Skip to content

Commit

Permalink
Relocate firecfg.config to /etc/firejail/
Browse files Browse the repository at this point in the history
This should make it easier for users, and distributions, to customize
which programs they want firejail to wrap. Also fixed some
firecfg.cfg -> firecfg.config references.

Signed-off-by: Hank Leininger <hlein@korelogic.com>
Closes: netblue30#408
Bug: netblue30#2097
Bug: netblue30#2829
Bug: netblue30#3665
  • Loading branch information
hlein committed Nov 6, 2021
1 parent a75645f commit cbbe9ab
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 11 deletions.
3 changes: 2 additions & 1 deletion Makefile.in
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@ endif
install -m 0755 src/jailcheck/jailcheck $(DESTDIR)$(bindir)
# libraries and plugins
install -m 0755 -d $(DESTDIR)$(libdir)/firejail
install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) src/firecfg/firecfg.config
install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS)
install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS)
# plugins w/o read permission (non-dumpable)
install -m 0711 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS_NON_DUMPABLE)
Expand All @@ -135,6 +135,7 @@ endif
install -m 0644 -t $(DESTDIR)$(DOCDIR) COPYING README RELNOTES etc/templates/*
# profiles and settings
install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail
install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config
install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config etc/ids.config
sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
ifeq ($(BUSYBOX_WORKAROUND),yes)
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ PulseAudio changes.
Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers.
The integration applies to any program supported by default by Firejail. There are about 250 default applications
in current Firejail version, and the number goes up with every new release.
We keep the application list in [/usr/lib/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file.
We keep the application list in [/etc/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file.

## Security profiles

Expand Down
2 changes: 1 addition & 1 deletion src/firecfg/firecfg.config
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# /usr/lib/firejail/firecfg.config - firecfg utility configuration file
# /etc/firejail/firecfg.config - firecfg utility configuration file
# This is the list of programs in alphabetical order handled by firecfg utility
#
0ad
Expand Down
8 changes: 4 additions & 4 deletions src/firecfg/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -171,17 +171,17 @@ static void set_file(const char *name, const char *firejail_exec) {
free(fname);
}

// parse /usr/lib/firejail/firecfg.cfg file
// parse /etc/firejail/firecfg.config file
static void set_links_firecfg(void) {
char *cfgfile;
if (asprintf(&cfgfile, "%s/firejail/firecfg.config", LIBDIR) == -1)
if (asprintf(&cfgfile, "%s/firecfg.config", SYSCONFDIR) == -1)
errExit("asprintf");

char *firejail_exec;
if (asprintf(&firejail_exec, "%s/bin/firejail", PREFIX) == -1)
errExit("asprintf");

// parse /usr/lib/firejail/firecfg.cfg file
// parse /etc/firejail/firecfg.config file
FILE *fp = fopen(cfgfile, "r");
if (!fp) {
perror("fopen");
Expand Down Expand Up @@ -440,7 +440,7 @@ int main(int argc, char **argv) {
// clear all symlinks
clean();

// set new symlinks based on /usr/lib/firejail/firecfg.cfg
// set new symlinks based on /etc/firejail/firecfg.config
set_links_firecfg();

if (getuid() == 0) {
Expand Down
6 changes: 3 additions & 3 deletions src/firejail/appimage.c
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,10 @@ int appimage_find_profile(const char *archive) {
assert(archive);
assert(strlen(archive));

// try to match the name of the archive with the list of programs in /usr/lib/firejail/firecfg.config
FILE *fp = fopen(LIBDIR "/firejail/firecfg.config", "r");
// try to match the name of the archive with the list of programs in /etc/firejail/firecfg.config
FILE *fp = fopen(SYSCONFDIR "/firecfg.config", "r");
if (!fp) {
fprintf(stderr, "Error: cannot find %s, firejail is not correctly installed\n", LIBDIR "/firejail/firecfg.config");
fprintf(stderr, "Error: cannot find %s, firejail is not correctly installed\n", SYSCONFDIR "/firecfg.config");
exit(1);
}
char buf[MAXBUF];
Expand Down
2 changes: 1 addition & 1 deletion src/man/firecfg.txt
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ desktop managers are supported in this moment
To set it up, run "sudo firecfg" after installing Firejail software.
The same command should also be run after
installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin
will be created. For a full list of programs supported by default run "cat /usr/lib/firejail/firecfg.config".
will be created. For a full list of programs supported by default run "cat /etc/firejail/firecfg.config".

For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR.
.SH DEFAULT ACTIONS
Expand Down

0 comments on commit cbbe9ab

Please sign in to comment.