added firejail --apparmor.print and firemon --apparmor

author: netblue30 <netblue30@yahoo.com> 2018-01-24 08:48:50 -0500
committer: netblue30 <netblue30@yahoo.com> 2018-01-24 08:48:50 -0500
commit: 5ebebb1211364a4d7164ad30d021adabf5374d32 (patch)
tree: adcd26d88b059d25e058e19c56dd496c811e1690 /src/firemon/apparmor.c
parent: apparmor support for --overlay sandboxes (diff)
download: firejail-5ebebb1211364a4d7164ad30d021adabf5374d32.tar.gz
firejail-5ebebb1211364a4d7164ad30d021adabf5374d32.tar.zst
firejail-5ebebb1211364a4d7164ad30d021adabf5374d32.zip
1 files changed, 62 insertions, 0 deletions
diff --git a/src/firemon/apparmor.c b/src/firemon/apparmor.c
new file mode 100644
index 000000000..0fe287e8f
--- /dev/null
+++ b/src/firemon/apparmor.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2014-2018 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "firemon.h"
+#include <sys/apparmor.h>
+#ifdef HAVE_APPARMOR
+static void print_apparmor(int pid) {
+        char *label = NULL;
+        char *mode = NULL;
+        int rv = aa_gettaskcon(pid, &label, &mode);
+        if (rv != -1) {
+                printf("  AppArmor: ");
+                if (label)
+                        printf("%s ", label);
+                if (mode)
+                        printf("%s", mode);
+                printf("\n");
+        }
+}
+void apparmor(pid_t pid, int print_procs) {
+        pid_read(pid);
+        // print processes
+        int i;
+        for (i = 0; i < max_pids; i++) {
+                if (pids[i].level == 1) {
+                        if (print_procs || pid == 0)
+                                pid_print_list(i, arg_nowrap);
+                        int child = find_child(i);
+                        if (child != -1)
+                                print_apparmor(child);
+                }
+        }
+        printf("\n");
+}
+#else
+void apparmor(pid_t pid, int print_procs) {
+        (void) pid;
+        (void) print_procs;
+        printf("AppArmor support not available\n");
+}
+#endif
author	netblue30 <netblue30@yahoo.com>	2018-01-24 08:48:50 -0500
committer	netblue30 <netblue30@yahoo.com>	2018-01-24 08:48:50 -0500
commit	5ebebb1211364a4d7164ad30d021adabf5374d32 (patch)
tree	adcd26d88b059d25e058e19c56dd496c811e1690 /src/firemon/apparmor.c
parent	apparmor support for --overlay sandboxes (diff)
download	firejail-5ebebb1211364a4d7164ad30d021adabf5374d32.tar.gz firejail-5ebebb1211364a4d7164ad30d021adabf5374d32.tar.zst firejail-5ebebb1211364a4d7164ad30d021adabf5374d32.zip

diff --git a/src/firemon/apparmor.c b/src/firemon/apparmor.c new file mode 100644 index 000000000..0fe287e8f --- /dev/null +++ b/src/firemon/apparmor.c
@@ -0,0 +1,62 @@
	1	/*
	2	* Copyright (C) 2014-2018 Firejail Authors
	3	*
	4	* This file is part of firejail project
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License as published by
	8	* the Free Software Foundation; either version 2 of the License, or
	9	* (at your option) any later version.
	10	*
	11	* This program is distributed in the hope that it will be useful,
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	* GNU General Public License for more details.
	15	*
	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; if not, write to the Free Software Foundation, Inc.,
	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	19	*/
	20	#include "firemon.h"
	21	#include <sys/apparmor.h>
	22
	23	#ifdef HAVE_APPARMOR
	24	static void print_apparmor(int pid) {
	25	char *label = NULL;
	26	char *mode = NULL;
	27	int rv = aa_gettaskcon(pid, &label, &mode);
	28	if (rv != -1) {
	29	printf(" AppArmor: ");
	30	if (label)
	31	printf("%s ", label);
	32	if (mode)
	33	printf("%s", mode);
	34	printf("\n");
	35	}
	36	}
	37
	38	void apparmor(pid_t pid, int print_procs) {
	39	pid_read(pid);
	40
	41	// print processes
	42	int i;
	43	for (i = 0; i < max_pids; i++) {
	44	if (pids[i].level == 1) {
	45	if (print_procs \|\| pid == 0)
	46	pid_print_list(i, arg_nowrap);
	47	int child = find_child(i);
	48	if (child != -1)
	49	print_apparmor(child);
	50	}
	51	}
	52	printf("\n");
	53	}
	54
	55	#else
	56
	57	void apparmor(pid_t pid, int print_procs) {
	58	(void) pid;
	59	(void) print_procs;
	60	printf("AppArmor support not available\n");
	61	}
	62	#endif