add dumpable warnings

author: smitsohu <smitsohu@gmail.com> 2020-08-17 17:08:43 +0200
committer: smitsohu <smitsohu@gmail.com> 2020-08-17 17:08:43 +0200
commit: 9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea (patch)
tree: c6732e4a925e5f594cf30db251db9e8e65d3b0e7
parent: various x11 xorg enhancements (diff)
download: firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.tar.gz
firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.tar.zst
firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.zip
13 files changed, 58 insertions, 12 deletions
diff --git a/src/fcopy/main.c b/src/fcopy/main.c
index 83d9c17e6..bda7e2f1b 100644
--- a/src/fcopy/main.c
+++ b/src/fcopy/main.c
@@ -23,6 +23,7 @@
 #include <ftw.h>
 #include <errno.h>
 #include <pwd.h>
+#include <sys/prctl.h>
 #if HAVE_SELINUX
 #include <sys/stat.h>
@@ -411,6 +412,11 @@ int main(int argc, char **argv) {
                exit(1);
        }
+#ifdef WARN_DUMPABLE
+        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+                fprintf(stderr, "Error fcopy: I am dumpable\n");
+#endif
        // trim trailing chars
        if (src[strlen(src) - 1] == '/')
                src[strlen(src) - 1] = '\0';
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 79e39b669..4aa5311a2 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1275,6 +1275,10 @@ int main(int argc, char **argv, char **envp) {
        }
        EUID_ASSERT();
+#ifdef WARN_DUMPABLE
+        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid())
+                fprintf(stderr, "Error: Firejail is dumpable\n");
+#endif
        // check for force-nonewprivs in /etc/firejail/firejail.config file
        if (checkcfg(CFG_FORCE_NONEWPRIVS))
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index 99f11a246..cf3d3aeed 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -48,6 +48,7 @@ static int sbox_do_exec_v(unsigned filtermask, char * const arg[]) {
        if (cfg.seccomp_error_action)
                if (asprintf(&new_environment[env_index++], "FIREJAIL_SECCOMP_ERROR_ACTION=%s", cfg.seccomp_error_action) == -1)
                        errExit("asprintf");
+        new_environment[env_index++] = "FIREJAIL_PLUGIN="; // always set
        if (filtermask & SBOX_STDIN_FROM_FILE) {
                int fd;
diff --git a/src/fldd/main.c b/src/fldd/main.c
index dd22e601e..567f6c566 100644
--- a/src/fldd/main.c
+++ b/src/fldd/main.c
@@ -24,6 +24,7 @@
 #include <fcntl.h>
 #include <sys/mman.h>
 #include <sys/mount.h>
+#include <sys/prctl.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -302,6 +303,11 @@ printf("\n");
                return 0;
        }
+#ifdef WARN_DUMPABLE
+        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+                fprintf(stderr, "Error fldd: I am dumpable\n");
+#endif
        // check program access
        if (access(argv[1], R_OK)) {
                fprintf(stderr, "Error fldd: cannot access %s\n", argv[1]);
diff --git a/src/fnet/main.c b/src/fnet/main.c
index 95e12164e..22879b8ce 100644
--- a/src/fnet/main.c
+++ b/src/fnet/main.c
@@ -21,6 +21,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/utsname.h>
+#include <sys/prctl.h>
 int arg_quiet = 0;
@@ -64,16 +65,19 @@ printf("\n");
                usage();
                return 1;
        }
-        char *quiet = getenv("FIREJAIL_QUIET");
-        if (quiet && strcmp(quiet, "yes") == 0)
-                arg_quiet = 1;
        if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) {
                usage();
                return 0;
        }
-        else if (argc == 3 && strcmp(argv[1], "ifup") == 0) {
+#ifdef WARN_DUMPABLE
+        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+                fprintf(stderr, "Error fnet: I am dumpable\n");
+#endif
+        char *quiet = getenv("FIREJAIL_QUIET");
+        if (quiet && strcmp(quiet, "yes") == 0)
+                arg_quiet = 1;
+        if (argc == 3 && strcmp(argv[1], "ifup") == 0) {
                net_if_up(argv[2]);
        }
        else if (argc == 2 && strcmp(argv[1], "printif") == 0) {
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c
index 8124beb1a..bac60cbec 100644
--- a/src/fnetfilter/main.c
+++ b/src/fnetfilter/main.c
@@ -18,6 +18,7 @@
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #include "../include/common.h"
+#include <sys/prctl.h>
 #define MAXBUF 4098
 #define MAXARGS 16
@@ -180,7 +181,10 @@ printf("\n");
