replaced --nowrap with --wrap in firemon (#2992)

author: netblue30 <netblue30@yahoo.com> 2020-10-01 08:55:41 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-10-01 08:55:41 -0400
commit: 78e519f5108d327afb3341439fee9a49491534fe (patch)
tree: bd77a6c686abc61e11fca3dd81a1e5ea3f9b02b9
parent: print error for /home/netblue in profile files (#3071) (diff)
download: firejail-78e519f5108d327afb3341439fee9a49491534fe.tar.gz
firejail-78e519f5108d327afb3341439fee9a49491534fe.tar.zst
firejail-78e519f5108d327afb3341439fee9a49491534fe.zip
15 files changed, 19 insertions, 20 deletions
diff --git a/RELNOTES b/RELNOTES
index 375948d75..8cf636781 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,6 +1,6 @@
 firejail (0.9.63) baseline; urgency=low
  * work in progress
-  * security: fixes for CVE-2020-17367 & CVE-2020-17368, reported by Tim Starling
+  * replaced --nowrap option with --wrap in firemon
  * The blocking action of seccomp filters has been changed from
    killing the process to returning EPERM to the caller. To get the
    previous behaviour, use --seccomp-error-action=kill or
diff --git a/src/firemon/apparmor.c b/src/firemon/apparmor.c
index 028dbc212..c34a44165 100644
--- a/src/firemon/apparmor.c
+++ b/src/firemon/apparmor.c
@@ -44,7 +44,7 @@ void apparmor(pid_t pid, int print_procs) {
        for (i = 0; i < max_pids; i++) {
                if (pids[i].level == 1) {
                        if (print_procs || pid == 0)
-                                pid_print_list(i, arg_nowrap);
+                                pid_print_list(i, arg_wrap);
                        int child = find_child(i);
                        if (child != -1)
                                print_apparmor(child);
diff --git a/src/firemon/arp.c b/src/firemon/arp.c
index a43593ced..3bd59e65e 100644
--- a/src/firemon/arp.c
+++ b/src/firemon/arp.c
@@ -80,7 +80,7 @@ void arp(pid_t pid, int print_procs) {
        for (i = 0; i < max_pids; i++) {
                if (pids[i].level == 1) {
                        if (print_procs || pid == 0)
-                                pid_print_list(i, arg_nowrap);
+                                pid_print_list(i, arg_wrap);
                        int child = find_child(i);
                        if (child != -1) {
                                char *fname;
diff --git a/src/firemon/caps.c b/src/firemon/caps.c
index 951bd21a5..0e720706d 100644
--- a/src/firemon/caps.c
+++ b/src/firemon/caps.c
@@ -53,7 +53,7 @@ void caps(pid_t pid, int print_procs) {
        for (i = 0; i < max_pids; i++) {
                if (pids[i].level == 1) {
                        if (print_procs || pid == 0)
-                                pid_print_list(i, arg_nowrap);
+                                pid_print_list(i, arg_wrap);
                        int child = find_child(i);
                        if (child != -1)
                                print_caps(child);
diff --git a/src/firemon/cgroup.c b/src/firemon/cgroup.c
index 251db0077..e0d605d10 100644
--- a/src/firemon/cgroup.c
+++ b/src/firemon/cgroup.c
@@ -53,7 +53,7 @@ void cgroup(pid_t pid, int print_procs) {
        for (i = 0; i < max_pids; i++) {
                if (pids[i].level == 1) {
                        if (print_procs || pid == 0)
-                                pid_print_list(i, arg_nowrap);
+                                pid_print_list(i, arg_wrap);
                        int child = find_child(i);
                        if (child != -1)
                                print_cgroup(child);
diff --git a/src/firemon/cpu.c b/src/firemon/cpu.c
index 6170ef8c1..e97068851 100644
--- a/src/firemon/cpu.c
+++ b/src/firemon/cpu.c
@@ -54,7 +54,7 @@ void cpu(pid_t pid, int print_procs) {
        for (i = 0; i < max_pids; i++) {
                if (pids[i].level == 1) {
                        if (print_procs || pid == 0)
-                                pid_print_list(i, arg_nowrap);
+                                pid_print_list(i, arg_wrap);
                        int child = find_child(i);
                        if (child != -1)
                                print_cpu(child);
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 238fbcdfe..5ae0ed013 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -40,7 +40,7 @@ static int arg_top = 0;
 static int arg_list = 0;
 static int arg_netstats = 0;
 static int arg_apparmor = 0;
-int arg_nowrap = 0;
+int arg_wrap = 0;
 static struct termios tlocal;   // startup terminal setting
 static struct termios twait;    // no wait on key press
@@ -206,8 +206,8 @@ int main(int argc, char **argv) {
                }
                // etc
-                else if (strcmp(argv[i], "--nowrap") == 0)
+                else if (strcmp(argv[i], "--wrap") == 0)
-                        arg_nowrap = 1;
+                        arg_wrap = 1;
                // invalid option
