aboutsummaryrefslogtreecommitdiffstats
path: root/src/firemon
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2017-02-07 16:43:55 -0500
committerLibravatar netblue30 <netblue30@yahoo.com>2017-02-07 16:43:55 -0500
commit14489ed329a8b90c621d144fb638e3b2bcda3cce (patch)
tree1a1f8f7d939d43e5a317d357e70fc39d3e6cba2b /src/firemon
parent--git-install: default disabled in ./configure script (diff)
downloadfirejail-14489ed329a8b90c621d144fb638e3b2bcda3cce.tar.gz
firejail-14489ed329a8b90c621d144fb638e3b2bcda3cce.tar.zst
firejail-14489ed329a8b90c621d144fb638e3b2bcda3cce.zip
firemon fix
Diffstat (limited to 'src/firemon')
-rw-r--r--src/firemon/procevent.c34
1 files changed, 26 insertions, 8 deletions
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index edae21951..8cec404f8 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -70,7 +70,9 @@ static int pid_is_firejail(pid_t pid) {
70 errExit("asprintf"); 70 errExit("asprintf");
71 if ((fd = open(fname, O_RDONLY)) < 0) { 71 if ((fd = open(fname, O_RDONLY)) < 0) {
72 free(fname); 72 free(fname);
73 rv = 0; 73#ifdef DEBUG_PRCTL
74 printf("%s: %d, comm %s, rv %d\n", __FUNCTION__, __LINE__, buf, rv);
75#endif
74 goto doexit; 76 goto doexit;
75 } 77 }
76 free(fname); 78 free(fname);
@@ -81,7 +83,9 @@ static int pid_is_firejail(pid_t pid) {
81 ssize_t len; 83 ssize_t len;
82 if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { 84 if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) {
83 close(fd); 85 close(fd);
84 rv = 0; 86#ifdef DEBUG_PRCTL
87 printf("%s: %d, comm %s, rv %d\n", __FUNCTION__, __LINE__, buf, rv);
88#endif
85 goto doexit; 89 goto doexit;
86 } 90 }
87 buffer[len] = '\0'; 91 buffer[len] = '\0';
@@ -89,8 +93,12 @@ static int pid_is_firejail(pid_t pid) {
89 93
90 // list of firejail arguments that don't trigger sandbox creation 94 // list of firejail arguments that don't trigger sandbox creation
91 // the initial -- is not included 95 // the initial -- is not included
92 char *firejail_args = "ls list tree x11 help version top netstats debug-syscalls debug-errnos debug-protocols " 96 char *exclude_args[] = {
93 "protocol.print debug.caps shutdown bandwidth caps.print cpu.print debug-caps fs.print get overlay-clean "; 97 "ls", "list", "tree", "x11", "help", "version", "top", "netstats", "debug-syscalls",
98 "debug-errnos", "debug-protocols", "protocol.print", "debug.caps",
99 "shutdown", "bandwidth", "caps.print", "cpu.print", "debug-caps",
100 "fs.print", "get", "overlay-clean", NULL
101 };
94 102
95 int i; 103 int i;
96 char *start; 104 char *start;
@@ -105,16 +113,26 @@ static int pid_is_firejail(pid_t pid) {
105 } 113 }
106 if (strncmp(start, "--", 2) != 0) 114 if (strncmp(start, "--", 2) != 0)
107 break; 115 break;
116 start += 2;
108 117
109 // clan starting with = 118 // clan starting with =
110 char *ptr = strchr(start + 2, '='); 119 char *ptr = strchr(start, '=');
111 if (ptr) 120 if (ptr)
112 *ptr = '\0'; 121 *ptr = '\0';
113 122
114 if (strstr(firejail_args, start + 2)) { 123 // look into exclude list
115 rv = 0; 124 int j = 0;
116 break; 125 while (exclude_args[j] != NULL) {
126 if (strcmp(start, exclude_args[j]) == 0) {
127 rv = 0;
128#ifdef DEBUG_PRCTL
129printf("start=#%s#, ptr=#%s#, flip rv %d\n", start, ptr, rv);
130#endif
131 break;
132 }
133 j++;
117 } 134 }
135
118 start = (char *) buffer + i + 1; 136 start = (char *) buffer + i + 1;
119 } 137 }
120 } 138 }
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-30 19:16:16 +0000