diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-07-01 19:19:59 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-07-01 19:19:59 -0400 |
| commit | d954df5d3319924ff1a83e3e301f70825691b4f3 (patch) | |
| tree | 81e009858a14a0ae9f2f6778a3f6f95ac6a85821 /src/faudit/pid.c | |
| parent | audit compile and install (diff) | |
| download | firejail-d954df5d3319924ff1a83e3e301f70825691b4f3.tar.gz firejail-d954df5d3319924ff1a83e3e301f70825691b4f3.tar.zst firejail-d954df5d3319924ff1a83e3e301f70825691b4f3.zip | |
audit pid
Diffstat (limited to 'src/faudit/pid.c')
| -rw-r--r-- | src/faudit/pid.c | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/src/faudit/pid.c b/src/faudit/pid.c new file mode 100644 index 000000000..861324255 --- /dev/null +++ b/src/faudit/pid.c | |||
| @@ -0,0 +1,89 @@ | |||
| 1 | /* | ||
| 2 | * Copyright (C) 2014-2016 Firejail Authors | ||
| 3 | * | ||
| 4 | * This file is part of firejail project | ||
| 5 | * | ||
| 6 | * This program is free software; you can redistribute it and/or modify | ||
| 7 | * it under the terms of the GNU General Public License as published by | ||
| 8 | * the Free Software Foundation; either version 2 of the License, or | ||
| 9 | * (at your option) any later version. | ||
| 10 | * | ||
| 11 | * This program is distributed in the hope that it will be useful, | ||
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
| 14 | * GNU General Public License for more details. | ||
| 15 | * | ||
| 16 | * You should have received a copy of the GNU General Public License along | ||
| 17 | * with this program; if not, write to the Free Software Foundation, Inc., | ||
| 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
| 19 | */ | ||
| 20 | #include "faudit.h" | ||
| 21 | |||
| 22 | void pid(void) { | ||
| 23 | char *kern_proc[] = { | ||
| 24 | "kthreadd", | ||
| 25 | "ksoftirqd", | ||
| 26 | "kworker", | ||
| 27 | "rcu_sched", | ||
| 28 | "rcu_bh", | ||
| 29 | NULL // NULL terminated list | ||
| 30 | }; | ||
| 31 | int i; | ||
| 32 | |||
| 33 | // look at the first 10 processes | ||
| 34 | for (i = 1; i <= 10; i++) { | ||
| 35 | struct stat s; | ||
| 36 | char *fname; | ||
| 37 | if (asprintf(&fname, "/proc/%d/comm", i) == -1) | ||
| 38 | errExit("asprintf"); | ||
| 39 | if (stat(fname, &s) == -1) { | ||
| 40 | free(fname); | ||
| 41 | continue; | ||
| 42 | } | ||
| 43 | |||
| 44 | // open file | ||
| 45 | /* coverity[toctou] */ | ||
| 46 | FILE *fp = fopen(fname, "r"); | ||
| 47 | if (!fp) { | ||
| 48 | fprintf(stderr, "Warning: cannot open %s\n", fname); | ||
| 49 | free(fname); | ||
| 50 | continue; | ||
| 51 | } | ||
| 52 | |||
| 53 | // read file | ||
| 54 | char buf[100]; | ||
| 55 | if (fgets(buf, 10, fp) == NULL) { | ||
| 56 | fprintf(stderr, "Warning: cannot read %s\n", fname); | ||
| 57 | fclose(fp); | ||
| 58 | free(fname); | ||
| 59 | continue; | ||
| 60 | } | ||
| 61 | // clean /n | ||
| 62 | char *ptr; | ||
| 63 | if ((ptr = strchr(buf, '\n')) != NULL) | ||
| 64 | *ptr = '\0'; | ||
| 65 | |||
| 66 | // check process name against the kernel list | ||
| 67 | int j = 0; | ||
| 68 | while (kern_proc[j] != NULL) { | ||
| 69 | if (strncmp(buf, kern_proc[j], strlen(kern_proc[j])) == 0) { | ||
| 70 | fclose(fp); | ||
| 71 | free(fname); | ||
| 72 | printf("FAUDIT: Process PID %d, not running in a PID namespace\n", getpid()); | ||
| 73 | return; | ||
| 74 | } | ||
| 75 | j++; | ||
| 76 | } | ||
| 77 | |||
| 78 | fclose(fp); | ||
| 79 | free(fname); | ||
| 80 | } | ||
| 81 | |||
| 82 | |||
| 83 | printf("FAUDIT: Process PID %d, running in a PID namespace\n", getpid()); | ||
| 84 | |||
| 85 | // try to guess the type of container/sandbox | ||
| 86 | char *str = getenv("container"); | ||
| 87 | if (str) | ||
| 88 | printf("FAUDIT: Container/sandbox: %s\n", str); | ||
| 89 | } | ||