                else if (*argv[i] == '-') {
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h
index 3fba486eb..948214d4d 100644
--- a/src/firemon/firemon.h
+++ b/src/firemon/firemon.h
@@ -40,7 +40,7 @@ static inline void firemon_clrscr(void) {
 // firemon.c
 extern pid_t skip_process;
-extern int arg_nowrap;
+extern int arg_wrap;
 int find_child(int id);
 void firemon_sleep(int st);
diff --git a/src/firemon/interface.c b/src/firemon/interface.c
index 325ffd80e..34d616647 100644
--- a/src/firemon/interface.c
+++ b/src/firemon/interface.c
@@ -163,7 +163,7 @@ void interface(pid_t pid, int print_procs) {
        for (i = 0; i < max_pids; i++) {
                if (pids[i].level == 1) {
                        if (print_procs || pid == 0)
-                                pid_print_list(i, arg_nowrap);
+                                pid_print_list(i, arg_wrap);
                        int child = find_child(i);
                        if (child != -1) {
                                print_sandbox(child);
diff --git a/src/firemon/list.c b/src/firemon/list.c
index 8a07f9eb2..22a08272d 100644
--- a/src/firemon/list.c
+++ b/src/firemon/list.c
@@ -28,6 +28,6 @@ void list(void) {
                if (i == skip_process)
                        continue;
                if (pids[i].level == 1)
-                        pid_print_list(i, arg_nowrap);
+                        pid_print_list(i, arg_wrap);
        }
 }
diff --git a/src/firemon/route.c b/src/firemon/route.c
index 9fd46505f..19c823a87 100644
--- a/src/firemon/route.c
+++ b/src/firemon/route.c
@@ -189,7 +189,7 @@ void route(pid_t pid, int print_procs) {
        for (i = 0; i < max_pids; i++) {
                if (pids[i].level == 1) {
                        if (print_procs || pid == 0)
-                                pid_print_list(i, arg_nowrap);
+                                pid_print_list(i, arg_wrap);
                        int child = find_child(i);
                        if (child != -1) {
                                char *fname;
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c
index 7bc700ee6..7867fbad3 100644
--- a/src/firemon/seccomp.c
+++ b/src/firemon/seccomp.c
@@ -52,7 +52,7 @@ void seccomp(pid_t pid, int print_procs) {
        for (i = 0; i < max_pids; i++) {
                if (pids[i].level == 1) {
                        if (print_procs || pid == 0)
-                                pid_print_list(i, arg_nowrap);
+                                pid_print_list(i, arg_wrap);
                        int child = find_child(i);
                        if (child != -1)
                                print_seccomp(child);
diff --git a/src/firemon/tree.c b/src/firemon/tree.c
index f3610eaec..711066c19 100644
--- a/src/firemon/tree.c
+++ b/src/firemon/tree.c
@@ -28,7 +28,7 @@ void tree(pid_t pid) {
                if (i == skip_process)
                        continue;
                if (pids[i].level == 1)
-                        pid_print_tree(i, 0, arg_nowrap);
+                        pid_print_tree(i, 0, arg_wrap);
        }
        printf("\n");
 }
diff --git a/src/firemon/x11.c b/src/firemon/x11.c
index a41f4825f..19b54429c 100644
--- a/src/firemon/x11.c
+++ b/src/firemon/x11.c
@@ -30,7 +30,7 @@ void x11(pid_t pid, int print_procs) {
        for (i = 0; i < max_pids; i++) {
                if (pids[i].level == 1) {
                        if (print_procs || pid == 0)
-                                pid_print_list(i, arg_nowrap);
+                                pid_print_list(i, arg_wrap);
                        char *x11file;
                        // todo: use macro from src/firejail/firejail.h for /run/firejail/x11 directory
diff --git a/src/man/firemon.txt b/src/man/firemon.txt
index f74e56ef9..cea6c0265 100644
--- a/src/man/firemon.txt
+++ b/src/man/firemon.txt
@@ -46,9 +46,6 @@ Print information only about named sandbox.
 \fB\-\-netstats
 Monitor network statistics for sandboxes creating a new network namespace.
 #endif
-.TP
-\fB\-\-nowrap
-Enable line wrapping in terminals. By default the lines are trimmed.
 #ifdef HAVE_NETWORK
 .TP
 \fB\-\-route
@@ -67,7 +64,9 @@ Print a tree of all sandboxed processes.
 .TP
 \fB\-\-version
 Print program version and exit.
+.TP
+\fB\-\-wrap
+Enable line wrapping in terminals. By default the lines are trimmed.
 .TP
 \fB\-\-x11
 Print X11 display number.
author	netblue30 <netblue30@yahoo.com>	2020-10-01 08:55:41 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-10-01 08:55:41 -0400
commit	78e519f5108d327afb3341439fee9a49491534fe (patch)
tree	bd77a6c686abc61e11fca3dd81a1e5ea3f9b02b9
parent	print error for /home/netblue in profile files (#3071) (diff)
download	firejail-78e519f5108d327afb3341439fee9a49491534fe.tar.gz firejail-78e519f5108d327afb3341439fee9a49491534fe.tar.zst firejail-78e519f5108d327afb3341439fee9a49491534fe.zip

