-
Notifications
You must be signed in to change notification settings - Fork 555
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
modif: Standardize and add missing name/hostname checks #5856
Conversation
The `invalid_name` function does not allow control characters. Added on commit d349a2f ("Forbid control chars in names", 2023-03-03) / PR netblue30#5708.
To match the hostname check in src/firejail/main.c.
In `invalid_name`.
Changes: * Use only `invalid_name` to check the name and hostname instead of ad-hoc checks * Standardize empty/invalid error messages for name/hostname Note: This makes the hostname validation less strict, though it still forbids control characters and only numbers. Relates to netblue30#5578 netblue30#5708. See also commit b4ffaa2 ("merges; more on cleaning up esc chars", 2023-02-14).
Note that the sandbox name may also be set through the "join-or-start" option. Relates to netblue30#5578 netblue30#5708.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, nice work. Only one nitpick, but approving nonetheless.
I agree that it looks better in this case, but appending For example: Error messages
$ git show --pretty='%h %ai %s' -s
fd1cbf6c9 2023-06-15 03:31:37 -0300 build: mark phony test targets as such
$ git grep -I '"Error: .*: [^(]*"' -- src | wc -l
46
$ git grep -I '"Error: .*: [^(]*"' -- src | head
src/firejail/dhcp.c: fprintf(stderr, "Error: dhclient -4 and -6 have the same PID: %ld\n", (long) dhclient4_pid);
src/firejail/fs.c: fprintf(stderr, "Error: cannot mount tmpfs on %s: not owned by the current user\n", dir);
src/firejail/fs_dev.c: fprintf(stderr, "Error: cannot create %s device: %s\n", path, strerror(errno));
src/firejail/fs_overlayfs.c: fprintf(stderr, "Error: cannot extract Linux kernel version: %s\n", u.version);
src/firejail/fs_overlayfs.c: fprintf(stderr, "Error: cannot remove file: %s\n", strerror(errno));
src/firejail/fs_trace.c: fprintf(stderr, "Error: cannot write trace log: %s is no regular file\n", arg_tracefile);
src/firejail/main.c: fprintf(stderr, "Error: invalid --bandwidth command.\nValid commands: set, clear, status.\n");
src/firejail/main.c: fprintf(stderr, "Error: too long argument: argv[%d] len (%zu) >= MAX_ARG_LEN (%d): %s\n",
src/firejail/main.c: fprintf(stderr, "Error: cannot extract Linux kernel version: %s\n", u.version);
src/firejail/main.c: fprintf(stderr, "Error: inaccessible profile file: %s\n", ppath);
$ git grep -I '"Error: .*: [^(]*"' -- src | grep dbus
src/firejail/profile.c: fprintf(stderr, "Error: Invalid dbus-user.talk name: %s\n", ptr + 15);
src/firejail/profile.c: fprintf(stderr, "Error: Invalid dbus-user.own name: %s\n", ptr + 14);
src/firejail/profile.c: fprintf(stderr, "Error: Invalid dbus-user.call rule: %s\n", ptr + 15);
src/firejail/profile.c: fprintf(stderr, "Error: Invalid dbus-user.broadcast rule: %s\n", ptr + 20);
src/firejail/profile.c: fprintf(stderr, "Error: Unknown dbus-system policy: %s\n", ptr);
src/firejail/profile.c: fprintf(stderr, "Error: Invalid dbus-system.see name: %s\n", ptr + 17);
src/firejail/profile.c: fprintf(stderr, "Error: Invalid dbus-system.talk name: %s\n", ptr + 17);
src/firejail/profile.c: fprintf(stderr, "Error: Invalid dbus-system.own name: %s\n", ptr + 16);
src/firejail/profile.c: fprintf(stderr, "Error: Invalid dbus-system.call rule: %s\n", ptr + 17);
src/firejail/profile.c: fprintf(stderr, "Error: Invalid dbus-system.broadcast rule: %s\n", ptr + 22); Likewise for errno = 1;
warn("foo failed");
// firejail: foo failed: Operation not permitted
errno = 1;
errExit("foo failed");
// Error foo failed: main.c:12 main: Operation not permitted Misc: It looks like Also, originally there were more error messages in the PR and at least one
It looks more readable to me than the following, for example:
And more consistent than the following example:
Note: The last part doesn't apply to the PR as is, but in general I think it |
No problem, let's stick with that format.
|
Main changes:
invalid_name
to check the name and hostname instead ofad-hoc checks
Note: This makes the hostname validation less strict, though it still
forbids control characters and only numbers.
Relates to #5578 #5708.
See also commit b4ffaa2 ("merges; more on cleaning up esc chars",
2023-02-14).
Cc: @layderv @netblue30