added sandbox name support in firemon

author: netblue30 <netblue30@yahoo.com> 2018-03-21 08:56:54 -0400
committer: netblue30 <netblue30@yahoo.com> 2018-03-21 08:56:54 -0400
commit: 57ffc35a8e0264507118b9839a499375f416260c (patch)
tree: 7f406d1be0674ee964c300910f10480c68191708
parent: Merge pull request #1820 from g3ngr33n/master (diff)
download: firejail-57ffc35a8e0264507118b9839a499375f416260c.tar.gz
firejail-57ffc35a8e0264507118b9839a499375f416260c.tar.zst
firejail-57ffc35a8e0264507118b9839a499375f416260c.zip
5 files changed, 60 insertions, 29 deletions
diff --git a/RELNOTES b/RELNOTES
index bc18cfd83..e7852663e 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -23,6 +23,7 @@ firejail (0.9.53) baseline; urgency=low
  * whitelist support for overlay and chroot sandboxes
  * private-dev support for overlay and chroot sandboxes
  * private-tmp support for overlay and chroot sandboxes
+  * added sandbox name support in firemon
  * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
  * new profiles: discord-canary, pycharm-community, pycharm-professional,
  * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code,
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index ca3cf18ac..5af141289 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -31,7 +31,7 @@
 #define RUN_FIREJAIL_BASEDIR    "/run"
 #define RUN_FIREJAIL_DIR        "/run/firejail"
 #define RUN_FIREJAIL_APPIMAGE_DIR       "/run/firejail/appimage"
-#define RUN_FIREJAIL_NAME_DIR   "/run/firejail/name"
+#define RUN_FIREJAIL_NAME_DIR   "/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place
 #define RUN_FIREJAIL_X11_DIR    "/run/firejail/x11"
 #define RUN_FIREJAIL_NETWORK_DIR        "/run/firejail/network"
 #define RUN_FIREJAIL_BANDWIDTH_DIR      "/run/firejail/bandwidth"
diff --git a/src/lib/pid.c b/src/lib/pid.c
index 0b2f402d1..f138efc8c 100644
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@@ -21,6 +21,7 @@
 #include "../include/pid.h"
 #include <string.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <pwd.h>
 #include <sys/ioctl.h>
 #include <dirent.h>
@@ -165,6 +166,10 @@ doexit:
        return rv;
 }
+// todo: RUN_FIREJAIL_NAME_DIR is borrowed from src/firejail/firejail.h
+// move it in a common place
+#define RUN_FIREJAIL_NAME_DIR   "/run/firejail/name"
 static void print_elem(unsigned index, int nowrap) {
        // get terminal size
        struct winsize sz;
@@ -184,14 +189,40 @@ static void print_elem(unsigned index, int nowrap) {
        char *cmd = pid_proc_cmdline(index);
        char *user = pid_get_user_name(uid);
        char *allocated = user;
+        // extract sandbox name - pid == index
+        char *sandbox_name = "";
+        char *fname;
+        if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_NAME_DIR, index) == -1)
+                errExit("asprintf");
+        struct stat s;
+        if (stat(fname, &s) == 0) {
+                FILE *fp = fopen(fname, "r");
+                if (fp) {
+                        sandbox_name = malloc(s.st_size + 1);
+                        if (!sandbox_name)
+                                errExit("malloc");
+                        char *rv = fgets(sandbox_name, s.st_size + 1, fp);
+                        if (!rv)
+                                *sandbox_name = '\0';
+                        else {
+                                char *ptr = strchr(sandbox_name, '\n');
+                                if (ptr)
+                                        *ptr = '\0';
+                        }
+                        fclose(fp);
+                }
+        }
+        free(fname);
        if (user ==NULL)
                user = "";
        if (cmd) {
                if (col < 4 || nowrap)
-                        printf("%s%u:%s:%s\n", indent, index, user, cmd);
+                        printf("%s%u:%s:%s:%s\n", indent, index, user, sandbox_name, cmd);
                else {
                        char *out;
-                        if (asprintf(&out, "%s%u:%s:%s\n", indent, index, user, cmd) == -1)
+                        if (asprintf(&out, "%s%u:%s:%s:%s\n", indent, index, user, sandbox_name, cmd) == -1)
                                errExit("asprintf");
                        int len = strlen(out);
                        if (len > col) {
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index b05a5a722..34e4102f6 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -254,7 +254,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-caps.print=3272
@@ -309,7 +309,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-cpu.print=3272
@@ -453,7 +453,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-dns.print=3272
@@ -492,7 +492,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-fs.print=3272
@@ -662,7 +662,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-join=3272
@@ -749,11 +749,11 @@ Example:
 .br
 $ firejail \-\-list
 .br
-7015:netblue:firejail firefox
+7015:netblue:browser:firejail firefox
 .br
-7056:netblue:firejail \-\-net=eth0 transmission-gtk
+7056:netblue:torrent:firejail \-\-net=eth0 transmission-gtk
 .br
-7064:netblue:firejail \-\-noroot xterm
+7064:netblue::firejail \-\-noroot xterm
 .br
 $
 .TP
@@ -1543,7 +1543,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-protocol.print=3272
 .br
@@ -1992,7 +1992,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-shutdown=3272
 .TP
@@ -2598,12 +2598,12 @@ Limitations: audit feature is not implemented for --x11 commands.
