diff options
author | netblue30 <netblue30@yahoo.com> | 2017-02-07 16:43:55 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-02-07 16:43:55 -0500 |
commit | 14489ed329a8b90c621d144fb638e3b2bcda3cce (patch) | |
tree | 1a1f8f7d939d43e5a317d357e70fc39d3e6cba2b /src/firemon/procevent.c | |
parent | --git-install: default disabled in ./configure script (diff) | |
download | firejail-14489ed329a8b90c621d144fb638e3b2bcda3cce.tar.gz firejail-14489ed329a8b90c621d144fb638e3b2bcda3cce.tar.zst firejail-14489ed329a8b90c621d144fb638e3b2bcda3cce.zip |
firemon fix
Diffstat (limited to 'src/firemon/procevent.c')
-rw-r--r-- | src/firemon/procevent.c | 34 |
1 files changed, 26 insertions, 8 deletions
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index edae21951..8cec404f8 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -70,7 +70,9 @@ static int pid_is_firejail(pid_t pid) { | |||
70 | errExit("asprintf"); | 70 | errExit("asprintf"); |
71 | if ((fd = open(fname, O_RDONLY)) < 0) { | 71 | if ((fd = open(fname, O_RDONLY)) < 0) { |
72 | free(fname); | 72 | free(fname); |
73 | rv = 0; | 73 | #ifdef DEBUG_PRCTL |
74 | printf("%s: %d, comm %s, rv %d\n", __FUNCTION__, __LINE__, buf, rv); | ||
75 | #endif | ||
74 | goto doexit; | 76 | goto doexit; |
75 | } | 77 | } |
76 | free(fname); | 78 | free(fname); |
@@ -81,7 +83,9 @@ static int pid_is_firejail(pid_t pid) { | |||
81 | ssize_t len; | 83 | ssize_t len; |
82 | if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { | 84 | if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { |
83 | close(fd); | 85 | close(fd); |
84 | rv = 0; | 86 | #ifdef DEBUG_PRCTL |
87 | printf("%s: %d, comm %s, rv %d\n", __FUNCTION__, __LINE__, buf, rv); | ||
88 | #endif | ||
85 | goto doexit; | 89 | goto doexit; |
86 | } | 90 | } |
87 | buffer[len] = '\0'; | 91 | buffer[len] = '\0'; |
@@ -89,8 +93,12 @@ static int pid_is_firejail(pid_t pid) { | |||
89 | 93 | ||
90 | // list of firejail arguments that don't trigger sandbox creation | 94 | // list of firejail arguments that don't trigger sandbox creation |
91 | // the initial -- is not included | 95 | // the initial -- is not included |
92 | char *firejail_args = "ls list tree x11 help version top netstats debug-syscalls debug-errnos debug-protocols " | 96 | char *exclude_args[] = { |
93 | "protocol.print debug.caps shutdown bandwidth caps.print cpu.print debug-caps fs.print get overlay-clean "; | 97 | "ls", "list", "tree", "x11", "help", "version", "top", "netstats", "debug-syscalls", |
98 | "debug-errnos", "debug-protocols", "protocol.print", "debug.caps", | ||
99 | "shutdown", "bandwidth", "caps.print", "cpu.print", "debug-caps", | ||
100 | "fs.print", "get", "overlay-clean", NULL | ||
101 | }; | ||
94 | 102 | ||
95 | int i; | 103 | int i; |
96 | char *start; | 104 | char *start; |
@@ -105,16 +113,26 @@ static int pid_is_firejail(pid_t pid) { | |||
105 | } | 113 | } |
106 | if (strncmp(start, "--", 2) != 0) | 114 | if (strncmp(start, "--", 2) != 0) |
107 | break; | 115 | break; |
116 | start += 2; | ||
108 | 117 | ||
109 | // clan starting with = | 118 | // clan starting with = |
110 | char *ptr = strchr(start + 2, '='); | 119 | char *ptr = strchr(start, '='); |
111 | if (ptr) | 120 | if (ptr) |
112 | *ptr = '\0'; | 121 | *ptr = '\0'; |
113 | 122 | ||
114 | if (strstr(firejail_args, start + 2)) { | 123 | // look into exclude list |
115 | rv = 0; | 124 | int j = 0; |
116 | break; | 125 | while (exclude_args[j] != NULL) { |
126 | if (strcmp(start, exclude_args[j]) == 0) { | ||
127 | rv = 0; | ||
128 | #ifdef DEBUG_PRCTL | ||
129 | printf("start=#%s#, ptr=#%s#, flip rv %d\n", start, ptr, rv); | ||
130 | #endif | ||
131 | break; | ||
132 | } | ||
133 | j++; | ||
117 | } | 134 | } |
135 | |||
118 | start = (char *) buffer + i + 1; | 136 | start = (char *) buffer + i + 1; |
119 | } | 137 | } |
120 | } | 138 | } |