aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar startx2017 <vradu.startx@yandex.com>2018-05-09 19:40:14 -0400
committerLibravatar startx2017 <vradu.startx@yandex.com>2018-05-09 19:40:14 -0400
commit7deb720ba8a9b7efffa636c815bd3aac05160577 (patch)
treefeec766b595af48a14849cb36852052203db9e81
parentdon't display firejail --list/--tree/--top processes in firemon stats (diff)
downloadfirejail-7deb720ba8a9b7efffa636c815bd3aac05160577.tar.gz
firejail-7deb720ba8a9b7efffa636c815bd3aac05160577.tar.zst
firejail-7deb720ba8a9b7efffa636c815bd3aac05160577.zip
firemon/prctl enhancements
Diffstat
-rw-r--r--RELNOTES1
-rw-r--r--src/firemon/procevent.c44
2 files changed, 39 insertions, 6 deletions
diff --git a/RELNOTES b/RELNOTES
index 4945e3d3c..0cd51a16d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -34,6 +34,7 @@ firejail (0.9.54~rc1) baseline; urgency=low
34 * private-dev support for overlay and chroot sandboxes 34 * private-dev support for overlay and chroot sandboxes
35 * private-tmp support for overlay and chroot sandboxes 35 * private-tmp support for overlay and chroot sandboxes
36 * added sandbox name support in firemon 36 * added sandbox name support in firemon
37 * firemon/prctl enhancements
37 * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, 38 * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
38 * new profiles: discord-canary, pycharm-community, pycharm-professional, 39 * new profiles: discord-canary, pycharm-community, pycharm-professional,
39 * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, 40 * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine,
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index 301e5397b..5b16191be 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -94,10 +94,21 @@ static int pid_is_firejail(pid_t pid) {
94 // list of firejail arguments that don't trigger sandbox creation 94 // list of firejail arguments that don't trigger sandbox creation
95 // the initial -- is not included 95 // the initial -- is not included
96 char *exclude_args[] = { 96 char *exclude_args[] = {
97 "ls", "list", "tree", "x11", "help", "version", "top", "netstats", "debug-syscalls", 97 // all print options
98 "debug-errnos", "debug-protocols", "protocol.print", "debug.caps", 98 "apparmor.print", "caps.print", "cpu.print", "dns.print", "fs.print", "netfilter.print",
99 "shutdown", "bandwidth", "caps.print", "cpu.print", "debug-caps", 99 "netfilter6.print", "profile.print", "protocol.print", "seccomp.print",
100 "fs.print", "get", "overlay-clean", NULL 100 // debug
101 "debug-caps", "debug-errnos", "debug-protocols", "debug-syscalls",
102 // file transfer
103 "ls", "get", "put",
104 // stats
105 "tree", "list", "top",
106 // network
107 "netstats", "bandwidth",
108 // etc
109 "help", "version", "overlay-clean",
110
111 NULL // end of list marker
101 }; 112 };
102 113
103 int i; 114 int i;
@@ -291,6 +302,7 @@ static int procevent_monitor(const int sock, pid_t mypid) {
291 child %= max_pids; 302 child %= max_pids;
292 pids[child].level = pids[pid].level + 1; 303 pids[child].level = pids[pid].level + 1;
293 pids[child].uid = pid_get_uid(child); 304 pids[child].uid = pid_get_uid(child);
305 pids[child].parent = pid;
294 } 306 }
295 sprintf(lineptr, " fork"); 307 sprintf(lineptr, " fork");
296 break; 308 break;
@@ -318,12 +330,22 @@ static int procevent_monitor(const int sock, pid_t mypid) {
318 sprintf(lineptr, " exit"); 330 sprintf(lineptr, " exit");
319 break; 331 break;
320 332
333
334
321 case PROC_EVENT_UID: 335 case PROC_EVENT_UID:
322 pid = proc_ev->event_data.id.process_tgid; 336 pid = proc_ev->event_data.id.process_tgid;
323#ifdef DEBUG_PRCTL 337#ifdef DEBUG_PRCTL
324 printf("%s: %d, event uid, pid %d\n", __FUNCTION__, __LINE__, pid); 338 printf("%s: %d, event uid, pid %d\n", __FUNCTION__, __LINE__, pid);
325#endif 339#endif
326 sprintf(lineptr, " uid "); 340 if (pids[pid].level == 1 ||
341 pids[pids[pid].parent].level == 1) {
342 sprintf(lineptr, "\n");
343 continue;
344 }
345 else
346 sprintf(lineptr, " uid (%d:%d)",
347 proc_ev->event_data.id.r.ruid,
348 proc_ev->event_data.id.e.euid);
327 break; 349 break;
328 350
329 case PROC_EVENT_GID: 351 case PROC_EVENT_GID:
@@ -331,9 +353,19 @@ static int procevent_monitor(const int sock, pid_t mypid) {
331#ifdef DEBUG_PRCTL 353#ifdef DEBUG_PRCTL
332 printf("%s: %d, event gid, pid %d\n", __FUNCTION__, __LINE__, pid); 354 printf("%s: %d, event gid, pid %d\n", __FUNCTION__, __LINE__, pid);
333#endif 355#endif
334 sprintf(lineptr, " gid "); 356 if (pids[pid].level == 1 ||
357 pids[pids[pid].parent].level == 1) {
358 sprintf(lineptr, "\n");
359 continue;
360 }
361 else
362 sprintf(lineptr, " gid (%d:%d)",
363 proc_ev->event_data.id.r.rgid,
364 proc_ev->event_data.id.e.egid);
335 break; 365 break;
336 366
367
368
337 case PROC_EVENT_SID: 369 case PROC_EVENT_SID:
338 pid = proc_ev->event_data.sid.process_tgid; 370 pid = proc_ev->event_data.sid.process_tgid;
339#ifdef DEBUG_PRCTL 371#ifdef DEBUG_PRCTL
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-05-27 06:54:53 +0000