diff --git a/RELNOTES b/RELNOTES index 375948d75..8cf636781 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,6 +1,6 @@
1	firejail (0.9.63) baseline; urgency=low	1	firejail (0.9.63) baseline; urgency=low
2	* work in progress	2	* work in progress
3	* security: fixes for CVE-2020-17367 & CVE-2020-17368, reported by Tim Starling	3	* replaced --nowrap option with --wrap in firemon
4	* The blocking action of seccomp filters has been changed from	4	* The blocking action of seccomp filters has been changed from
5	killing the process to returning EPERM to the caller. To get the	5	killing the process to returning EPERM to the caller. To get the
6	previous behaviour, use --seccomp-error-action=kill or	6	previous behaviour, use --seccomp-error-action=kill or


diff --git a/src/firemon/apparmor.c b/src/firemon/apparmor.c index 028dbc212..c34a44165 100644 --- a/src/firemon/apparmor.c +++ b/src/firemon/apparmor.c
@@ -44,7 +44,7 @@ void apparmor(pid_t pid, int print_procs) {
44	for (i = 0; i < max_pids; i++) {	44	for (i = 0; i < max_pids; i++) {
45	if (pids[i].level == 1) {	45	if (pids[i].level == 1) {
46	if (print_procs \|\| pid == 0)	46	if (print_procs \|\| pid == 0)
47	pid_print_list(i, arg_nowrap);	47	pid_print_list(i, arg_wrap);
48	int child = find_child(i);	48	int child = find_child(i);
49	if (child != -1)	49	if (child != -1)
50	print_apparmor(child);	50	print_apparmor(child);


diff --git a/src/firemon/arp.c b/src/firemon/arp.c index a43593ced..3bd59e65e 100644 --- a/src/firemon/arp.c +++ b/src/firemon/arp.c
@@ -80,7 +80,7 @@ void arp(pid_t pid, int print_procs) {
80	for (i = 0; i < max_pids; i++) {	80	for (i = 0; i < max_pids; i++) {
81	if (pids[i].level == 1) {	81	if (pids[i].level == 1) {
82	if (print_procs \|\| pid == 0)	82	if (print_procs \|\| pid == 0)
83	pid_print_list(i, arg_nowrap);	83	pid_print_list(i, arg_wrap);
84	int child = find_child(i);	84	int child = find_child(i);
85	if (child != -1) {	85	if (child != -1) {
86	char *fname;	86	char *fname;


diff --git a/src/firemon/caps.c b/src/firemon/caps.c index 951bd21a5..0e720706d 100644 --- a/src/firemon/caps.c +++ b/src/firemon/caps.c
@@ -53,7 +53,7 @@ void caps(pid_t pid, int print_procs) {
53	for (i = 0; i < max_pids; i++) {	53	for (i = 0; i < max_pids; i++) {
54	if (pids[i].level == 1) {	54	if (pids[i].level == 1) {
55	if (print_procs \|\| pid == 0)	55	if (print_procs \|\| pid == 0)
56	pid_print_list(i, arg_nowrap);	56	pid_print_list(i, arg_wrap);
57	int child = find_child(i);	57	int child = find_child(i);
58	if (child != -1)	58	if (child != -1)
59	print_caps(child);	59	print_caps(child);


