fixed sysconfdir

netblue30 · Nov 14, 2015 · d3cbab9 · d3cbab9
1 parent 9aac184
commit d3cbab9
Show file tree

Hide file tree

Showing 8 changed files with 91 additions and 51 deletions.
diff --git a/Makefile.in b/Makefile.in
@@ -8,9 +8,7 @@ bindir=@bindir@
 libdir=@libdir@
 datarootdir=@datarootdir@
 mandir=@mandir@
-# todo: fix sysconfdir
-# sysconfdir=@sysconfdir@ 
-sysconfdir=/etc
+sysconfdir=@sysconfdir@
 
 VERSION=@PACKAGE_VERSION@
 NAME=@PACKAGE_NAME@
@@ -72,51 +70,53 @@ realinstall:
 	install -c -m 0644 README $(DESTDIR)/$(DOCDIR)/.
 	install -c -m 0644 RELNOTES $(DESTDIR)/$(DOCDIR)/.
 	# etc files
+	./mketc.sh $(sysconfdir)
 	mkdir -p $(DESTDIR)/$(sysconfdir)/firejail
-	install -c -m 0644 etc/audacious.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/clementine.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/gnome-mplayer.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/rhythmbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/totem.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/firefox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/icedove.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/iceweasel.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/midori.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/evince.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/chromium.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/google-chrome.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/disable-mgmt.inc $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/disable-secret.inc $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/disable-common.inc $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/dropbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/opera.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/thunderbird.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/transmission-gtk.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/transmission-qt.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/vlc.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/deluge.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/qbittorrent.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/generic.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/pidgin.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/xchat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/empathy.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/server.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/icecat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/quassel.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/deadbeef.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/filezilla.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/fbreader.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/spotify.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/steam.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/skype.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/wine.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/disable-devel.inc $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/conkeror.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/unbound.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/dnscrypt-proxy.profile $(DESTDIR)/$(sysconfdir)/firejail/.
-	install -c -m 0644 etc/whitelist-common.inc $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/audacious.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/clementine.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/gnome-mplayer.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/rhythmbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/totem.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/firefox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/icedove.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/iceweasel.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/midori.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/evince.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/chromium-browser.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/chromium.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/google-chrome.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/disable-mgmt.inc $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/disable-secret.inc $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/disable-common.inc $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/dropbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/opera.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/thunderbird.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/transmission-gtk.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/transmission-qt.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/vlc.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/deluge.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/qbittorrent.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/generic.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/pidgin.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/xchat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/empathy.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/server.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/icecat.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/quassel.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/deadbeef.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/filezilla.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/fbreader.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/spotify.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/steam.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/skype.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/wine.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/disable-devel.inc $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/conkeror.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/unbound.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/dnscrypt-proxy.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+	install -c -m 0644 .etc/whitelist-common.inc $(DESTDIR)/$(sysconfdir)/firejail/.
 	bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
+	rm -fr .etc
 	# man pages
 	rm -f firejail.1.gz
 	gzip -9n firejail.1

diff --git a/configure b/configure
@@ -3558,6 +3558,11 @@ fi
 
 
 
+# set sysconfdir
+if test "$prefix" = /usr; then
+	sysconfdir="/etc"
+fi
+
 ac_config_files="$ac_config_files Makefile src/lib/Makefile src/firejail/Makefile src/firemon/Makefile src/libtrace/Makefile src/ftee/Makefile"
 
 cat >confcache <<\_ACEOF
@@ -4731,9 +4736,12 @@ fi
 echo
 echo "Configuration options:"
 echo "   prefix: $prefix"
+echo "   sysconfdir: $sysconfdir"
 echo "   seccomp: $HAVE_SECCOMP"
 echo "   <linux/seccomp.h>: $HAVE_SECCOMP_H"
 echo "   chroot: $HAVE_CHROOT"
 echo "   bind: $HAVE_BIND"
 echo "   fatal warnings: $HAVE_FATAL_WARNINGS"
 echo
+
+
diff --git a/configure.ac b/configure.ac
@@ -47,14 +47,22 @@ AC_CHECK_HEADER(pthread.h,,AC_MSG_ERROR([*** POSIX thread support not installed
 AC_CHECK_HEADER([linux/seccomp.h], HAVE_SECCOMP_H="-DHAVE_SECCOMP_H", HAVE_SECCOMP_H="")
 AC_SUBST(HAVE_SECCOMP_H)
 