 Option \-\-list prints a list of all sandboxes. The format
 for each process entry is as follows:
-        PID:USER:Command
+        PID:USER:Sandbox Name:Command
 Option \-\-tree prints the tree of processes running in the sandbox. The format
 for each process entry is as follows:
-        PID:USER:Command
+        PID:USER:Sandbox Name:Command
 Option \-\-top is similar to the UNIX top command, however it applies only to
 sandboxes.
@@ -2635,6 +2635,9 @@ It is a sum of the RES values for all processes running in the sandbox.
 RX(KB/s)
 Network receive speed.
 .TP
+Sandbox Name
+The name of the sandbox, if any.
+.TP
 SHR
 Shared Memory Size (KiB), it reflects memory shared with other
 processes. It is a sum of the SHR values for all processes running
@@ -2646,7 +2649,7 @@ Network transmit speed.
 Uptime
 Sandbox running time in hours:minutes:seconds format.
 .TP
-User
+USER
 The owner of the sandbox.
 .SH SECURITY PROFILES
diff --git a/src/man/firemon.txt b/src/man/firemon.txt
index 4827bbbeb..91c59af4d 100644
--- a/src/man/firemon.txt
+++ b/src/man/firemon.txt
@@ -50,7 +50,8 @@ Print route table for each sandbox.
 Print seccomp configuration for each sandbox.
 .TP
 \fB\-\-top
-Monitor the most CPU-intensive sandboxes.
+Monitor the most CPU-intensive sandboxes. This command  is similar to
+the regular UNIX top command, however it applies only to sandboxes.
 .TP
 \fB\-\-tree
 Print a tree of all sandboxed processes.
@@ -63,19 +64,11 @@ Print program version and exit.
 Print X11 display number.
 .PP
-Option \-\-list prints a list of all sandboxes. The format
+The format for each listed sandbox entry is as follows:
-for each entry is as follows:
-        PID:USER:Command
+        PID:USER:Sandbox Name:Command
-Option \-\-tree prints the tree of processes running in the sandbox. The format
+Listed below are the available fields (columns) in various firemon commands in alphabetical order:
-for each process entry is as follows:
-        PID:USER:Command
-Option \-\-top is similar to the UNIX top command, however it applies only to
-sandboxes. Listed below are the available fields (columns) in alphabetical
-order:
 .TP
 Command
@@ -95,6 +88,9 @@ RES
 Resident Memory Size (KiB), sandbox non-swapped physical memory.
 It is a sum of the RES values for all processes running in the sandbox.
 .TP
+Sandbox Name
+The name of the sandbox, if any.
+.TP
 SHR
 Shared Memory Size (KiB), it reflects memory shared with other
 processes. It is a sum of the SHR values for all processes running
@@ -103,7 +99,7 @@ in the sandbox, including the controlling process.
 Uptime
 Sandbox running time in hours:minutes:seconds format.
 .TP
-User
+USER
 The owner of the sandbox.
 .SH LICENSE
author	netblue30 <netblue30@yahoo.com>	2018-03-21 08:56:54 -0400
committer	netblue30 <netblue30@yahoo.com>	2018-03-21 08:56:54 -0400
commit	57ffc35a8e0264507118b9839a499375f416260c (patch)
tree	7f406d1be0674ee964c300910f10480c68191708
parent	Merge pull request #1820 from g3ngr33n/master (diff)
download	firejail-57ffc35a8e0264507118b9839a499375f416260c.tar.gz firejail-57ffc35a8e0264507118b9839a499375f416260c.tar.zst firejail-57ffc35a8e0264507118b9839a499375f416260c.zip