diff --git a/src/firemon/cgroup.c b/src/firemon/cgroup.c index 251db0077..e0d605d10 100644 --- a/src/firemon/cgroup.c +++ b/src/firemon/cgroup.c
@@ -53,7 +53,7 @@ void cgroup(pid_t pid, int print_procs) {
53	for (i = 0; i < max_pids; i++) {	53	for (i = 0; i < max_pids; i++) {
54	if (pids[i].level == 1) {	54	if (pids[i].level == 1) {
55	if (print_procs \|\| pid == 0)	55	if (print_procs \|\| pid == 0)
56	pid_print_list(i, arg_nowrap);	56	pid_print_list(i, arg_wrap);
57	int child = find_child(i);	57	int child = find_child(i);
58	if (child != -1)	58	if (child != -1)
59	print_cgroup(child);	59	print_cgroup(child);


diff --git a/src/firemon/cpu.c b/src/firemon/cpu.c index 6170ef8c1..e97068851 100644 --- a/src/firemon/cpu.c +++ b/src/firemon/cpu.c
@@ -54,7 +54,7 @@ void cpu(pid_t pid, int print_procs) {
54	for (i = 0; i < max_pids; i++) {	54	for (i = 0; i < max_pids; i++) {
55	if (pids[i].level == 1) {	55	if (pids[i].level == 1) {
56	if (print_procs \|\| pid == 0)	56	if (print_procs \|\| pid == 0)
57	pid_print_list(i, arg_nowrap);	57	pid_print_list(i, arg_wrap);
58	int child = find_child(i);	58	int child = find_child(i);
59	if (child != -1)	59	if (child != -1)
60	print_cpu(child);	60	print_cpu(child);


diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 238fbcdfe..5ae0ed013 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c
@@ -40,7 +40,7 @@ static int arg_top = 0;
40	static int arg_list = 0;	40	static int arg_list = 0;
41	static int arg_netstats = 0;	41	static int arg_netstats = 0;
42	static int arg_apparmor = 0;	42	static int arg_apparmor = 0;
43	int arg_nowrap = 0;	43	int arg_wrap = 0;
44		44
45	static struct termios tlocal; // startup terminal setting	45	static struct termios tlocal; // startup terminal setting
46	static struct termios twait; // no wait on key press	46	static struct termios twait; // no wait on key press
@@ -206,8 +206,8 @@ int main(int argc, char **argv) {
206	}	206	}
207		207
208	// etc	208	// etc
209	else if (strcmp(argv[i], "--nowrap") == 0)	209	else if (strcmp(argv[i], "--wrap") == 0)
210	arg_nowrap = 1;	210	arg_wrap = 1;
211		211
212	// invalid option	212	// invalid option
213	else if (*argv[i] == '-') {	213	else if (*argv[i] == '-') {


diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index 3fba486eb..948214d4d 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h
@@ -40,7 +40,7 @@ static inline void firemon_clrscr(void) {
40		40
41	// firemon.c	41	// firemon.c
42	extern pid_t skip_process;	42	extern pid_t skip_process;
43	extern int arg_nowrap;	43	extern int arg_wrap;
44	int find_child(int id);	44	int find_child(int id);
45	void firemon_sleep(int st);	45	void firemon_sleep(int st);
46		46


diff --git a/src/firemon/interface.c b/src/firemon/interface.c index 325ffd80e..34d616647 100644 --- a/src/firemon/interface.c +++ b/src/firemon/interface.c
@@ -163,7 +163,7 @@ void interface(pid_t pid, int print_procs) {
163	for (i = 0; i < max_pids; i++) {	163	for (i = 0; i < max_pids; i++) {
164	if (pids[i].level == 1) {	164	if (pids[i].level == 1) {
165	if (print_procs \|\| pid == 0)	165	if (print_procs \|\| pid == 0)
166	pid_print_list(i, arg_nowrap);	166	pid_print_list(i, arg_wrap);
167	int child = find_child(i);	167	int child = find_child(i);
168	if (child != -1) {	168	if (child != -1) {
169	print_sandbox(child);	169	print_sandbox(child);


diff --git a/src/firemon/list.c b/src/firemon/list.c index 8a07f9eb2..22a08272d 100644 --- a/src/firemon/list.c +++ b/src/firemon/list.c
@@ -28,6 +28,6 @@ void list(void) {
28	if (i == skip_process)	28	if (i == skip_process)
29	continue;	29	continue;
30	if (pids[i].level == 1)	30	if (pids[i].level == 1)
31	pid_print_list(i, arg_nowrap);	31	pid_print_list(i, arg_wrap);
32	}	32	}
33	}	33	}


