void x11_block(void) { #ifdef HAVE_X11 mask_x11_abstract_socket = 1; #if 0 // check abstract socket presence and network namespace options if ((!arg_nonetwork && !cfg.bridge0.configured && !cfg.interface0.configured) && x11_abstract_sockets_present()) { fprintf(stderr, "ERROR: --x11=block specified, but abstract X11 socket still accessible.\n" "Additional setup required. To block abstract X11 socket you can either:\n" " * use network namespace in firejail (--net=none, --net=...)\n" " * add \"-nolisten local\" to xserver options\n" " (eg. to your display manager config, or /etc/X11/xinit/xserverrc)\n"); exit(1); } #endif // blacklist sockets profile_check_line("blacklist /tmp/.X11-unix", 0, NULL); profile_add(strdup("blacklist /tmp/.X11-unix")); // blacklist .Xauthority profile_check_line("blacklist ${HOME}/.Xauthority", 0, NULL); profile_add(strdup("blacklist ${HOME}/.Xauthority")); char *xauthority = getenv("XAUTHORITY"); if (xauthority) { char *line; if (asprintf(&line, "blacklist %s", xauthority) == -1) errExit("asprintf"); profile_check_line(line, 0, NULL); profile_add(line); } // clear environment env_store("DISPLAY", RMENV); env_store("XAUTHORITY", RMENV); #endif }
void profile_read(const char *fname) { EUID_ASSERT(); // exit program if maximum include level was reached if (include_level > MAX_INCLUDE_LEVEL) { fprintf(stderr, "Error: maximum profile include level was reached\n"); exit(1); } // check file invalid_filename(fname); if (strlen(fname) == 0 || is_dir(fname)) { fprintf(stderr, "Error: invalid profile file\n"); exit(1); } if (access(fname, R_OK)) { // if the file ends in ".local", do not exit const char *base = gnu_basename(fname); char *ptr = strstr(base, ".local"); if (ptr && strlen(ptr) == 6) return; fprintf(stderr, "Error: cannot access profile file\n"); exit(1); } // allow debuggers if (arg_allow_debuggers) { char *tmp = strrchr(fname, '/'); if (tmp && *(tmp + 1) != '\0') { tmp++; if (strcmp(tmp, "disable-devel.inc") == 0) return; } } // open profile file: FILE *fp = fopen(fname, "r"); if (fp == NULL) { fprintf(stderr, "Error: cannot open profile file %s\n", fname); exit(1); } int msg_printed = 0; // read the file line by line char buf[MAX_READ + 1]; int lineno = 0; while (fgets(buf, MAX_READ, fp)) { ++lineno; // remove empty space - ptr in allocated memory char *ptr = line_remove_spaces(buf); if (ptr == NULL) continue; // comments if (*ptr == '#' || *ptr == '\0') { free(ptr); continue; } // process quiet if (strcmp(ptr, "quiet") == 0) { arg_quiet = 1; free(ptr); continue; } if (!msg_printed) { if (!arg_quiet) fprintf(stderr, "Reading profile %s\n", fname); msg_printed = 1; } // process include if (strncmp(ptr, "include ", 8) == 0) { include_level++; // extract profile filename and new skip params char *newprofile = ptr + 8; // profile name // expand ${HOME}/ in front of the new profile file char *newprofile2 = expand_home(newprofile, cfg.homedir); // recursivity profile_read((newprofile2)? newprofile2:newprofile); include_level--; if (newprofile2) free(newprofile2); free(ptr); continue; } // verify syntax, exit in case of error if (profile_check_line(ptr, lineno, fname)) profile_add(ptr); // we cannot free ptr here, data is extracted from ptr and linked as a pointer in cfg structure // else { // free(ptr); // } #ifdef HAVE_GCOV __gcov_flush(); #endif } fclose(fp); }