                usage();
                return 1;
        }
+#ifdef WARN_DUMPABLE
+        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+                fprintf(stderr, "Error fnetfilter: I am dumpable\n");
+#endif
        char *destfile = (argc == 3)? argv[2]: argv[1];
        char *command = (argc == 3)? argv[1]: NULL;
 //printf("command %s\n", command);
diff --git a/src/fsec-optimize/fsec_optimize.h b/src/fsec-optimize/fsec_optimize.h
index 211111641..034fde2ac 100644
--- a/src/fsec-optimize/fsec_optimize.h
+++ b/src/fsec-optimize/fsec_optimize.h
@@ -22,6 +22,7 @@
 #include "../include/common.h"
 #include "../include/seccomp.h"
 #include <sys/mman.h>
+#include <sys/prctl.h>
 // optimize.c
 struct sock_filter *duplicate(struct sock_filter *filter, int entries);
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index 416d85b88..4da110583 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -44,6 +44,11 @@ printf("\n");
                return 0;
        }
+#ifdef WARN_DUMPABLE
+        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+                fprintf(stderr, "Error fsec-optimize: I am dumpable\n");
+#endif
        char *fname = argv[1];
        // open input file
diff --git a/src/fsec-print/fsec_print.h b/src/fsec-print/fsec_print.h
index 337199288..9d17e3f18 100644
--- a/src/fsec-print/fsec_print.h
+++ b/src/fsec-print/fsec_print.h
@@ -23,6 +23,7 @@
 #include "../include/seccomp.h"
 #include "../include/syscall.h"
 #include <sys/mman.h>
+#include <sys/prctl.h>
 // print.c
 void print(struct sock_filter *filter, int entries);
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c
index ade45c881..858289767 100644
--- a/src/fsec-print/main.c
+++ b/src/fsec-print/main.c
@@ -61,6 +61,11 @@ printf("\n");
                return 0;
        }
+#ifdef WARN_DUMPABLE
+        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+                fprintf(stderr, "Error fsec-print: I am dumpable\n");
+#endif
        char *fname = argv[1];
        // open input file
diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h
index e8dd083b6..e40999938 100644
--- a/src/fseccomp/fseccomp.h
+++ b/src/fseccomp/fseccomp.h
@@ -23,6 +23,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <sys/prctl.h>
 #include "../include/common.h"
 #include "../include/syscall.h"
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c
index 892a88e25..6b7800f35 100644
--- a/src/fseccomp/main.c
+++ b/src/fseccomp/main.c
@@ -64,6 +64,15 @@ printf("\n");
                usage();
                return 1;
        }
+        if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) {
+                usage();
+                return 0;
+        }
+#ifdef WARN_DUMPABLE
+        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+                fprintf(stderr, "Error fseccomp: I am dumpable\n");
+#endif
        char *quiet = getenv("FIREJAIL_QUIET");
        if (quiet && strcmp(quiet, "yes") == 0)
@@ -81,11 +90,7 @@ printf("\n");
                }
        }
-        if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") ==0) {
+        if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0)
-                usage();
-                return 0;
-        }
-        else if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0)
                syscall_print();
        else if (argc == 2 && strcmp(argv[1], "debug-syscalls32") == 0)
                syscall_print_32();
diff --git a/src/include/common.h b/src/include/common.h
index c65ba0d55..025f3c247 100644
--- a/src/include/common.h
+++ b/src/include/common.h
@@ -34,6 +34,9 @@
 #define errExit(msg)    do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0)
+// check if processes run with dumpable flag set
+#define WARN_DUMPABLE
 // macro to print ip addresses in a printf statement
 #define PRINT_IP(A) \
 ((int) (((A) >> 24) & 0xFF)),  ((int) (((A) >> 16) & 0xFF)), ((int) (((A) >> 8) & 0xFF)), ((int) ( (A) & 0xFF))
author	smitsohu <smitsohu@gmail.com>	2020-08-17 17:08:43 +0200
committer	smitsohu <smitsohu@gmail.com>	2020-08-17 17:08:43 +0200
commit	9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea (patch)
tree	c6732e4a925e5f594cf30db251db9e8e65d3b0e7
parent	various x11 xorg enhancements (diff)
download	firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.tar.gz firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.tar.zst firejail-9e3b7b90cf9aad35fc8db2eabdeb9e1ed038acea.zip

