Add options for D-Bus logging

--dbus-user.log and --dbus-system.log instruct xdg-dbus-proxy to log interactions with the session and system buses, respectively. --dbus-log= can specify the location of the log file. If no location is specified, log output is written to stdout.
author: Kristóf Marussy <kris7topher@gmail.com> 2020-05-04 19:11:54 +0200
committer: Kristóf Marussy <kristof@marussy.com> 2020-05-07 01:56:40 +0200
commit: 416d385ea749d59529d5624de87a0c5c1b44cdb6 (patch)
tree: ac2ef6934fa84f5088c949594eb6ffd7da6f6b76 /src/firejail/main.c
parent: Add dbus-*.call and dbus-*.broadcast commands (diff)
download: firejail-416d385ea749d59529d5624de87a0c5c1b44cdb6.tar.gz
firejail-416d385ea749d59529d5624de87a0c5c1b44cdb6.tar.zst
firejail-416d385ea749d59529d5624de87a0c5c1b44cdb6.zip
1 files changed, 32 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 8d60d3790..e458d16f4 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -148,6 +148,9 @@ int arg_nou2f = 0; // --nou2f
 int arg_deterministic_exit_code = 0;    // always exit with first child's exit status
 DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW;   // --dbus-user
 DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system
+const char *arg_dbus_log_file = NULL;
+int arg_dbus_log_user = 0;
+int arg_dbus_log_system = 0;
 int login_shell = 0;
 //**********************************************************************************
@@ -2067,6 +2070,10 @@ int main(int argc, char **argv, char **envp) {
                                }
                                arg_dbus_user = DBUS_POLICY_FILTER;
                        } else if (strcmp("none", argv[i] + 12) == 0) {
+                                if (arg_dbus_log_user) {
+                                        fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n");
+                                        exit(1);
+                                }
                                arg_dbus_user = DBUS_POLICY_BLOCK;
                        } else {
                                fprintf(stderr, "Unknown dbus-user policy: %s\n", argv[i] + 12);
@@ -2121,6 +2128,10 @@ int main(int argc, char **argv, char **envp) {
                                }
                                arg_dbus_system = DBUS_POLICY_FILTER;
                        } else if (strcmp("none", argv[i] + 14) == 0) {
+                                if (arg_dbus_log_system) {
+                                        fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n");
+                                        exit(1);
+                                }
                                arg_dbus_system = DBUS_POLICY_BLOCK;
                        } else {
                                fprintf(stderr, "Unknown dbus-system policy: %s\n", argv[i] + 14);
@@ -2167,6 +2178,27 @@ int main(int argc, char **argv, char **envp) {
                        profile_check_line(line, 0, NULL); // will exit if something wrong
                        profile_add(line);
                }
+                else if (strncmp(argv[i], "--dbus-log=", 11) == 0) {
+                        if (arg_dbus_log_file != NULL) {
+                                fprintf(stderr, "Error: --dbus-log option already specified\n");
+                                exit(1);
+                        }
+                        arg_dbus_log_file = argv[i] + 11;
+                }
+                else if (strcmp(argv[i], "--dbus-user.log") == 0) {
+                        if (arg_dbus_user != DBUS_POLICY_FILTER) {
+                                fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n");
+                                exit(1);
+                        }
+                        arg_dbus_log_user = 1;
+                }
+                else if (strcmp(argv[i], "--dbus-system.log") == 0) {
+                        if (arg_dbus_system != DBUS_POLICY_FILTER) {
+                                fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n");
+                                exit(1);
+                        }
