diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-11-11 12:00:57 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-11-11 12:00:57 -0500 |
| commit | cffa48d80ca5f93bb1e97fbfc96364e45166a399 (patch) | |
| tree | 5a4d9610ad78dcb8e02d8d4097959ea5f7ac3bd7 /src/firemon/firemon.c | |
| parent | hidepid part 3 (diff) | |
| download | firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.tar.gz firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.tar.zst firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.zip | |
hidepid part 4
Diffstat (limited to 'src/firemon/firemon.c')
| -rw-r--r-- | src/firemon/firemon.c | 73 |
1 files changed, 41 insertions, 32 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 950311c00..1ec64bea8 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
| @@ -35,6 +35,9 @@ static int arg_caps = 0; | |||
| 35 | static int arg_cpu = 0; | 35 | static int arg_cpu = 0; |
| 36 | static int arg_cgroup = 0; | 36 | static int arg_cgroup = 0; |
| 37 | static int arg_x11 = 0; | 37 | static int arg_x11 = 0; |
| 38 | static int arg_top = 0; | ||
| 39 | static int arg_list = 0; | ||
| 40 | static int arg_netstats = 0; | ||
| 38 | int arg_nowrap = 0; | 41 | int arg_nowrap = 0; |
| 39 | 42 | ||
| 40 | static struct termios tlocal; // startup terminal setting | 43 | static struct termios tlocal; // startup terminal setting |
| @@ -118,53 +121,39 @@ int main(int argc, char **argv) { | |||
| 118 | } | 121 | } |
| 119 | 122 | ||
| 120 | // options without a pid argument | 123 | // options without a pid argument |
| 121 | else if (strcmp(argv[i], "--top") == 0) { | 124 | else if (strcmp(argv[i], "--top") == 0) |
| 122 | top(); // never to return | 125 | arg_top = 1; |
| 123 | } | 126 | else if (strcmp(argv[i], "--list") == 0) |
| 124 | else if (strcmp(argv[i], "--list") == 0) { | 127 | arg_list = 1; |
| 125 | list(); | 128 | else if (strcmp(argv[i], "--tree") == 0) |
| 126 | return 0; | 129 | arg_tree = 1; |
| 127 | } | ||
| 128 | else if (strcmp(argv[i], "--netstats") == 0) { | 130 | else if (strcmp(argv[i], "--netstats") == 0) { |
| 129 | struct stat s; | 131 | struct stat s; |
| 130 | if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) { | 132 | if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) { |
| 131 | fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n"); | 133 | fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n"); |
| 132 | exit(1); | 134 | exit(1); |
| 133 | } | 135 | } |
| 134 | 136 | arg_netstats = 1; | |
| 135 | netstats(); | ||
| 136 | return 0; | ||
| 137 | } | 137 | } |
| 138 | 138 | ||
| 139 | 139 | ||
| 140 | // cumulative options with or without a pid argument | 140 | // cumulative options with or without a pid argument |
| 141 | else if (strcmp(argv[i], "--x11") == 0) { | 141 | else if (strcmp(argv[i], "--x11") == 0) |
| 142 | arg_x11 = 1; | 142 | arg_x11 = 1; |
| 143 | } | 143 | else if (strcmp(argv[i], "--cgroup") == 0) |
| 144 | else if (strcmp(argv[i], "--cgroup") == 0) { | ||
| 145 | arg_cgroup = 1; | 144 | arg_cgroup = 1; |
| 146 | } | 145 | else if (strcmp(argv[i], "--cpu") == 0) |
| 147 | else if (strcmp(argv[i], "--cpu") == 0) { | ||
| 148 | arg_cpu = 1; | 146 | arg_cpu = 1; |
| 149 | } | 147 | else if (strcmp(argv[i], "--seccomp") == 0) |
| 150 | else if (strcmp(argv[i], "--seccomp") == 0) { | ||
| 151 | arg_seccomp = 1; | 148 | arg_seccomp = 1; |
| 152 | } | 149 | else if (strcmp(argv[i], "--caps") == 0) |
| 153 | else if (strcmp(argv[i], "--caps") == 0) { | ||
| 154 | arg_caps = 1; | 150 | arg_caps = 1; |
| 155 | } | 151 | else if (strcmp(argv[i], "--interface") == 0) |
| 156 | else if (strcmp(argv[i], "--tree") == 0) { | ||
| 157 | arg_tree = 1; | ||
| 158 | } | ||
| 159 | else if (strcmp(argv[i], "--interface") == 0) { | ||
| 160 | arg_interface = 1; | 152 | arg_interface = 1; |
| 161 | } | 153 | else if (strcmp(argv[i], "--route") == 0) |
| 162 | else if (strcmp(argv[i], "--route") == 0) { | ||
| 163 | arg_route = 1; | 154 | arg_route = 1; |
| 164 | } | 155 | else if (strcmp(argv[i], "--arp") == 0) |
| 165 | else if (strcmp(argv[i], "--arp") == 0) { | ||
| 166 | arg_arp = 1; | 156 | arg_arp = 1; |
| 167 | } | ||
| 168 | 157 | ||
| 169 | else if (strncmp(argv[i], "--name=", 7) == 0) { | 158 | else if (strncmp(argv[i], "--name=", 7) == 0) { |
| 170 | char *name = argv[i] + 7; | 159 | char *name = argv[i] + 7; |
| @@ -201,8 +190,28 @@ int main(int argc, char **argv) { | |||
| 201 | } | 190 | } |
| 202 | } | 191 | } |
| 203 | 192 | ||
| 204 | if (arg_tree) | 193 | // allow only root user if /proc is mounted hidepid |
| 205 | tree((pid_t) pid); | 194 | if (pid_hidepid() && getuid() != 0) { |
| 195 | fprintf(stderr, "Error: /proc is mounted hidepid, you would need to be root to run this command\n"); | ||
| 196 | exit(1); | ||
| 197 | } | ||
| 198 | |||
| 199 | if (arg_top) | ||
| 200 | top(); // never to return | ||
| 201 | if (arg_tree) { | ||
| 202 | tree(); | ||
| 203 | return 0; | ||
| 204 | } | ||
| 205 | if (arg_list) { | ||
| 206 | list(); | ||
| 207 | return 0; | ||
| 208 | } | ||
| 209 | if (arg_netstats) { | ||
| 210 | netstats(); | ||
| 211 | return 0; | ||
| 212 | } | ||
| 213 | |||
| 214 | // cumulative options | ||
| 206 | if (arg_interface) | 215 | if (arg_interface) |
| 207 | interface((pid_t) pid); | 216 | interface((pid_t) pid); |
| 208 | if (arg_route) | 217 | if (arg_route) |
| @@ -220,7 +229,7 @@ int main(int argc, char **argv) { | |||
| 220 | if (arg_x11) | 229 | if (arg_x11) |
| 221 | x11((pid_t) pid); | 230 | x11((pid_t) pid); |
| 222 | 231 | ||
| 223 | if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp && !arg_x11) | 232 | if (!arg_interface && !arg_route && !arg_arp && !arg_seccomp && !arg_caps && !arg_cgroup && !arg_x11) |
| 224 | procevent((pid_t) pid); // never to return | 233 | procevent((pid_t) pid); // never to return |
| 225 | 234 | ||
| 226 | return 0; | 235 | return 0; |