diff --git a/src/fcopy/main.c b/src/fcopy/main.c index 83d9c17e6..bda7e2f1b 100644 --- a/src/fcopy/main.c +++ b/src/fcopy/main.c
@@ -23,6 +23,7 @@
23	#include <ftw.h>	23	#include <ftw.h>
24	#include <errno.h>	24	#include <errno.h>
25	#include <pwd.h>	25	#include <pwd.h>
		26	#include <sys/prctl.h>
26		27
27	#if HAVE_SELINUX	28	#if HAVE_SELINUX
28	#include <sys/stat.h>	29	#include <sys/stat.h>
@@ -411,6 +412,11 @@ int main(int argc, char **argv) {
411	exit(1);	412	exit(1);
412	}	413	}
413		414
		415	#ifdef WARN_DUMPABLE
		416	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
		417	fprintf(stderr, "Error fcopy: I am dumpable\n");
		418	#endif
		419
414	// trim trailing chars	420	// trim trailing chars
415	if (src[strlen(src) - 1] == '/')	421	if (src[strlen(src) - 1] == '/')
416	src[strlen(src) - 1] = '\0';	422	src[strlen(src) - 1] = '\0';


diff --git a/src/firejail/main.c b/src/firejail/main.c index 79e39b669..4aa5311a2 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -1275,6 +1275,10 @@ int main(int argc, char argv, char envp) {
1275	}	1275	}
1276	EUID_ASSERT();	1276	EUID_ASSERT();
1277		1277
		1278	#ifdef WARN_DUMPABLE
		1279	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid())
		1280	fprintf(stderr, "Error: Firejail is dumpable\n");
		1281	#endif
1278		1282
1279	// check for force-nonewprivs in /etc/firejail/firejail.config file	1283	// check for force-nonewprivs in /etc/firejail/firejail.config file
1280	if (checkcfg(CFG_FORCE_NONEWPRIVS))	1284	if (checkcfg(CFG_FORCE_NONEWPRIVS))


diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c index 99f11a246..cf3d3aeed 100644 --- a/src/firejail/sbox.c +++ b/src/firejail/sbox.c
@@ -48,6 +48,7 @@ static int sbox_do_exec_v(unsigned filtermask, char * const arg[]) {
48	if (cfg.seccomp_error_action)	48	if (cfg.seccomp_error_action)
49	if (asprintf(&new_environment[env_index++], "FIREJAIL_SECCOMP_ERROR_ACTION=%s", cfg.seccomp_error_action) == -1)	49	if (asprintf(&new_environment[env_index++], "FIREJAIL_SECCOMP_ERROR_ACTION=%s", cfg.seccomp_error_action) == -1)
50	errExit("asprintf");	50	errExit("asprintf");
		51	new_environment[env_index++] = "FIREJAIL_PLUGIN="; // always set
51		52
52	if (filtermask & SBOX_STDIN_FROM_FILE) {	53	if (filtermask & SBOX_STDIN_FROM_FILE) {
53	int fd;	54	int fd;


diff --git a/src/fldd/main.c b/src/fldd/main.c index dd22e601e..567f6c566 100644 --- a/src/fldd/main.c +++ b/src/fldd/main.c
@@ -24,6 +24,7 @@
24	#include <fcntl.h>	24	#include <fcntl.h>
25	#include <sys/mman.h>	25	#include <sys/mman.h>
26	#include <sys/mount.h>	26	#include <sys/mount.h>
		27	#include <sys/prctl.h>
27	#include <sys/stat.h>	28	#include <sys/stat.h>
28	#include <sys/types.h>	29	#include <sys/types.h>
29	#include <unistd.h>	30	#include <unistd.h>
@@ -302,6 +303,11 @@ printf("\n");
302	return 0;	303	return 0;
303	}	304	}
304		305
		306	#ifdef WARN_DUMPABLE
		307	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
		308	fprintf(stderr, "Error fldd: I am dumpable\n");
		309	#endif
		310
305	// check program access	311	// check program access
306	if (access(argv[1], R_OK)) {	312	if (access(argv[1], R_OK)) {
307	fprintf(stderr, "Error fldd: cannot access %s\n", argv[1]);	313	fprintf(stderr, "Error fldd: cannot access %s\n", argv[1]);