+# set sysconfdir
+if test "$prefix" = /usr; then
+	sysconfdir="/etc"
+fi
+
 AC_OUTPUT(Makefile src/lib/Makefile src/firejail/Makefile src/firemon/Makefile src/libtrace/Makefile src/ftee/Makefile)
 
 echo
 echo "Configuration options:"
 echo "   prefix: $prefix"
+echo "   sysconfdir: $sysconfdir"
 echo "   seccomp: $HAVE_SECCOMP"
 echo "   <linux/seccomp.h>: $HAVE_SECCOMP_H"
 echo "   chroot: $HAVE_CHROOT"
 echo "   bind: $HAVE_BIND"
 echo "   fatal warnings: $HAVE_FATAL_WARNINGS"
 echo
+
+
diff --git a/mketc.sh b/mketc.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+rm -fr .etc
+mkdir .etc
+
+result=$(echo $1 | sed 's/\//\\\//g')
+echo $result
+
+FILES=`ls etc/*.profile`
+for file in $FILES
+do
+	sed "s/\/etc/$result/g" $file > .$file
+done
+
+FILES=`ls etc/*.inc`
+for file in $FILES
+do
+	sed "s/\/etc/$result/g" $file > .$file
+done
diff --git a/src/firejail/Makefile.in b/src/firejail/Makefile.in
@@ -3,6 +3,7 @@ all: firejail
 prefix=@prefix@
 exec_prefix=@exec_prefix@
 libdir=@libdir@
+sysconfdir=@sysconfdir@
 
 VERSION=@PACKAGE_VERSION@
 NAME=@PACKAGE_NAME@
@@ -12,11 +13,12 @@ HAVE_CHROOT=@HAVE_CHROOT@
 HAVE_BIND=@HAVE_BIND@
 HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
 
+
 H_FILE_LIST       = $(wildcard *.[h])
 C_FILE_LIST       = $(wildcard *.c)
 OBJS = $(C_FILE_LIST:.c=.o)
 BINOBJS =  $(foreach file, $(OBJS), $file)
-CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"' -DLIBDIR='"$(libdir)"' $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_BIND) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
+CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -DPREFIX='"$(prefix)"'  -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_SECCOMP) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_BIND) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
 LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
 
 %.o : %.c $(H_FILE_LIST)

diff --git a/src/firejail/main.c b/src/firejail/main.c
@@ -1222,7 +1222,7 @@ int main(int argc, char **argv) {
 		}
 		if (!custom_profile) {
 			// look for a user profile in /etc/firejail directory
-			int rv = profile_find(cfg.command_name, "/etc/firejail");
+			int rv = profile_find(cfg.command_name, SYSCONFDIR);
 			custom_profile = rv;
 		}
 	}
@@ -1252,7 +1252,7 @@ int main(int argc, char **argv) {
 
 			if (!custom_profile) {
 				// look for the profile in /etc/firejail directory
-				custom_profile = profile_find(profile_name, "/etc/firejail");
+				custom_profile = profile_find(profile_name, SYSCONFDIR);
 			}
 
 			if (custom_profile && !arg_quiet)

diff --git a/src/firejail/profile.c b/src/firejail/profile.c
@@ -429,7 +429,7 @@ void profile_read(const char *fname) {
 	// open profile file:
 	FILE *fp = fopen(fname, "r");
 	if (fp == NULL) {
-		fprintf(stderr, "Error: cannot open profile file\n");
+		fprintf(stderr, "Error: cannot open profile file %s\n", fname);
 		exit(1);
 	}
 

diff --git a/src/firejail/restricted_shell.c b/src/firejail/restricted_shell.c
@@ -27,7 +27,11 @@ int restricted_shell(const char *user) {
 	assert(user);
 
 	// open profile file:
-	FILE *fp = fopen("/etc/firejail/login.users", "r");
+	char *fname;
+	if (asprintf(&fname, "%s/login.users", SYSCONFDIR) == -1)
+		errExit("asprintf");
+	FILE *fp = fopen(fname, "r");
+	free(fname);
 	if (fp == NULL)
 		return 0;