private-etc rework: file groups moved to src/include/etc_groups.h, new groups added

Author: netblue30

src/firejail/Makefile

@@ -13,7 +13,9 @@ MOD_HDRS = \
 ../include/seccomp.h \
 ../include/syscall_i386.h \
 ../include/syscall_x86_64.h \
-../include/firejail_user.h
+../include/firejail_user.h \
+../include/etc_groups.h
+
 
 MOD_OBJS = \
 ../lib/common.o \

src/firejail/fs_etc.c

@@ -25,67 +25,9 @@
 #include <time.h>
 #include <unistd.h>
 #include <glob.h>
+#include "../include/etc_groups.h"
 
-#define ETC_MAX 256
 static int etc_cnt = 0;
-static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
-	"alternatives",
-	"fonts",
-	"ld.so.cache",
-	"ld.so.conf",
-	"ld.so.conf.d",
-	"ld.so.preload",
-	"locale",
-	"locale.alias",
-	"locale.conf",
-	"locale.gen",
-	"localtime",
-	"nsswitch.conf",
-	"passwd",
-	NULL
-};
-
-static char*etc_group_network[] = {
-	"hostname",
-	"hosts",
-	"resolv.conf",
-	"protocols",
-	NULL
-};
-
-static char *etc_group_gnome[] = {
-	"xdg",
-	"drirc",
-	"dconf",
-	"gtk-2.0",
-	"gtk-3.0",
-	NULL
-};
-
-static char *etc_group_kde[] = {
-	"xdg",
-	"drirc",
-	"kde4rc",
-	"kde5rc",
-	NULL
-};
-
-static char *etc_group_sound[] = {
-	"alsa",
-	"asound.conf",
-	"machine-id", // required by PulseAudio
-	"pulse",
-	NULL
-};
-
-static char *etc_group_tls_ca[] = {
-	"ca-certificates",
-	"ca-certificates.conf",
-	"crypto-policies",
-	"pki",
-	"ssl",
-	NULL
-};
 
 static void etc_copy_group(char **pptr) {
 	assert(pptr);
@@ -137,10 +79,14 @@ char *fs_etc_build(char *str) {
 			// look for standard groups
 			if (strcmp(ptr, "TLS-CA") == 0)
 				etc_copy_group(&etc_group_tls_ca[0]);
-			if (strcmp(ptr, "GNOME") == 0)
-				etc_copy_group(&etc_group_gnome[0]);
-			if (strcmp(ptr, "KDE") == 0)
-				etc_copy_group(&etc_group_kde[0]);
+			if (strcmp(ptr, "GUI") == 0)
+				etc_copy_group(&etc_group_gui[0]);
+			if (strcmp(ptr, "SOUND") == 0)
+				etc_copy_group(&etc_group_sound[0]);
+			if (strcmp(ptr, "NETWORK") == 0)
+				etc_copy_group(&etc_group_network[0]);
+			if (strcmp(ptr, "GAMES") == 0)
+				etc_copy_group(&etc_group_games[0]);
 			else
 				etc_add(ptr);
 			ptr = strtok(NULL, ",");

src/include/etc_groups.h

@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2014-2022 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+#ifndef ETC_GROUPS_H
+#define ETC_GROUPS_H
+
+#define ETC_MAX 256
+
+// DEFAULT
+static char *etc_list[ETC_MAX + 1] = { // plus 1 for ending NULL pointer
+	"alternatives",
+	"fonts",
+	"ld.so.cache",
+	"ld.so.conf",
+	"ld.so.conf.d",
+	"ld.so.preload",
+	"locale",
+	"locale.alias",
+	"locale.conf",
+	"localtime",
+	"nsswitch.conf",
+	"passwd",
+	NULL
+};
+
+// SOUND
+static char *etc_group_sound[] = {
+	"alsa",
+	"asound.conf",
+	"machine-id", // required by PulseAudio
+	"pulse",
+	NULL
+};
+
+// NETWORK
+static char*etc_group_network[] = {
+	"hostname",
+	"hosts",
+	"resolv.conf",
+	"protocols",
+	NULL
+};
+
+// TLS-CA
+static char *etc_group_tls_ca[] = {
+	"ca-certificates",
+	"crypto-policies",
+	"gcrypt",
+	"pki",
+	"ssl",
+	NULL
+};
+
+// GUI
+static char *etc_group_gui[] = {
+	"xdg",
+	"drirc",
+	"dconf",
+	"gtk-2.0",
+	"gtk-3.0",
+	"kde4rc",
+	"kde5rc",
+	NULL
+};
+
+// GAMES
+static char *etc_group_games[] = {
+	"timidity", // MIDI
+	"timidity.cfg",
+	"openal", // 3D sound
+};
+
+#endif