Changeset View
Changeset View
Standalone View
Standalone View
files/0001-Support-a-stateless-configuration.patch
| From: =?UTF-8?q?Mateusz=20Miku=C5=82a?= <mati865@gmail.com>, Fabio Forni <livingsilver94.solus@redaril.me> | --- a/Makefile.in.orig 2021-10-29 09:48:49.634834320 +0200 | ||||
| Subject: [PATCH] Support a stateless configuration | +++ b/Makefile.in 2021-10-29 09:53:51.826848258 +0200 | ||||
| @@ -3,6 +3,7 @@ | |||||
| diff --git a/Makefile.in b/Makefile.in | |||||
| index d11d537b..d2099870 100644 | |||||
| --- a/Makefile.in | |||||
| +++ b/Makefile.in | |||||
| @@ -9,6 +9,7 @@ exec_prefix=@exec_prefix@ | |||||
| bindir=@bindir@ | bindir=@bindir@ | ||||
| libdir=@libdir@ | libdir=@libdir@ | ||||
| datarootdir=@datarootdir@ | datarootdir=@datarootdir@ | ||||
| +datadir=@datadir@ | +datadir=@datadir@ | ||||
| mandir=@mandir@ | mandir=@mandir@ | ||||
| sysconfdir=@sysconfdir@ | sysconfdir=@sysconfdir@ | ||||
| @@ -123,12 +124,12 @@ endif | @@ -134,11 +135,11 @@ | ||||
| install -c -m 0644 README $(DESTDIR)/$(DOCDIR)/. | install -m 0755 -d $(DESTDIR)$(DOCDIR) | ||||
| install -c -m 0644 RELNOTES $(DESTDIR)/$(DOCDIR)/. | install -m 0644 -t $(DESTDIR)$(DOCDIR) COPYING README RELNOTES etc/templates/* | ||||
| # etc files | # profiles and settings | ||||
| - ./mketc.sh $(sysconfdir) $(BUSYBOX_WORKAROUND) | - install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail | ||||
| - install -m 0755 -d $(DESTDIR)/$(sysconfdir)/firejail | - install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config | ||||
| + ./mketc.sh $(datadir)/defaults $(BUSYBOX_WORKAROUND) | |||||
| + install -m 0755 -d $(DESTDIR)/$(datadir)/defaults/firejail | |||||
| for file in .etc/* etc/firejail.config; do \ | |||||
| - install -c -m 0644 $$file $(DESTDIR)/$(sysconfdir)/firejail; \ | |||||
| + install -c -m 0644 $$file $(DESTDIR)/$(datadir)/defaults/firejail; \ | |||||
| done | |||||
| - sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | - sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | ||||
| + install -m 0755 -d $(DESTDIR)$(datadir)/defaults/firejail | |||||
| + install -m 0644 -t $(DESTDIR)$(datadir)/defaults/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config | |||||
| + sh -c "if [ ! -f $(DESTDIR)/$(datadir)/defaults/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(datadir)/defaults/firejail/.; fi;" | + sh -c "if [ ! -f $(DESTDIR)/$(datadir)/defaults/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(datadir)/defaults/firejail/.; fi;" | ||||
| rm -fr .etc | ifeq ($(BUSYBOX_WORKAROUND),yes) | ||||
| - ./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc | |||||
| + ./mketc.sh $(DESTDIR)$(datadir)/defaults/firejail/disable-common.inc | |||||
| endif | |||||
| ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR) | ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR) | ||||
| # install apparmor profile | # install apparmor profile | ||||
| diff --git a/configure.ac b/configure.ac | @@ -191,7 +192,7 @@ | ||||
| index 2b7dd1d2..c78122cf 100644 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail | ||||
JoshStrobl: Could I get the raw file of where this is being applied? The diff is indicating the C file… | |||||
soleneAuthorUnsubmitted Done Inline ActionsThe patch 0001 contains changes on multiples files, this rm call is Makefile.in solene: The patch 0001 contains changes on multiples files, this rm call is `Makefile.in` | |||||
