hidepid part 4

author: netblue30 <netblue30@yahoo.com> 2016-11-11 12:00:57 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-11-11 12:00:57 -0500
commit: cffa48d80ca5f93bb1e97fbfc96364e45166a399 (patch)
tree: 5a4d9610ad78dcb8e02d8d4097959ea5f7ac3bd7 /src/firemon
parent: hidepid part 3 (diff)
download: firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.tar.gz
firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.tar.zst
firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.zip
3 files changed, 44 insertions, 35 deletions
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 950311c00..1ec64bea8 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -35,6 +35,9 @@ static int arg_caps = 0;
 static int arg_cpu = 0;
 static int arg_cgroup = 0;
 static int arg_x11 = 0;
+static int arg_top = 0;
+static int arg_list = 0;
+static int arg_netstats = 0;
 int arg_nowrap = 0;
 static struct termios tlocal;   // startup terminal setting
@@ -118,53 +121,39 @@ int main(int argc, char **argv) {
                }
                
                // options without a pid argument
-                else if (strcmp(argv[i], "--top") == 0) {
+                else if (strcmp(argv[i], "--top") == 0)
-                        top(); // never to return
+                        arg_top = 1;
-                }
+                else if (strcmp(argv[i], "--list") == 0)
-                else if (strcmp(argv[i], "--list") == 0) {
+                        arg_list = 1;
-                        list();
+                else if (strcmp(argv[i], "--tree") == 0)
-                        return 0;
+                        arg_tree = 1;
-                }
                else if (strcmp(argv[i], "--netstats") == 0) {
                        struct stat s;
                        if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) {
                                fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n");
                                exit(1);
                        }       
+                        arg_netstats = 1;
-                        netstats();
-                        return 0;
                }
                // cumulative options with or without a pid argument
-                else if (strcmp(argv[i], "--x11") == 0) {
+                else if (strcmp(argv[i], "--x11") == 0)
                        arg_x11 = 1;
-                }
+                else if (strcmp(argv[i], "--cgroup") == 0)
-                else if (strcmp(argv[i], "--cgroup") == 0) {
                        arg_cgroup = 1;
-                }
+                else if (strcmp(argv[i], "--cpu") == 0)
-                else if (strcmp(argv[i], "--cpu") == 0) {
                        arg_cpu = 1;
-                }
+                else if (strcmp(argv[i], "--seccomp") == 0)
-                else if (strcmp(argv[i], "--seccomp") == 0) {
                        arg_seccomp = 1;
-                }
+                else if (strcmp(argv[i], "--caps") == 0)
-                else if (strcmp(argv[i], "--caps") == 0) {
                        arg_caps = 1;
-                }
+                else if (strcmp(argv[i], "--interface") == 0)
-                else if (strcmp(argv[i], "--tree") == 0) {
-                        arg_tree = 1;
-                }
-                else if (strcmp(argv[i], "--interface") == 0) {
                        arg_interface = 1;
-                }
+                else if (strcmp(argv[i], "--route") == 0)
-                else if (strcmp(argv[i], "--route") == 0) {
                        arg_route = 1;
-                }
+                else if (strcmp(argv[i], "--arp") == 0)
-                else if (strcmp(argv[i], "--arp") == 0) {
                        arg_arp = 1;
-                }
                else if (strncmp(argv[i], "--name=", 7) == 0) {
                        char *name = argv[i] + 7;
@@ -201,8 +190,28 @@ int main(int argc, char **argv) {
                }
        }
-        if (arg_tree)
+        // allow only root user if /proc is mounted hidepid
-                tree((pid_t) pid);
+        if (pid_hidepid() && getuid() != 0) {
+                fprintf(stderr, "Error: /proc is mounted hidepid, you would need to be root to run this command\n");
+                exit(1);
+        }
+        
+        if (arg_top)
+                top(); // never to return
+        if (arg_tree) {
+                tree();
+                return 0;
+        }
+        if (arg_list) {
+                list();
+                return 0;
+        }
+        if (arg_netstats) {
+                netstats();
+                return 0;               
+        }
+        
+        // cumulative options
        if (arg_interface)
                interface((pid_t) pid);
        if (arg_route)
@@ -220,7 +229,7 @@ int main(int argc, char **argv) {
        if (arg_x11)
                x11((pid_t) pid);
        
