x11 work

author: netblue30 <netblue30@yahoo.com> 2016-02-24 12:55:06 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-02-24 12:55:06 -0500
commit: 89535f782c19fd8396fd013d4b38d746f3faed95 (patch)
tree: 255335eea7b669906fe2989a880b0f2ac595999b /src/firemon
parent: allow --interface only to root user for --enable-network=restricted (diff)
download: firejail-89535f782c19fd8396fd013d4b38d746f3faed95.tar.gz
firejail-89535f782c19fd8396fd013d4b38d746f3faed95.tar.zst
firejail-89535f782c19fd8396fd013d4b38d746f3faed95.zip
2 files changed, 66 insertions, 0 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 679c5a3e9..c19c344b0 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -33,6 +33,7 @@ static int arg_seccomp = 0;
 static int arg_caps = 0;
 static int arg_cpu = 0;
 static int arg_cgroup = 0;
+static int arg_x11 = 0;
 int arg_nowrap = 0;
 static struct termios tlocal;   // startup terminal setting
@@ -141,6 +142,9 @@ int main(int argc, char **argv) {
                // cumulative options with or without a pid argument
+                else if (strcmp(argv[i], "--x11") == 0) {
+                        arg_x11 = 1;
+                }
                else if (strcmp(argv[i], "--cgroup") == 0) {
                        arg_cgroup = 1;
                }
@@ -217,6 +221,8 @@ int main(int argc, char **argv) {
                cpu((pid_t) pid);
        if (arg_cgroup)
                cgroup((pid_t) pid);
+        if (arg_x11)
+                x11((pid_t) pid);
        
        if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp)
                procevent((pid_t) pid); // never to return
diff --git a/src/firemon/x11.c b/src/firemon/x11.c
new file mode 100644
index 000000000..e30c2d78b
--- /dev/null
+++ b/src/firemon/x11.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2014-2016 netblue30 (netblue30@yahoo.com)
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "firemon.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+                        
+void x11(pid_t pid) {
+        if (getuid() == 0)
+                firemon_drop_privs();
+        
+        pid_read(pid);
+        
+        // print processes
+        int i;
+        for (i = 0; i < max_pids; i++) {
+                if (pids[i].level == 1) {
+                        pid_print_list(i, 0);
+                        
+                        char *x11file;
+                        // todo: use macro from src/firejail/firejail.h for /run/firejail/x11 directory
+                        if (asprintf(&x11file, "/run/firejail/x11/%d", i) == -1)
+                                errExit("asprintf");
+                        struct stat s;
+                        if (stat(x11file, &s) == 0) {
+                                FILE *fp = fopen(x11file, "r");
+                                if (!fp) {
+                                        free(x11file);
+                                        continue;
+                                }
+                                int display;
+                                int rv = fscanf(fp, "%d", &display);
+                                if (rv == 1)
+                                        printf("   DISPLAY :%d\n", display);
+                                fclose(fp);
+                        }
+                        free(x11file);
+                }
+        }
+}
author	netblue30 <netblue30@yahoo.com>	2016-02-24 12:55:06 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-02-24 12:55:06 -0500
commit	89535f782c19fd8396fd013d4b38d746f3faed95 (patch)
tree	255335eea7b669906fe2989a880b0f2ac595999b /src/firemon
parent	allow --interface only to root user for --enable-network=restricted (diff)
download	firejail-89535f782c19fd8396fd013d4b38d746f3faed95.tar.gz firejail-89535f782c19fd8396fd013d4b38d746f3faed95.tar.zst firejail-89535f782c19fd8396fd013d4b38d746f3faed95.zip

diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 679c5a3e9..c19c344b0 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c
@@ -33,6 +33,7 @@ static int arg_seccomp = 0;
33	static int arg_caps = 0;	33	static int arg_caps = 0;
34	static int arg_cpu = 0;	34	static int arg_cpu = 0;
35	static int arg_cgroup = 0;	35	static int arg_cgroup = 0;
		36	static int arg_x11 = 0;
36	int arg_nowrap = 0;	37	int arg_nowrap = 0;
37		38
38	static struct termios tlocal; // startup terminal setting	39	static struct termios tlocal; // startup terminal setting
@@ -141,6 +142,9 @@ int main(int argc, char **argv) {
141		142
142		143
143	// cumulative options with or without a pid argument	144	// cumulative options with or without a pid argument
		145	else if (strcmp(argv[i], "--x11") == 0) {
		146	arg_x11 = 1;
		147	}
144	else if (strcmp(argv[i], "--cgroup") == 0) {	148	else if (strcmp(argv[i], "--cgroup") == 0) {
145	arg_cgroup = 1;	149	arg_cgroup = 1;
146	}	150	}
@@ -217,6 +221,8 @@ int main(int argc, char **argv) {
217	cpu((pid_t) pid);	221	cpu((pid_t) pid);
218	if (arg_cgroup)	222	if (arg_cgroup)
219	cgroup((pid_t) pid);	223	cgroup((pid_t) pid);
		224	if (arg_x11)
		225	x11((pid_t) pid);
220		226
221	if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp)	227	if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp)
222	procevent((pid_t) pid); // never to return	228	procevent((pid_t) pid); // never to return


diff --git a/src/firemon/x11.c b/src/firemon/x11.c new file mode 100644 index 000000000..e30c2d78b --- /dev/null +++ b/src/firemon/x11.c
@@ -0,0 +1,60 @@
		1	/*
		2	* Copyright (C) 2014-2016 netblue30 (netblue30@yahoo.com)
		3	*
		4	* This file is part of firejail project
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License as published by
		8	* the Free Software Foundation; either version 2 of the License, or
		9	* (at your option) any later version.
		10	*
		11	* This program is distributed in the hope that it will be useful,
		12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	* GNU General Public License for more details.
		15	*
		16	* You should have received a copy of the GNU General Public License along
		17	* with this program; if not, write to the Free Software Foundation, Inc.,
		18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
		19	*/
		20	#include "firemon.h"
		21	#include <sys/types.h>
		22	#include <sys/stat.h>
		23	#include <unistd.h>
		24
		25	void x11(pid_t pid) {
		26	if (getuid() == 0)
		27	firemon_drop_privs();
		28
		29	pid_read(pid);
		30
		31	// print processes
		32	int i;
		33	for (i = 0; i < max_pids; i++) {
		34	if (pids[i].level == 1) {
		35	pid_print_list(i, 0);
		36
		37	char *x11file;
		38	// todo: use macro from src/firejail/firejail.h for /run/firejail/x11 directory
		39	if (asprintf(&x11file, "/run/firejail/x11/%d", i) == -1)
		40	errExit("asprintf");
		41
		42	struct stat s;
		43	if (stat(x11file, &s) == 0) {
		44	FILE *fp = fopen(x11file, "r");
		45	if (!fp) {
		46	free(x11file);
		47	continue;
		48	}
		49	int display;
		50	int rv = fscanf(fp, "%d", &display);
		51	if (rv == 1)
		52	printf(" DISPLAY :%d\n", display);
		53	fclose(fp);
		54	}
		55
		56	free(x11file);
		57	}
		58	}
		59	}
		60