diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-11 12:00:57 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-11 12:00:57 -0500 |
commit | cffa48d80ca5f93bb1e97fbfc96364e45166a399 (patch) | |
tree | 5a4d9610ad78dcb8e02d8d4097959ea5f7ac3bd7 /src/firemon | |
parent | hidepid part 3 (diff) | |
download | firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.tar.gz firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.tar.zst firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.zip |
hidepid part 4
Diffstat (limited to 'src/firemon')
-rw-r--r-- | src/firemon/firemon.c | 73 | ||||
-rw-r--r-- | src/firemon/firemon.h | 2 | ||||
-rw-r--r-- | src/firemon/tree.c | 4 |
3 files changed, 44 insertions, 35 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 950311c00..1ec64bea8 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c | |||
@@ -35,6 +35,9 @@ static int arg_caps = 0; | |||
35 | static int arg_cpu = 0; | 35 | static int arg_cpu = 0; |
36 | static int arg_cgroup = 0; | 36 | static int arg_cgroup = 0; |
37 | static int arg_x11 = 0; | 37 | static int arg_x11 = 0; |
38 | static int arg_top = 0; | ||
39 | static int arg_list = 0; | ||
40 | static int arg_netstats = 0; | ||
38 | int arg_nowrap = 0; | 41 | int arg_nowrap = 0; |
39 | 42 | ||
40 | static struct termios tlocal; // startup terminal setting | 43 | static struct termios tlocal; // startup terminal setting |
@@ -118,53 +121,39 @@ int main(int argc, char **argv) { | |||
118 | } | 121 | } |
119 | 122 | ||
120 | // options without a pid argument | 123 | // options without a pid argument |
121 | else if (strcmp(argv[i], "--top") == 0) { | 124 | else if (strcmp(argv[i], "--top") == 0) |
122 | top(); // never to return | 125 | arg_top = 1; |
123 | } | 126 | else if (strcmp(argv[i], "--list") == 0) |
124 | else if (strcmp(argv[i], "--list") == 0) { | 127 | arg_list = 1; |
125 | list(); | 128 | else if (strcmp(argv[i], "--tree") == 0) |
126 | return 0; | 129 | arg_tree = 1; |
127 | } | ||
128 | else if (strcmp(argv[i], "--netstats") == 0) { | 130 | else if (strcmp(argv[i], "--netstats") == 0) { |
129 | struct stat s; | 131 | struct stat s; |
130 | if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) { | 132 | if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) { |
131 | fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n"); | 133 | fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n"); |
132 | exit(1); | 134 | exit(1); |
133 | } | 135 | } |
134 | 136 | arg_netstats = 1; | |
135 | netstats(); | ||
136 | return 0; | ||
137 | } | 137 | } |
138 | 138 | ||
139 | 139 | ||
140 | // cumulative options with or without a pid argument | 140 | // cumulative options with or without a pid argument |
141 | else if (strcmp(argv[i], "--x11") == 0) { | 141 | else if (strcmp(argv[i], "--x11") == 0) |
142 | arg_x11 = 1; | 142 | arg_x11 = 1; |
143 | } | 143 | else if (strcmp(argv[i], "--cgroup") == 0) |
144 | else if (strcmp(argv[i], "--cgroup") == 0) { | ||
145 | arg_cgroup = 1; | 144 | arg_cgroup = 1; |
146 | } | 145 | else if (strcmp(argv[i], "--cpu") == 0) |
147 | else if (strcmp(argv[i], "--cpu") == 0) { | ||
148 | arg_cpu = 1; | 146 | arg_cpu = 1; |
149 | } | 147 | else if (strcmp(argv[i], "--seccomp") == 0) |
150 | else if (strcmp(argv[i], "--seccomp") == 0) { | ||
151 | arg_seccomp = 1; | 148 | arg_seccomp = 1; |
152 | } | 149 | else if (strcmp(argv[i], "--caps") == 0) |
153 | else if (strcmp(argv[i], "--caps") == 0) { | ||
154 | arg_caps = 1; | 150 | arg_caps = 1; |
155 | } | 151 | else if (strcmp(argv[i], "--interface") == 0) |
156 | else if (strcmp(argv[i], "--tree") == 0) { | ||
157 | arg_tree = 1; | ||
158 | } | ||
159 | else if (strcmp(argv[i], "--interface") == 0) { | ||
160 | arg_interface = 1; | 152 | arg_interface = 1; |
161 | } | 153 | else if (strcmp(argv[i], "--route") == 0) |
162 | else if (strcmp(argv[i], "--route") == 0) { | ||
163 | arg_route = 1; | 154 | arg_route = 1; |
164 | } | 155 | else if (strcmp(argv[i], "--arp") == 0) |
165 | else if (strcmp(argv[i], "--arp") == 0) { | ||
166 | arg_arp = 1; | 156 | arg_arp = 1; |
167 | } | ||
168 | 157 | ||
169 | else if (strncmp(argv[i], "--name=", 7) == 0) { | 158 | else if (strncmp(argv[i], "--name=", 7) == 0) { |
170 | char *name = argv[i] + 7; | 159 | char *name = argv[i] + 7; |
@@ -201,8 +190,28 @@ int main(int argc, char **argv) { | |||
201 | } | 190 | } |
202 | } | 191 | } |
203 | 192 | ||
204 | if (arg_tree) | 193 | // allow only root user if /proc is mounted hidepid |
205 | tree((pid_t) pid); | 194 | if (pid_hidepid() && getuid() != 0) { |
195 | fprintf(stderr, "Error: /proc is mounted hidepid, you would need to be root to run this command\n"); | ||
196 | exit(1); | ||
197 | } | ||
198 | |||
199 | if (arg_top) | ||
200 | top(); // never to return | ||
201 | if (arg_tree) { | ||
202 | tree(); | ||
203 | return 0; | ||
204 | } | ||
205 | if (arg_list) { | ||
206 | list(); | ||
207 | return 0; | ||
208 | } | ||
209 | if (arg_netstats) { | ||
210 | netstats(); | ||
211 | return 0; | ||
212 | } | ||
213 | |||
214 | // cumulative options | ||
206 | if (arg_interface) | 215 | if (arg_interface) |
207 | interface((pid_t) pid); | 216 | interface((pid_t) pid); |
208 | if (arg_route) | 217 | if (arg_route) |
@@ -220,7 +229,7 @@ int main(int argc, char **argv) { | |||
220 | if (arg_x11) | 229 | if (arg_x11) |
221 | x11((pid_t) pid); | 230 | x11((pid_t) pid); |
222 | 231 | ||
223 | if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp && !arg_x11) | 232 | if (!arg_interface && !arg_route && !arg_arp && !arg_seccomp && !arg_caps && !arg_cgroup && !arg_x11) |
224 | procevent((pid_t) pid); // never to return | 233 | procevent((pid_t) pid); // never to return |
225 | 234 | ||
226 | return 0; | 235 | return 0; |
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index a873430a3..c5607a792 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h | |||
@@ -75,7 +75,7 @@ void cpu(pid_t pid); | |||
75 | void cgroup(pid_t pid); | 75 | void cgroup(pid_t pid); |
76 | 76 | ||
77 | // tree.c | 77 | // tree.c |
78 | void tree(pid_t pid); | 78 | void tree(void); |
79 | 79 | ||
80 | // netstats.c | 80 | // netstats.c |
81 | void netstats(void); | 81 | void netstats(void); |
diff --git a/src/firemon/tree.c b/src/firemon/tree.c index a4b92a11f..f6d22b517 100644 --- a/src/firemon/tree.c +++ b/src/firemon/tree.c | |||
@@ -19,8 +19,8 @@ | |||
19 | */ | 19 | */ |
20 | #include "firemon.h" | 20 | #include "firemon.h" |
21 | 21 | ||
22 | void tree(pid_t pid) { | 22 | void tree(void) { |
23 | pid_read(pid); // include all processes | 23 | pid_read(0); // include all processes |
24 | 24 | ||
25 | // print processes | 25 | // print processes |
26 | int i; | 26 | int i; |