf(stderr, "Error: fbwrap target program has an argument list larger than %d\n", MAX_ARGLIST - 1);
exit(1);
}
pid_t child = fork();
if (child == -1) {
fprintf(stderr, "Error: fbwrap cannot fork\n");
exit(1);
}
if (child == 0) {
// kill the target if the parent dies
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
execvp(arglist[0], arglist);
return 0;
}
// wait child to finish
//int status;
//waitpid(child, &status, 0);
// don't bother waiting
sleep(2);
pid_t child = fork();
if (child == -1) {
fprintf(stderr, "Error: fbwrap cannot fork\n");
exit(1);
}
if (child == 0) {
// kill the target if the parent dies
prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0);
execvp(arglist[0], arglist);
return 0;
}
// wait child to finish
//int status;
//waitpid(child, &status, 0);
// don't bother waiting
sleep(2);
return 0;
}

26
src/firejail/fs.c
View file

@ -715,23 +715,23 @@ void fs_mnt(const int enforce) {
// replace /usr/bin/bwrap if present in the system
void fs_bwrap(void) {
// open bwrap without following symbolic links
if (is_link("/usr/bin/bwrap")) // just in case O_NOFOLLOW below fails in glibc
goto out;
int fd = open("/usr/bin/bwrap", O_NOFOLLOW|O_CLOEXEC);
if (fd < 0)
goto out;
int err = bind_mount_path_to_fd(LIBDIR "/firejail/fbwrap", fd);
if (err) {
close(fd);
goto out;
}
// open bwrap without following symbolic links
if (is_link("/usr/bin/bwrap")) // just in case O_NOFOLLOW below fails in glibc
goto out;
int fd = open("/usr/bin/bwrap", O_NOFOLLOW|O_CLOEXEC);
if (fd < 0)
goto out;
int err = bind_mount_path_to_fd(LIBDIR "/firejail/fbwrap", fd);
if (err) {
close(fd);
goto out;
}
close(fd);
return;
return;
out:
fprintf(stderr, "Warning: /usr/bin/bwrap was not disabled\n");
fprintf(stderr, "Warning: /usr/bin/bwrap was not disabled\n");
}

2
src/firejail/sandbox.c
View file

@ -935,7 +935,7 @@ int sandbox(void* sandbox_arg) {
// bwrap is replaced by our own program
fs_bwrap();
}
// private-bin is disabled for appimages
if (arg_private_bin && !arg_appimage) {
if (cfg.chrootdir)