| --- a/configure.ac | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon | ||||
| +++ b/configure.ac | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg | ||||
| @@ -183,6 +183,7 @@ echo | - @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038." | ||||
| echo "Configuration options:" | + @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(datadir)/defaults/firejail', see #2038." | ||||
| echo " prefix: $prefix" | |||||
| echo " sysconfdir: $sysconfdir" | DISTFILES = "src etc m4 platform contrib configure configure.ac Makefile.in install.sh mkman.sh mketc.sh mkdeb.sh.in COPYING README RELNOTES" | ||||
| +echo " defaultsdir: $datadir/defaults/firejail" | DISTFILES_TEST = "test/Makefile.in test/apps test/apps-x11 test/apps-x11-xorg test/root test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils test/chroot" | ||||
| echo " seccomp: $HAVE_SECCOMP" | --- a/src/firejail/checkcfg.c.orig 2021-10-29 09:57:03.977857121 +0200 | ||||
| echo " <linux/seccomp.h>: $HAVE_SECCOMP_H" | +++ b/src/firejail/checkcfg.c 2021-10-29 09:58:00.484859727 +0200 | ||||
| echo " apparmor: $HAVE_APPARMOR" | @@ -60,7 +60,12 @@ | ||||
| --- a/src/common.mk.in | cfg_val[CFG_BROWSER_ALLOW_DRM] = 0; | ||||
| +++ b/src/common.mk.in | |||||
| @@ -5,6 +5,7 @@ prefix=@prefix@ | |||||
| exec_prefix=@exec_prefix@ | |||||
| libdir=@libdir@ | |||||
| sysconfdir=@sysconfdir@ | |||||
| +datadir=@datadir@ | |||||
| VERSION=@PACKAGE_VERSION@ | |||||
| NAME=@PACKAGE_NAME@ | |||||
| @@ -28,7 +29,7 @@ C_FILE_LIST = $(sort $(wildcard *.c)) | |||||
| OBJS = $(C_FILE_LIST:.c=.o) | |||||
| BINOBJS = $(foreach file, $(OBJS), $file) | |||||
| -CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | |||||
| +CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DDATADIR='"$(datadir)"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | |||||
| LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | |||||
| EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@ | |||||
| EXTRA_CFLAGS +=@EXTRA_CFLAGS@ | |||||
| diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c | |||||
| index f101a845..fa5f681e 100644 | |||||
| --- a/src/firejail/checkcfg.c | |||||
| +++ b/src/firejail/checkcfg.c | |||||
| @@ -52,7 +52,12 @@ int checkcfg(int val) { | |||||
| cfg_val[CFG_XPRA_ATTACH] = 0; | |||||
| // open configuration file | // open configuration file | ||||
| - const char *fname = SYSCONFDIR "/firejail.config"; | - const char *fname = SYSCONFDIR "/firejail.config"; | ||||
| + const char *fname; | + const char *fname; | ||||
| + if (access(SYSCONFDIR "/firejail.config", F_OK) == 0) { | + if (access(SYSCONFDIR "/firejail.config", F_OK) == 0) { | ||||
| + fname = SYSCONFDIR "/firejail.config"; | + fname = SYSCONFDIR "/firejail.config"; | ||||
| + } else { | + } else { | ||||
| + fname = DATADIR "/defaults/firejail/firejail.config"; | + fname = DATADIR "/defaults/firejail/firejail.config"; | ||||
| + } | + } | ||||
| fp = fopen(fname, "r"); | fp = fopen(fname, "re"); | ||||
| if (!fp) { | if (!fp) { | ||||
| #ifdef HAVE_GLOBALCFG | #ifdef HAVE_GLOBALCFG | ||||
| --- a/src/firejail/profile.c | --- a/src/firejail/profile.c.orig 2021-06-29 08:45:01.000000000 +0200 | ||||
| +++ b/src/firejail/profile.c | +++ b/src/firejail/profile.c 2021-10-29 09:59:59.015865194 +0200 | ||||
| @@ -78,7 +78,9 @@ int profile_find_firejail(const char *name, int add_ext) { | @@ -82,7 +82,9 @@ | ||||
| if (!rv) | if (!rv) | ||||
