Merge pull request #5900 from kmk3/firecfg-support-doas

feature: add doas support in firecfg and jailcheck
netblue30 · Jul 16, 2023 · 2ebb09e · 2ebb09e
2 parents 154ffad + e7225b6
commit 2ebb09e
Show file tree

Hide file tree

Showing 7 changed files with 21 additions and 15 deletions.
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
@@ -108,7 +108,7 @@ static int have_profile(const char *filename, const char *homedir) {
 	return rv;
 }
 
-void fix_desktop_files(char *homedir) {
+void fix_desktop_files(const char *homedir) {
 	assert(homedir);
 	struct stat sb;
 

diff --git a/src/firecfg/firecfg.h b/src/firecfg/firecfg.h
@@ -49,6 +49,6 @@ int is_link(const char *fname);
 void sound(void);
 
 // desktop_files.c
-void fix_desktop_files(char *homedir);
+void fix_desktop_files(const char *homedir);
 
 #endif
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
@@ -288,8 +288,11 @@ static void set_links_homedir(const char *homedir) {
 	free(firejail_exec);
 }
 
-static char *get_user(void) {
-	char *user = getenv("SUDO_USER");
+static const char *get_sudo_user(void) {
+	const char *doas_user = getenv("DOAS_USER");
+	const char *sudo_user = getenv("SUDO_USER");
+	const char *user = doas_user ? doas_user : sudo_user;
+
 	if (!user) {
 		user = getpwuid(getuid())->pw_name;
 		if (!user) {
@@ -301,13 +304,13 @@ static char *get_user(void) {
 	return user;
 }
 
-static char *get_homedir(const char *user, uid_t *uid, gid_t *gid) {
+static const char *get_homedir(const char *user, uid_t *uid, gid_t *gid) {
 	// find home directory
 	struct passwd *pw = getpwnam(user);
 	if (!pw)
 		goto errexit;
 
-	char *home = pw->pw_dir;
+	const char *home = pw->pw_dir;
 	if (!home)
 		goto errexit;
 
@@ -326,12 +329,11 @@ int main(int argc, char **argv) {
 	int bindir_set = 0;
 
 	// user setup
-	char *user = get_user();
+	const char *user = get_sudo_user();
 	assert(user);
 	uid_t uid;
 	gid_t gid;
-	char *home = get_homedir(user, &uid, &gid);
-
+	const char *home = get_homedir(user, &uid, &gid);
 
 	// check for --bindir
 	for (i = 1; i < argc; i++) {

diff --git a/src/jailcheck/main.c b/src/jailcheck/main.c
@@ -86,7 +86,7 @@ int main(int argc, char **argv) {
 
 	// user setup
 	if (getuid() != 0) {
-		fprintf(stderr, "Error: you need to be root (via sudo) to run this program\n");
+		fprintf(stderr, "Error: you need to be root (via sudo or doas) to run this program\n");
 		exit(1);
 	}
 	user_name = get_sudo_user();

diff --git a/src/jailcheck/utils.c b/src/jailcheck/utils.c
@@ -26,7 +26,10 @@
 #define BUFLEN 4096
 
 char *get_sudo_user(void) {
-	char *user = getenv("SUDO_USER");
+	char *doas_user = getenv("DOAS_USER");
+	char *sudo_user = getenv("SUDO_USER");
+	char *user = doas_user ? doas_user : sudo_user;
+
 	if (!user) {
 		user = getpwuid(getuid())->pw_name;
 		if (!user) {

diff --git a/src/man/firecfg.1.in b/src/man/firecfg.1.in
@@ -23,7 +23,9 @@ The integration covers:
 - programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE/LXQT, MATE and XFCE
 desktop managers are supported in this moment
 .RE
-
+.PP
+Note: The examples use \fBsudo\fR, but \fBdoas\fR is also supported.
+.PP
 To set it up, run "sudo firecfg" after installing Firejail software.
 The same command should also be run after
 installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin

diff --git a/src/man/jailcheck.1.in b/src/man/jailcheck.1.in
@@ -24,9 +24,8 @@ them from inside the sandbox.
 \fB5. Seccomp test
 .TP
 \fB6. Networking test
-.TP
-The program is started as root using sudo.
-
+.PP
+The program should be started using \fBsudo\fR or \fBdoas\fR.
 .SH OPTIONS
 .TP
 \fB\-\-debug