void profile_read(const char *fname) { EUID_ASSERT(); // exit program if maximum include level was reached if (include_level > MAX_INCLUDE_LEVEL) { fprintf(stderr, "Error: maximum profile include level was reached\n"); exit(1); } if (strlen(fname) == 0) { fprintf(stderr, "Error: invalid profile file\n"); exit(1); } // open profile file: FILE *fp = fopen(fname, "r"); if (fp == NULL) { fprintf(stderr, "Error: cannot open profile file %s\n", fname); exit(1); } if (!arg_quiet) fprintf(stderr, "Reading profile %s\n", fname); // read the file line by line char buf[MAX_READ + 1]; int lineno = 0; while (fgets(buf, MAX_READ, fp)) { ++lineno; // remove empty space - ptr in allocated memory char *ptr = line_remove_spaces(buf); if (ptr == NULL) continue; // comments if (*ptr == '#' || *ptr == '\0') { free(ptr); continue; } // process include if (strncmp(ptr, "include ", 8) == 0) { include_level++; // extract profile filename and new skip params char *newprofile = ptr + 8; // profile name // expand ${HOME}/ in front of the new profile file char *newprofile2 = expand_home(newprofile, cfg.homedir); // recursivity profile_read((newprofile2)? newprofile2:newprofile); include_level--; if (newprofile2) free(newprofile2); free(ptr); continue; } // verify syntax, exit in case of error if (profile_check_line(ptr, lineno, fname)) profile_add(ptr); // we cannot free ptr here, data is extracted from ptr and linked as a pointer in cfg structure // else { // free(ptr); // } } fclose(fp); }
// skip1, skip2 - if the string is found in the line, the line is not interpreted void profile_read(const char *fname, const char *skip1, const char *skip2) { // exit program if maximum include level was reached if (include_level > MAX_INCLUDE_LEVEL) { fprintf(stderr, "Error: maximum profile include level was reached\n"); exit(1); } if (strlen(fname) == 0) { fprintf(stderr, "Error: invalid profile file\n"); exit(1); } // open profile file: FILE *fp = fopen(fname, "r"); if (fp == NULL) { fprintf(stderr, "Error: cannot open profile file\n"); exit(1); } if (!arg_quiet) fprintf(stderr, "Reading profile %s\n", fname); // read the file line by line char buf[MAX_READ + 1]; int lineno = 0; while (fgets(buf, MAX_READ, fp)) { ++lineno; // remove empty space - ptr in allocated memory char *ptr = line_remove_spaces(buf); if (ptr == NULL) continue; // comments if (*ptr == '#' || *ptr == '\0') { free(ptr); continue; } // process include if (strncmp(ptr, "include ", 8) == 0) { include_level++; // extract profile filename and new skip params char *newprofile = ptr + 8; // profile name char *newskip1 = NULL; // new skip1 char *newskip2 = NULL; // new skip2 char *p = newprofile; while (*p != '\0') { if (*p == ' ') { *p = '\0'; if (newskip1 == NULL) newskip1 = p + 1; else if (newskip2 == NULL) newskip2 = p + 1; } p++; } // expand ${HOME}/ in front of the new profile file char *newprofile2 = expand_home(newprofile, cfg.homedir); // recursivity profile_read((newprofile2)? newprofile2:newprofile, newskip1, newskip2); include_level--; if (newprofile2) free(newprofile2); free(ptr); continue; } // skip if (skip1) { if (strstr(ptr, skip1)) { free(ptr); continue; } } if (skip2) { if (strstr(ptr, skip2)) { free(ptr); continue; } } // verify syntax, exit in case of error if (profile_check_line(ptr, lineno)) profile_add(ptr); } fclose(fp); }
void profile_read(const char *fname) { // exit program if maximum include level was reached if (include_level > MAX_INCLUDE_LEVEL) { fprintf(stderr, "Error: maximum profile include level was reached\n"); exit(1); } if (strlen(fname) == 0) { fprintf(stderr, "Error: invalid profile file\n"); exit(1); } // open profile file: FILE *fp = fopen(fname, "r"); if (fp == NULL) { fprintf(stderr, "Error: cannot open profile file\n"); exit(1); } printf("Reading %s\n", fname); // linked list of lines struct mylist { char *line; struct mylist *next; } m = { NULL, NULL }; struct mylist *mptr = &m; int mylist_cnt = 1; // read the file line by line char buf[MAX_READ + 1]; int lineno = 0; while (fgets(buf, MAX_READ, fp)) { ++lineno; // remove empty space char *ptr = line_remove_spaces(buf); if (ptr == NULL || *ptr == '\0') continue; // comments if (*ptr == '#') continue; // process include if (strncmp(ptr, "include ", 8) == 0) { include_level++; // recursivity profile_read(ptr + 8); include_level--; continue; } // verify syntax, exit in case of error if (profile_check_line(ptr, lineno)) profile_add(ptr); } fclose(fp); }