diff --git a/src/fnet/main.c b/src/fnet/main.c index 95e12164e..22879b8ce 100644 --- a/src/fnet/main.c +++ b/src/fnet/main.c
@@ -21,6 +21,7 @@
21	#include <sys/types.h>	21	#include <sys/types.h>
22	#include <sys/stat.h>	22	#include <sys/stat.h>
23	#include <sys/utsname.h>	23	#include <sys/utsname.h>
		24	#include <sys/prctl.h>
24		25
25	int arg_quiet = 0;	26	int arg_quiet = 0;
26		27
@@ -64,16 +65,19 @@ printf("\n");
64	usage();	65	usage();
65	return 1;	66	return 1;
66	}	67	}
67
68	char *quiet = getenv("FIREJAIL_QUIET");
69	if (quiet && strcmp(quiet, "yes") == 0)
70	arg_quiet = 1;
71
72	if (strcmp(argv[1], "-h") == 0 \|\| strcmp(argv[1], "--help") == 0 \|\| strcmp(argv[1], "-?") ==0) {	68	if (strcmp(argv[1], "-h") == 0 \|\| strcmp(argv[1], "--help") == 0 \|\| strcmp(argv[1], "-?") ==0) {
73	usage();	69	usage();
74	return 0;	70	return 0;
75	}	71	}
76	else if (argc == 3 && strcmp(argv[1], "ifup") == 0) {	72	#ifdef WARN_DUMPABLE
		73	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
		74	fprintf(stderr, "Error fnet: I am dumpable\n");
		75	#endif
		76	char *quiet = getenv("FIREJAIL_QUIET");
		77	if (quiet && strcmp(quiet, "yes") == 0)
		78	arg_quiet = 1;
		79
		80	if (argc == 3 && strcmp(argv[1], "ifup") == 0) {
77	net_if_up(argv[2]);	81	net_if_up(argv[2]);
78	}	82	}
79	else if (argc == 2 && strcmp(argv[1], "printif") == 0) {	83	else if (argc == 2 && strcmp(argv[1], "printif") == 0) {


diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c index 8124beb1a..bac60cbec 100644 --- a/src/fnetfilter/main.c +++ b/src/fnetfilter/main.c
@@ -18,6 +18,7 @@
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/	19	*/
20	#include "../include/common.h"	20	#include "../include/common.h"
		21	#include <sys/prctl.h>
21		22
22	#define MAXBUF 4098	23	#define MAXBUF 4098
23	#define MAXARGS 16	24	#define MAXARGS 16
@@ -180,7 +181,10 @@ printf("\n");
180	usage();	181	usage();
181	return 1;	182	return 1;
182	}	183	}
183		184	#ifdef WARN_DUMPABLE
		185	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
		186	fprintf(stderr, "Error fnetfilter: I am dumpable\n");
		187	#endif
184	char *destfile = (argc == 3)? argv[2]: argv[1];	188	char *destfile = (argc == 3)? argv[2]: argv[1];
185	char *command = (argc == 3)? argv[1]: NULL;	189	char *command = (argc == 3)? argv[1]: NULL;
186	//printf("command %s\n", command);	190	//printf("command %s\n", command);


diff --git a/src/fsec-optimize/fsec_optimize.h b/src/fsec-optimize/fsec_optimize.h index 211111641..034fde2ac 100644 --- a/src/fsec-optimize/fsec_optimize.h +++ b/src/fsec-optimize/fsec_optimize.h
@@ -22,6 +22,7 @@
22	#include "../include/common.h"	22	#include "../include/common.h"
23	#include "../include/seccomp.h"	23	#include "../include/seccomp.h"
24	#include <sys/mman.h>	24	#include <sys/mman.h>
		25	#include <sys/prctl.h>
25		26
26	// optimize.c	27	// optimize.c
27	struct sock_filter duplicate(struct sock_filter filter, int entries);	28	struct sock_filter duplicate(struct sock_filter filter, int entries);


diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c index 416d85b88..4da110583 100644 --- a/src/fsec-optimize/main.c +++ b/src/fsec-optimize/main.c
@@ -44,6 +44,11 @@ printf("\n");
44	return 0;	44	return 0;
45	}	45	}
46		46
		47	#ifdef WARN_DUMPABLE
		48	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
		49	fprintf(stderr, "Error fsec-optimize: I am dumpable\n");
		50	#endif
		51
47	char *fname = argv[1];	52	char *fname = argv[1];
48		53
49	// open input file	54	// open input file


