forked from netblue30/firejail
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
netblue30
committed
Feb 4, 2017
1 parent
e7c0ee7
commit e46dd3e
Showing
7 changed files
with
139 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
#!/bin/sh | ||
# Purpose: Fetch, compile, and install firejail from GitHub source. Package-manager agnostic. | ||
# | ||
|
||
set -e # exit immediately if one of the commands fails | ||
cd /tmp # by the time we start this, we should have a tmpfs mounted on top of /tmp | ||
git clone --depth=1 https://www.github.com/netblue30/firejail.git | ||
cd firejail | ||
./configure | ||
make | ||
sudo make install-strip | ||
echo "**********************************************************************" | ||
echo "Mainline git Firejail version was installed in /usr/local." | ||
echo "If you want to remove it, run" | ||
echo | ||
echo " firejail --git-uninstall" | ||
echo | ||
echo "**********************************************************************" | ||
cd .. | ||
rm -rf firejail |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
#!/bin/sh | ||
# Purpose: Fetch, compile, and install firejail from GitHub source. Package-manager agnostic. | ||
# | ||
|
||
set -e # exit immediately if one of the commands fails | ||
cd /tmp # by the time we start this, we should have a tmpfs mounted on top of /tmp | ||
git clone --depth=1 https://www.github.com/netblue30/firejail.git | ||
cd firejail | ||
./configure | ||
sudo make uninstall | ||
echo "**********************************************************************" | ||
echo "Firejail mainline git version uninstalled from /usr/local" | ||
echo | ||
echo "**********************************************************************" | ||
cd .. | ||
rm -rf firejail |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
/* | ||
* Copyright (C) 2014-2016 Firejail Authors | ||
* | ||
* This file is part of firejail project | ||
* | ||
* This program is free software; you can redistribute it and/or modify | ||
* it under the terms of the GNU General Public License as published by | ||
* the Free Software Foundation; either version 2 of the License, or | ||
* (at your option) any later version. | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU General Public License along | ||
* with this program; if not, write to the Free Software Foundation, Inc., | ||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
*/ | ||
#include "firejail.h" | ||
#include <sys/utsname.h> | ||
#include <sched.h> | ||
#include <sys/mount.h> | ||
|
||
// install a simple mount/pid namespace sandbox with a tmpfs on top of /tmp | ||
static void sbox_ns(void) { | ||
if (unshare(CLONE_NEWNS | CLONE_NEWIPC) < 0) | ||
errExit("unshare"); | ||
|
||
if (mount(NULL, "/tmp", "tmpfs", 0, NULL) < 0) | ||
errExit("mount"); | ||
} | ||
|
||
void git_install() { | ||
// redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh" | ||
EUID_ASSERT(); | ||
EUID_ROOT(); | ||
|
||
// install a mount namespace with a tmpfs on top of /tmp | ||
sbox_ns(); | ||
|
||
// drop privileges | ||
if (setgid(getgid()) < 0) | ||
errExit("setgid/getgid"); | ||
if (setuid(getuid()) < 0) | ||
errExit("setuid/getuid"); | ||
assert(getenv("LD_PRELOAD") == NULL); | ||
|
||
printf("Running as "); fflush(0); | ||
int rv = system("whoami"); | ||
(void) rv; | ||
printf("/tmp directory: "); fflush(0); | ||
rv = system("ls -l /tmp"); | ||
(void) rv; | ||
|
||
// run command | ||
const char *cmd = LIBDIR "/firejail/fgit-install.sh"; | ||
rv = system(cmd); | ||
(void) rv; | ||
exit(0); | ||
} | ||
|
||
void git_uninstall() { | ||
// redirect to "/usr/bin/firejail --noprofile --private-tmp /usr/lib/firejail/fgit-install.sh" | ||
EUID_ASSERT(); | ||
EUID_ROOT(); | ||
|
||
// install a mount namespace with a tmpfs on top of /tmp | ||
sbox_ns(); | ||
|
||
// drop privileges | ||
if (setgid(getgid()) < 0) | ||
errExit("setgid/getgid"); | ||
if (setuid(getuid()) < 0) | ||
errExit("setuid/getuid"); | ||
assert(getenv("LD_PRELOAD") == NULL); | ||
|
||
printf("Running as "); fflush(0); | ||
int rv = system("whoami"); | ||
(void) rv; | ||
printf("/tmp directory: "); fflush(0); | ||
rv = system("ls -l /tmp"); | ||
(void) rv; | ||
|
||
// run command | ||
const char *cmd = LIBDIR "/firejail/fgit-uninstall.sh"; | ||
rv = system(cmd); | ||
(void) rv; | ||
exit(0); | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters