diff options
author | startx2017 <vradu.startx@yandex.com> | 2018-05-09 19:40:14 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2018-05-09 19:40:14 -0400 |
commit | 7deb720ba8a9b7efffa636c815bd3aac05160577 (patch) | |
tree | feec766b595af48a14849cb36852052203db9e81 /src/firemon/procevent.c | |
parent | don't display firejail --list/--tree/--top processes in firemon stats (diff) | |
download | firejail-7deb720ba8a9b7efffa636c815bd3aac05160577.tar.gz firejail-7deb720ba8a9b7efffa636c815bd3aac05160577.tar.zst firejail-7deb720ba8a9b7efffa636c815bd3aac05160577.zip |
firemon/prctl enhancements
Diffstat (limited to 'src/firemon/procevent.c')
-rw-r--r-- | src/firemon/procevent.c | 44 |
1 files changed, 38 insertions, 6 deletions
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 301e5397b..5b16191be 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -94,10 +94,21 @@ static int pid_is_firejail(pid_t pid) { | |||
94 | // list of firejail arguments that don't trigger sandbox creation | 94 | // list of firejail arguments that don't trigger sandbox creation |
95 | // the initial -- is not included | 95 | // the initial -- is not included |
96 | char *exclude_args[] = { | 96 | char *exclude_args[] = { |
97 | "ls", "list", "tree", "x11", "help", "version", "top", "netstats", "debug-syscalls", | 97 | // all print options |
98 | "debug-errnos", "debug-protocols", "protocol.print", "debug.caps", | 98 | "apparmor.print", "caps.print", "cpu.print", "dns.print", "fs.print", "netfilter.print", |
99 | "shutdown", "bandwidth", "caps.print", "cpu.print", "debug-caps", | 99 | "netfilter6.print", "profile.print", "protocol.print", "seccomp.print", |
100 | "fs.print", "get", "overlay-clean", NULL | 100 | // debug |
101 | "debug-caps", "debug-errnos", "debug-protocols", "debug-syscalls", | ||
102 | // file transfer | ||
103 | "ls", "get", "put", | ||
104 | // stats | ||
105 | "tree", "list", "top", | ||
106 | // network | ||
107 | "netstats", "bandwidth", | ||
108 | // etc | ||
109 | "help", "version", "overlay-clean", | ||
110 | |||
111 | NULL // end of list marker | ||
101 | }; | 112 | }; |
102 | 113 | ||
103 | int i; | 114 | int i; |
@@ -291,6 +302,7 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
291 | child %= max_pids; | 302 | child %= max_pids; |
292 | pids[child].level = pids[pid].level + 1; | 303 | pids[child].level = pids[pid].level + 1; |
293 | pids[child].uid = pid_get_uid(child); | 304 | pids[child].uid = pid_get_uid(child); |
305 | pids[child].parent = pid; | ||
294 | } | 306 | } |
295 | sprintf(lineptr, " fork"); | 307 | sprintf(lineptr, " fork"); |
296 | break; | 308 | break; |
@@ -318,12 +330,22 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
318 | sprintf(lineptr, " exit"); | 330 | sprintf(lineptr, " exit"); |
319 | break; | 331 | break; |
320 | 332 | ||
333 | |||
334 | |||
321 | case PROC_EVENT_UID: | 335 | case PROC_EVENT_UID: |
322 | pid = proc_ev->event_data.id.process_tgid; | 336 | pid = proc_ev->event_data.id.process_tgid; |
323 | #ifdef DEBUG_PRCTL | 337 | #ifdef DEBUG_PRCTL |
324 | printf("%s: %d, event uid, pid %d\n", __FUNCTION__, __LINE__, pid); | 338 | printf("%s: %d, event uid, pid %d\n", __FUNCTION__, __LINE__, pid); |
325 | #endif | 339 | #endif |
326 | sprintf(lineptr, " uid "); | 340 | if (pids[pid].level == 1 || |
341 | pids[pids[pid].parent].level == 1) { | ||
342 | sprintf(lineptr, "\n"); | ||
343 | continue; | ||
344 | } | ||
345 | else | ||
346 | sprintf(lineptr, " uid (%d:%d)", | ||
347 | proc_ev->event_data.id.r.ruid, | ||
348 | proc_ev->event_data.id.e.euid); | ||
327 | break; | 349 | break; |
328 | 350 | ||
329 | case PROC_EVENT_GID: | 351 | case PROC_EVENT_GID: |
@@ -331,9 +353,19 @@ static int procevent_monitor(const int sock, pid_t mypid) { | |||
331 | #ifdef DEBUG_PRCTL | 353 | #ifdef DEBUG_PRCTL |
332 | printf("%s: %d, event gid, pid %d\n", __FUNCTION__, __LINE__, pid); | 354 | printf("%s: %d, event gid, pid %d\n", __FUNCTION__, __LINE__, pid); |
333 | #endif | 355 | #endif |
334 | sprintf(lineptr, " gid "); | 356 | if (pids[pid].level == 1 || |
357 | pids[pids[pid].parent].level == 1) { | ||
358 | sprintf(lineptr, "\n"); | ||
359 | continue; | ||
360 | } | ||
361 | else | ||
362 | sprintf(lineptr, " gid (%d:%d)", | ||
363 | proc_ev->event_data.id.r.rgid, | ||
364 | proc_ev->event_data.id.e.egid); | ||
335 | break; | 365 | break; |
336 | 366 | ||
367 | |||
368 | |||
337 | case PROC_EVENT_SID: | 369 | case PROC_EVENT_SID: |
338 | pid = proc_ev->event_data.sid.process_tgid; | 370 | pid = proc_ev->event_data.sid.process_tgid; |
339 | #ifdef DEBUG_PRCTL | 371 | #ifdef DEBUG_PRCTL |