+                        arg_dbus_log_system = 1;
+                }
                //*************************************
                // network
author	Kristóf Marussy <kris7topher@gmail.com>	2020-05-04 19:11:54 +0200
committer	Kristóf Marussy <kristof@marussy.com>	2020-05-07 01:56:40 +0200
commit	416d385ea749d59529d5624de87a0c5c1b44cdb6 (patch)
tree	ac2ef6934fa84f5088c949594eb6ffd7da6f6b76 /src/firejail/main.c
parent	Add dbus-.call and dbus-.broadcast commands (diff)
download	firejail-416d385ea749d59529d5624de87a0c5c1b44cdb6.tar.gz firejail-416d385ea749d59529d5624de87a0c5c1b44cdb6.tar.zst firejail-416d385ea749d59529d5624de87a0c5c1b44cdb6.zip

diff --git a/src/firejail/main.c b/src/firejail/main.c index 8d60d3790..e458d16f4 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -148,6 +148,9 @@ int arg_nou2f = 0; // --nou2f
148	int arg_deterministic_exit_code = 0; // always exit with first child's exit status	148	int arg_deterministic_exit_code = 0; // always exit with first child's exit status
149	DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW; // --dbus-user	149	DbusPolicy arg_dbus_user = DBUS_POLICY_ALLOW; // --dbus-user
150	DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system	150	DbusPolicy arg_dbus_system = DBUS_POLICY_ALLOW; // --dbus-system
		151	const char *arg_dbus_log_file = NULL;
		152	int arg_dbus_log_user = 0;
		153	int arg_dbus_log_system = 0;
151	int login_shell = 0;	154	int login_shell = 0;
152		155
153	//**********************************************************************************	156	//**********************************************************************************
@@ -2067,6 +2070,10 @@ int main(int argc, char argv, char envp) {
2067	}	2070	}
2068	arg_dbus_user = DBUS_POLICY_FILTER;	2071	arg_dbus_user = DBUS_POLICY_FILTER;
2069	} else if (strcmp("none", argv[i] + 12) == 0) {	2072	} else if (strcmp("none", argv[i] + 12) == 0) {
		2073	if (arg_dbus_log_user) {
		2074	fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n");
		2075	exit(1);
		2076	}
2070	arg_dbus_user = DBUS_POLICY_BLOCK;	2077	arg_dbus_user = DBUS_POLICY_BLOCK;
2071	} else {	2078	} else {
2072	fprintf(stderr, "Unknown dbus-user policy: %s\n", argv[i] + 12);	2079	fprintf(stderr, "Unknown dbus-user policy: %s\n", argv[i] + 12);
@@ -2121,6 +2128,10 @@ int main(int argc, char argv, char envp) {
2121	}	2128	}
2122	arg_dbus_system = DBUS_POLICY_FILTER;	2129	arg_dbus_system = DBUS_POLICY_FILTER;
2123	} else if (strcmp("none", argv[i] + 14) == 0) {	2130	} else if (strcmp("none", argv[i] + 14) == 0) {
		2131	if (arg_dbus_log_system) {
		2132	fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n");
		2133	exit(1);
		2134	}
2124	arg_dbus_system = DBUS_POLICY_BLOCK;	2135	arg_dbus_system = DBUS_POLICY_BLOCK;
2125	} else {	2136	} else {
2126	fprintf(stderr, "Unknown dbus-system policy: %s\n", argv[i] + 14);	2137	fprintf(stderr, "Unknown dbus-system policy: %s\n", argv[i] + 14);
@@ -2167,6 +2178,27 @@ int main(int argc, char argv, char envp) {
2167	profile_check_line(line, 0, NULL); // will exit if something wrong	2178	profile_check_line(line, 0, NULL); // will exit if something wrong
2168	profile_add(line);	2179	profile_add(line);
2169	}	2180	}
		2181	else if (strncmp(argv[i], "--dbus-log=", 11) == 0) {
		2182	if (arg_dbus_log_file != NULL) {
		2183	fprintf(stderr, "Error: --dbus-log option already specified\n");
		2184	exit(1);
		2185	}
		2186	arg_dbus_log_file = argv[i] + 11;
		2187	}
		2188	else if (strcmp(argv[i], "--dbus-user.log") == 0) {
		2189	if (arg_dbus_user != DBUS_POLICY_FILTER) {
		2190	fprintf(stderr, "Error: --dbus-user.log requires --dbus-user=filter\n");
		2191	exit(1);
		2192	}
		2193	arg_dbus_log_user = 1;
		2194	}
		2195	else if (strcmp(argv[i], "--dbus-system.log") == 0) {
		2196	if (arg_dbus_system != DBUS_POLICY_FILTER) {
		2197	fprintf(stderr, "Error: --dbus-system.log requires --dbus-system=filter\n");
		2198	exit(1);
		2199	}
		2200	arg_dbus_log_system = 1;
		2201	}
2170		2202
2171	//*************************************	2203	//*************************************
2172	// network	2204	// network