diff --git a/src/firemon/route.c b/src/firemon/route.c index 9fd46505f..19c823a87 100644 --- a/src/firemon/route.c +++ b/src/firemon/route.c
@@ -189,7 +189,7 @@ void route(pid_t pid, int print_procs) {
189	for (i = 0; i < max_pids; i++) {	189	for (i = 0; i < max_pids; i++) {
190	if (pids[i].level == 1) {	190	if (pids[i].level == 1) {
191	if (print_procs \|\| pid == 0)	191	if (print_procs \|\| pid == 0)
192	pid_print_list(i, arg_nowrap);	192	pid_print_list(i, arg_wrap);
193	int child = find_child(i);	193	int child = find_child(i);
194	if (child != -1) {	194	if (child != -1) {
195	char *fname;	195	char *fname;


diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c index 7bc700ee6..7867fbad3 100644 --- a/src/firemon/seccomp.c +++ b/src/firemon/seccomp.c
@@ -52,7 +52,7 @@ void seccomp(pid_t pid, int print_procs) {
52	for (i = 0; i < max_pids; i++) {	52	for (i = 0; i < max_pids; i++) {
53	if (pids[i].level == 1) {	53	if (pids[i].level == 1) {
54	if (print_procs \|\| pid == 0)	54	if (print_procs \|\| pid == 0)
55	pid_print_list(i, arg_nowrap);	55	pid_print_list(i, arg_wrap);
56	int child = find_child(i);	56	int child = find_child(i);
57	if (child != -1)	57	if (child != -1)
58	print_seccomp(child);	58	print_seccomp(child);


diff --git a/src/firemon/tree.c b/src/firemon/tree.c index f3610eaec..711066c19 100644 --- a/src/firemon/tree.c +++ b/src/firemon/tree.c
@@ -28,7 +28,7 @@ void tree(pid_t pid) {
28	if (i == skip_process)	28	if (i == skip_process)
29	continue;	29	continue;
30	if (pids[i].level == 1)	30	if (pids[i].level == 1)
31	pid_print_tree(i, 0, arg_nowrap);	31	pid_print_tree(i, 0, arg_wrap);
32	}	32	}
33	printf("\n");	33	printf("\n");
34	}	34	}


diff --git a/src/firemon/x11.c b/src/firemon/x11.c index a41f4825f..19b54429c 100644 --- a/src/firemon/x11.c +++ b/src/firemon/x11.c
@@ -30,7 +30,7 @@ void x11(pid_t pid, int print_procs) {
30	for (i = 0; i < max_pids; i++) {	30	for (i = 0; i < max_pids; i++) {
31	if (pids[i].level == 1) {	31	if (pids[i].level == 1) {
32	if (print_procs \|\| pid == 0)	32	if (print_procs \|\| pid == 0)
33	pid_print_list(i, arg_nowrap);	33	pid_print_list(i, arg_wrap);
34		34
35	char *x11file;	35	char *x11file;
36	// todo: use macro from src/firejail/firejail.h for /run/firejail/x11 directory	36	// todo: use macro from src/firejail/firejail.h for /run/firejail/x11 directory


diff --git a/src/man/firemon.txt b/src/man/firemon.txt index f74e56ef9..cea6c0265 100644 --- a/src/man/firemon.txt +++ b/src/man/firemon.txt
@@ -46,9 +46,6 @@ Print information only about named sandbox.
46	\fB\-\-netstats	46	\fB\-\-netstats
47	Monitor network statistics for sandboxes creating a new network namespace.	47	Monitor network statistics for sandboxes creating a new network namespace.
48	#endif	48	#endif
49	.TP
50	\fB\-\-nowrap
51	Enable line wrapping in terminals. By default the lines are trimmed.
52	#ifdef HAVE_NETWORK	49	#ifdef HAVE_NETWORK
53	.TP	50	.TP
54	\fB\-\-route	51	\fB\-\-route
@@ -67,7 +64,9 @@ Print a tree of all sandboxed processes.
67	.TP	64	.TP
68	\fB\-\-version	65	\fB\-\-version
69	Print program version and exit.	66	Print program version and exit.
70		67	.TP
		68	\fB\-\-wrap
		69	Enable line wrapping in terminals. By default the lines are trimmed.
71	.TP	70	.TP
72	\fB\-\-x11	71	\fB\-\-x11
73	Print X11 display number.	72	Print X11 display number.