| // look for a user profile in /etc/firejail directory | // look for a user profile in /etc/firejail directory | ||||
| rv = profile_find(name, SYSCONFDIR, add_ext); | rv = profile_find(name, SYSCONFDIR, add_ext); | ||||
| - | - | ||||
| + if (!rv) | + if (!rv) | ||||
| + // look for a user profile in /usr/share/defaults/firejail directory | + // look for a user profile in /usr/share/defaults/firejail directory | ||||
| + rv = profile_find(name, DATADIR "/defaults/firejail", add_ext); | + rv = profile_find(name, DATADIR "/defaults/firejail", add_ext); | ||||
| return rv; | return rv; | ||||
| } | } | ||||
| diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c | --- a/src/firejail/restricted_shell.c.orig 2021-06-29 08:45:01.000000000 +0200 | ||||
| index d09a2c7e..4162d14e 100644 | +++ b/src/firejail/restricted_shell.c 2021-10-29 09:59:59.016865194 +0200 | ||||
| --- a/src/firejail/restricted_shell.c | @@ -34,8 +34,16 @@ | ||||
| +++ b/src/firejail/restricted_shell.c | |||||
| @@ -34,8 +34,16 @@ int restricted_shell(const char *user) { | |||||
| errExit("asprintf"); | errExit("asprintf"); | ||||
| FILE *fp = fopen(fname, "r"); | FILE *fp = fopen(fname, "re"); | ||||
| free(fname); | free(fname); | ||||
| - if (fp == NULL) | - if (fp == NULL) | ||||
| - return 0; | - return 0; | ||||
| + fname = NULL; | + fname = NULL; | ||||
| + if (fp == NULL) { | + if (fp == NULL) { | ||||
| + // Grab the stateless version | + // Grab the stateless version | ||||
| + if (asprintf(&fname, "%s/defaults/firejail/login.users", DATADIR) == -1) | + if (asprintf(&fname, "%s/defaults/firejail/login.users", DATADIR) == -1) | ||||
| + errExit("asprintf"); | + errExit("asprintf"); | ||||
| + FILE *fp = fopen(fname, "r"); | + FILE *fp = fopen(fname, "r"); | ||||
| + free(fname); | + free(fname); | ||||
| + if (fp == NULL) | + if (fp == NULL) | ||||
| + return 0; | + return 0; | ||||
| + } | + } | ||||
| int lineno = 0; | int lineno = 0; | ||||
| char buf[MAX_READ]; | char buf[MAX_READ]; | ||||
| -- | --- a/src/common.mk.in.orig 2021-10-29 09:55:10.723851897 +0200 | ||||
| 2.16.2 | +++ b/src/common.mk.in 2021-10-29 09:56:36.478855852 +0200 | ||||
| @@ -6,6 +6,7 @@ | |||||
| bindir=@bindir@ | |||||
| libdir=@libdir@ | |||||
| sysconfdir=@sysconfdir@ | |||||
| +datadir=@datadir@ | |||||
| VERSION=@PACKAGE_VERSION@ | |||||
| NAME=@PACKAGE_NAME@ | |||||
| @@ -42,6 +43,7 @@ | |||||
| CFLAGS = @CFLAGS@ | |||||
| CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | |||||
| CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' | |||||
| +CFLAGS += -DDATADIR='"$(datadir)"' | |||||
| MANFLAGS = $(HAVE_LTS) $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) $(HAVE_SUID) $(HAVE_FORCE_NONEWPRIVS) | |||||
| CFLAGS += $(MANFLAGS) | |||||
| CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security | |||||
| --- a/configure.ac.orig 2021-10-29 09:54:15.224849337 +0200 | |||||
| +++ b/configure.ac 2021-10-29 09:54:56.742851252 +0200 | |||||
| @@ -316,6 +316,7 @@ | |||||
| Configuration options: | |||||
| prefix: $prefix | |||||
| sysconfdir: $sysconfdir | |||||
| + defaultsdir: $datadir/defaults/firejail | |||||
| apparmor: $HAVE_APPARMOR | |||||
| SELinux labeling support: $HAVE_SELINUX | |||||
| global config: $HAVE_GLOBALCFG | |||||
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.
Could I get the raw file of where this is being applied? The diff is indicating the C file src/firejail/checkcfg.c and having bash calls in that is no bueno.