firecfg: parse config files in /etc/firejail/firecfg.d

As suggested by @WhyNotHugo[1]. [1] netblue30#2097 (comment)
kmk3 · Jul 1, 2023 · 2632a03 · 2632a03
1 parent 1f07de8
commit 2632a03
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 1 deletion.
diff --git a/Makefile b/Makefile
@@ -223,6 +223,7 @@ endif
 	install -m 0644 -t $(DESTDIR)$(docdir) COPYING README RELNOTES etc/templates/*
 	# profiles and settings
 	install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail
+	install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail/firecfg.d
 	install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config
 	install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config
 	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"

diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h
@@ -37,7 +37,11 @@
 #include "../include/common.h"
 #define MAX_BUF 4096
 
+// config files
 #define FIRECFG_CFGFILE SYSCONFDIR "/firecfg.config"
+#define FIRECFG_CONF_GLOB SYSCONFDIR "/firecfg.d/*.conf"
+
+// programs
 #define FIREJAIL_EXEC PREFIX "/bin/firejail"
 #define FIREJAIL_WELCOME_SH LIBDIR "/firejail/firejail-welcome.sh"
 #define FZENITY_EXEC        LIBDIR "/firejail/fzenity"

diff --git a/src/firecfg/main.c b/src/firecfg/main.c
@@ -20,6 +20,8 @@
 
 #include "firecfg.h"
 #include "../include/firejail_user.h"
+#include <glob.h>
+
 int arg_debug = 0;
 char *arg_bindir = "/usr/local/bin";
 int arg_guide = 0;
@@ -209,6 +211,29 @@ static void set_links_firecfg(const char *cfgfile) {
 	}
 
 	fclose(fp);
+	printf("\n");
+}
+
+// parse all config files matching pattern
+static void set_links_firecfg_glob(const char *pattern) {
+	printf("Looking for config files in %s\n", pattern);
+
+	glob_t globbuf;
+	int globerr = glob(pattern, 0, NULL, &globbuf);
+	if (globerr == GLOB_NOMATCH) {
+		fprintf(stderr, "No matches for glob pattern %s\n", pattern);
+		goto out;
+	} else if (globerr != 0) {
+		fprintf(stderr, "Warning: Failed to match glob pattern %s: %s\n",
+		        pattern, strerror(errno));
+		goto out;
+	}
+
+	size_t i;
+	for (i = 0; i < globbuf.gl_pathc; i++)
+		set_links_firecfg(globbuf.gl_pathv[i]);
+out:
+	globfree(&globbuf);
 }
 
 // parse ~/.config/firejail/ directory
@@ -448,12 +473,15 @@ int main(int argc, char **argv) {
 	// clear all symlinks
 	clean();
 
+	// set new symlinks based on .conf files
+	set_links_firecfg_glob(FIRECFG_CONF_GLOB);
+
 	// set new symlinks based on firecfg.config
 	set_links_firecfg(FIRECFG_CFGFILE);
 
 	if (getuid() == 0) {
 		// add user to firejail access database - only for root
-		printf("\nAdding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
+		printf("Adding user %s to Firejail access database in %s/firejail.users\n", user, SYSCONFDIR);
 		// temporarily set the umask, access database must be world-readable
 		mode_t orig_umask = umask(022);
 		firejail_user_add(user);