-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathfirejail_browser
More file actions
executable file
·132 lines (115 loc) · 3.66 KB
/
firejail_browser
File metadata and controls
executable file
·132 lines (115 loc) · 3.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/bin/bash
help() {
echo 'usage: firejail_browser'
echo ' firejail_browser --help'
echo
echo ' This script lists you the running firejails,'
echo ' lets you select one from the menu and lets you'
echo ' execute an action on that firejail:'
echo ' * get one or multiple files from that jail: will option a'
echo ' file selection dialogue inside the jail'
echo ' * use cursor and tab keys to navigate'
echo ' * press Space to select a file or a directory'
echo ' * press Enter to get file or change into directory'
echo ' * press CTRL-C to abort'
echo ' * put a file into the jail (currently not'
echo ' implemented)'
echo ' * open a shell in the jail'
echo
echo ' Put and get require you to have the'
echo ' https://github.com/tpo/little_shell_scripts/blob/master/file_chooser'
echo ' script installed in a standard binary path.'
echo
echo ' ATTENTION: when getting files from a jail we will at least partly'
echo ' circumvent the file name sanitacion that firejail is'
echo ' trying to enforce'
echo
exit 1
}
[ "$1" == "--help" ] && help
set -e # stop on error
set -u # stop on undefined variable
set -o pipefail # stop part of pipeline failing
# firejail will refuse to get files with real names.
#
# Therefore we:
# * first sanitize the file name
# * symlink the file to sanely named version
# * return the sanely named symlink
#
sanitize_file() {
local file_path="$1"
local sane_file_path
local tmp_dir
tmp_dir="$( firejail --join=$jail bash -c "mktemp -d /tmp/firejail_browser_sanitized_files_XXXXXX" )"
sane_file_name="$( echo "$( basename "$file_path" )" | sed 's/,/_/g' )"
sane_file_path="$tmp_dir/$sane_file_name"
if [ "$file_path" != "$sane_file_path" ]; then
firejail --join=$jail bash -c "ln -s \"$file_path\" \"$sane_file_path\""
fi
# return sanitized path
echo "$sane_file_path"
}
get() {
local echo_dir="$1"
local initial_dir="$2"
local file_path="$( firejail --join=$jail bash -c "cd \"$initial_dir\"; file_chooser" )"
# firejail will refuse to get files with real names.
#
# Therefore we:
# * inside `sanitize_file`
# * first sanitize the file name
# * symlink the file to sanely named version
# * get the file with the sanitized name
# * rename it to the name it had before
#
file_name="$( basename "$file_path" )"
sane_file_path="$( sanitize_file "$file_path" )"
sane_file_name="$( basename "$sane_file_path" )"
firejail --get=$jail "$sane_file_path"
if [ "$file_name" != "$sane_file_name" ]; then
mv "$sane_file_name" "$file_name"
fi
if [ "$echo_dir" == "--echo-dir" ]; then
echo "$( dirname "$file_path" )"
fi
}
readarray -t jails < <( firejail --list )
echo "Please select the appropriate device:"
select jail_line in "${jails[@]}" Quit; do
break
done
[ "$jail_line" == "Quit" ] && exit 0
jail=$( echo "$jail_line" | sed 's/:.*//' )
select action in get multi_get put exec; do
break
done
initial_dir="Downloads"
case "$action" in
get)
get --no-echo-dir "$initial_dir"
;;
multi_get)
while true; do
dir_of_last_get="$( get --echo-dir "$initial_dir" )"
initial_dir="$dir_of_last_get"
echo "Press Enter to get next file or CTRL-C to abort"
read
done
;;
put)
src="$( file_chooser )"
filename="$( basename "$src" )"
dest="/tmp/$filename"
if firejail --put=$jail "$src" "$dest"; then
echo "'$src' was copied to '$dest'"
else
echo "There was some error"
fi
;;
exec)
firejail --join=$jail
;;
*)
echo "not implemented"
esac