glitsj16/firejail.fix.sorting

## firejail.fix.sorting
#!/bin/env python3
#
## sort options with multi-item values in firejail files
#+ based on https://gist.github.com/rusty-snake/a1010a3daf3c54e93dfe03f2f5ce3d96
#+ requirements: python >= 3.6
from sys import argv

def fix_caps(line):
    filenames = line[10:].split(",")
    filenames.sort(key=lambda s: s.casefold())
    return ",".join(filenames)

def fix_private(line):
    filenames = line[12:].split(",")
    filenames.sort(key=lambda s: s.casefold())
    return ",".join(filenames)

def fix_seccomp(line):
    filenames = line[13:].split(",")
    filenames.sort(key=lambda s: s.casefold())
    return ",".join(filenames)

def fix_profile(filename):
    with open(filename, "r+") as profile:
        lines = profile.read().split("\n")
        was_fixed = False
        fixed_profile = []
        for line in lines:
            if line[:10] == "caps.drop ":
                fixed_line = f"caps.drop {fix_caps(line)}"
                fixed_profile.append(fixed_line)
                if not fixed_line == line:
                    was_fixed = True
            elif line[:10] == "caps.keep ":
                fixed_line = f"caps.keep {fix_caps(line)}"
                fixed_profile.append(fixed_line)
                if not fixed_line == line:
                    was_fixed = True
            elif line[:13] == "seccomp.drop ":
                fixed_line = f"seccomp.drop {fix_seccomp(line)}"
                fixed_profile.append(fixed_line)
                if not fixed_line == line:
                    was_fixed = True
            elif line[:13] == "seccomp.keep ":
                fixed_line = f"seccomp.keep {fix_seccomp(line)}"
                fixed_profile.append(fixed_line)
                if not fixed_line == line:
                    was_fixed = True
            elif line[:12] == "private-bin ":
                fixed_line = f"private-bin {fix_private(line)}"
                fixed_profile.append(fixed_line)
                if not fixed_line == line:
                    was_fixed = True
            elif line[:12] == "private-etc ":
                fixed_line = f"private-etc {fix_private(line)}"
                fixed_profile.append(fixed_line)
                if not fixed_line == line:
                    was_fixed = True
            elif line[:12] == "private-lib ":
                fixed_line = f"private-lib {fix_private(line)}"
                fixed_profile.append(fixed_line)
                if not fixed_line == line:
                    was_fixed = True
            else:
                fixed_profile.append(f"{line}")
        if was_fixed:
            profile.seek(0)
            profile.truncate()
            profile.write("\n".join(fixed_profile))
            profile.flush()
            print(f"[ Fixed ] {filename}")

def main(args):
    for filename in args:
        try:
            fix_profile(filename)
        except FileNotFoundError:
            print(f"[ Error ] Can't find {filename}")
        except PermissionError:
            print(f"[ Error ] Can't read/write {filename}")
        except:
            print(f"[ Error ] An error occurred while processing {filename}")


if __name__ == "__main__":
    main(argv[1:])
	#!/bin/env python3
	#
	## sort options with multi-item values in firejail files
	#+ based on https://gist.github.com/rusty-snake/a1010a3daf3c54e93dfe03f2f5ce3d96
	#+ requirements: python >= 3.6
	from sys import argv

	def fix_caps(line):
	filenames = line[10:].split(",")
	filenames.sort(key=lambda s: s.casefold())
	return ",".join(filenames)

	def fix_private(line):
	filenames = line[12:].split(",")
	filenames.sort(key=lambda s: s.casefold())
	return ",".join(filenames)

	def fix_seccomp(line):
	filenames = line[13:].split(",")
	filenames.sort(key=lambda s: s.casefold())
	return ",".join(filenames)

	def fix_profile(filename):
	with open(filename, "r+") as profile:
	lines = profile.read().split("\n")
	was_fixed = False
	fixed_profile = []
	for line in lines:
	if line[:10] == "caps.drop ":
	fixed_line = f"caps.drop {fix_caps(line)}"
	fixed_profile.append(fixed_line)
	if not fixed_line == line:
	was_fixed = True
	elif line[:10] == "caps.keep ":
	fixed_line = f"caps.keep {fix_caps(line)}"
	fixed_profile.append(fixed_line)
	if not fixed_line == line:
	was_fixed = True
	elif line[:13] == "seccomp.drop ":
	fixed_line = f"seccomp.drop {fix_seccomp(line)}"
	fixed_profile.append(fixed_line)
	if not fixed_line == line:
	was_fixed = True
	elif line[:13] == "seccomp.keep ":
	fixed_line = f"seccomp.keep {fix_seccomp(line)}"
	fixed_profile.append(fixed_line)
	if not fixed_line == line:
	was_fixed = True
	elif line[:12] == "private-bin ":
	fixed_line = f"private-bin {fix_private(line)}"
	fixed_profile.append(fixed_line)
	if not fixed_line == line:
	was_fixed = True
	elif line[:12] == "private-etc ":
	fixed_line = f"private-etc {fix_private(line)}"
	fixed_profile.append(fixed_line)
	if not fixed_line == line:
	was_fixed = True
	elif line[:12] == "private-lib ":
	fixed_line = f"private-lib {fix_private(line)}"
	fixed_profile.append(fixed_line)
	if not fixed_line == line:
	was_fixed = True
	else:
	fixed_profile.append(f"{line}")
	if was_fixed:
	profile.seek(0)
	profile.truncate()
	profile.write("\n".join(fixed_profile))
	profile.flush()
	print(f"[ Fixed ] {filename}")

	def main(args):
	for filename in args:
	try:
	fix_profile(filename)
	except FileNotFoundError:
	print(f"[ Error ] Can't find {filename}")
	except PermissionError:
	print(f"[ Error ] Can't read/write {filename}")
	except:
	print(f"[ Error ] An error occurred while processing {filename}")


	if __name__ == "__main__":
	main(argv[1:])