diff --git a/src/fsec-print/fsec_print.h b/src/fsec-print/fsec_print.h index 337199288..9d17e3f18 100644 --- a/src/fsec-print/fsec_print.h +++ b/src/fsec-print/fsec_print.h
@@ -23,6 +23,7 @@
23	#include "../include/seccomp.h"	23	#include "../include/seccomp.h"
24	#include "../include/syscall.h"	24	#include "../include/syscall.h"
25	#include <sys/mman.h>	25	#include <sys/mman.h>
		26	#include <sys/prctl.h>
26		27
27	// print.c	28	// print.c
28	void print(struct sock_filter *filter, int entries);	29	void print(struct sock_filter *filter, int entries);


diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c index ade45c881..858289767 100644 --- a/src/fsec-print/main.c +++ b/src/fsec-print/main.c
@@ -61,6 +61,11 @@ printf("\n");
61	return 0;	61	return 0;
62	}	62	}
63		63
		64	#ifdef WARN_DUMPABLE
		65	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
		66	fprintf(stderr, "Error fsec-print: I am dumpable\n");
		67	#endif
		68
64	char *fname = argv[1];	69	char *fname = argv[1];
65		70
66	// open input file	71	// open input file


diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h index e8dd083b6..e40999938 100644 --- a/src/fseccomp/fseccomp.h +++ b/src/fseccomp/fseccomp.h
@@ -23,6 +23,7 @@
23	#include <stdlib.h>	23	#include <stdlib.h>
24	#include <string.h>	24	#include <string.h>
25	#include <assert.h>	25	#include <assert.h>
		26	#include <sys/prctl.h>
26	#include "../include/common.h"	27	#include "../include/common.h"
27	#include "../include/syscall.h"	28	#include "../include/syscall.h"
28		29


diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index 892a88e25..6b7800f35 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c
@@ -64,6 +64,15 @@ printf("\n");
64	usage();	64	usage();
65	return 1;	65	return 1;
66	}	66	}
		67	if (strcmp(argv[1], "-h") == 0 \|\| strcmp(argv[1], "--help") == 0 \|\| strcmp(argv[1], "-?") ==0) {
		68	usage();
		69	return 0;
		70	}
		71
		72	#ifdef WARN_DUMPABLE
		73	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
		74	fprintf(stderr, "Error fseccomp: I am dumpable\n");
		75	#endif
67		76
68	char *quiet = getenv("FIREJAIL_QUIET");	77	char *quiet = getenv("FIREJAIL_QUIET");
69	if (quiet && strcmp(quiet, "yes") == 0)	78	if (quiet && strcmp(quiet, "yes") == 0)
@@ -81,11 +90,7 @@ printf("\n");
81	}	90	}
82	}	91	}
83		92
84	if (strcmp(argv[1], "-h") == 0 \|\| strcmp(argv[1], "--help") == 0 \|\| strcmp(argv[1], "-?") ==0) {	93	if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0)
85	usage();
86	return 0;
87	}
88	else if (argc == 2 && strcmp(argv[1], "debug-syscalls") == 0)
89	syscall_print();	94	syscall_print();
90	else if (argc == 2 && strcmp(argv[1], "debug-syscalls32") == 0)	95	else if (argc == 2 && strcmp(argv[1], "debug-syscalls32") == 0)
91	syscall_print_32();	96	syscall_print_32();


diff --git a/src/include/common.h b/src/include/common.h index c65ba0d55..025f3c247 100644 --- a/src/include/common.h +++ b/src/include/common.h
@@ -34,6 +34,9 @@
34		34
35	#define errExit(msg) do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0)	35	#define errExit(msg) do { char msgout[500]; snprintf(msgout, 500, "Error %s: %s:%d %s", msg, __FILE__, __LINE__, __FUNCTION__); perror(msgout); exit(1);} while (0)
36		36
		37	// check if processes run with dumpable flag set
		38	#define WARN_DUMPABLE
		39
37	// macro to print ip addresses in a printf statement	40	// macro to print ip addresses in a printf statement
38	#define PRINT_IP(A) \	41	#define PRINT_IP(A) \
39	((int) (((A) >> 24) & 0xFF)), ((int) (((A) >> 16) & 0xFF)), ((int) (((A) >> 8) & 0xFF)), ((int) ( (A) & 0xFF))	42	((int) (((A) >> 24) & 0xFF)), ((int) (((A) >> 16) & 0xFF)), ((int) (((A) >> 8) & 0xFF)), ((int) ( (A) & 0xFF))