-        if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp && !arg_x11)
+        if (!arg_interface && !arg_route && !arg_arp && !arg_seccomp && !arg_caps && !arg_cgroup && !arg_x11)
                procevent((pid_t) pid); // never to return
                
        return 0;
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h
index a873430a3..c5607a792 100644
--- a/src/firemon/firemon.h
+++ b/src/firemon/firemon.h
@@ -75,7 +75,7 @@ void cpu(pid_t pid);
 void cgroup(pid_t pid);
 // tree.c
-void tree(pid_t pid);
+void tree(void);
 // netstats.c
 void netstats(void);
diff --git a/src/firemon/tree.c b/src/firemon/tree.c
index a4b92a11f..f6d22b517 100644
--- a/src/firemon/tree.c
+++ b/src/firemon/tree.c
@@ -19,8 +19,8 @@
 */
 #include "firemon.h"
-void tree(pid_t pid) {
+void tree(void) {
-        pid_read(pid);  // include all processes
+        pid_read(0);    // include all processes
        
        // print processes
        int i;
author	netblue30 <netblue30@yahoo.com>	2016-11-11 12:00:57 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-11-11 12:00:57 -0500
commit	cffa48d80ca5f93bb1e97fbfc96364e45166a399 (patch)
tree	5a4d9610ad78dcb8e02d8d4097959ea5f7ac3bd7 /src/firemon
parent	hidepid part 3 (diff)
download	firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.tar.gz firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.tar.zst firejail-cffa48d80ca5f93bb1e97fbfc96364e45166a399.zip

diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c index 950311c00..1ec64bea8 100644 --- a/src/firemon/firemon.c +++ b/src/firemon/firemon.c
@@ -35,6 +35,9 @@ static int arg_caps = 0;
35	static int arg_cpu = 0;	35	static int arg_cpu = 0;
36	static int arg_cgroup = 0;	36	static int arg_cgroup = 0;
37	static int arg_x11 = 0;	37	static int arg_x11 = 0;
		38	static int arg_top = 0;
		39	static int arg_list = 0;
		40	static int arg_netstats = 0;
38	int arg_nowrap = 0;	41	int arg_nowrap = 0;
39		42
40	static struct termios tlocal; // startup terminal setting	43	static struct termios tlocal; // startup terminal setting
@@ -118,53 +121,39 @@ int main(int argc, char **argv) {
118	}	121	}
119		122
120	// options without a pid argument	123	// options without a pid argument
121	else if (strcmp(argv[i], "--top") == 0) {	124	else if (strcmp(argv[i], "--top") == 0)
122	top(); // never to return	125	arg_top = 1;
123	}	126	else if (strcmp(argv[i], "--list") == 0)
124	else if (strcmp(argv[i], "--list") == 0) {	127	arg_list = 1;
125	list();	128	else if (strcmp(argv[i], "--tree") == 0)
126	return 0;	129	arg_tree = 1;
127	}
128	else if (strcmp(argv[i], "--netstats") == 0) {	130	else if (strcmp(argv[i], "--netstats") == 0) {
129	struct stat s;	131	struct stat s;
130	if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) {	132	if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) {
131	fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n");	133	fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n");
132	exit(1);	134	exit(1);
133	}	135	}
134		136	arg_netstats = 1;
135	netstats();
136	return 0;
137	}	137	}
138		138
139		139
140	// cumulative options with or without a pid argument	140	// cumulative options with or without a pid argument
141	else if (strcmp(argv[i], "--x11") == 0) {	141	else if (strcmp(argv[i], "--x11") == 0)
142	arg_x11 = 1;	142	arg_x11 = 1;
143	}	143	else if (strcmp(argv[i], "--cgroup") == 0)
144	else if (strcmp(argv[i], "--cgroup") == 0) {
145	arg_cgroup = 1;	144	arg_cgroup = 1;
146	}	145	else if (strcmp(argv[i], "--cpu") == 0)
147	else if (strcmp(argv[i], "--cpu") == 0) {
148	arg_cpu = 1;	146	arg_cpu = 1;
149	}	147	else if (strcmp(argv[i], "--seccomp") == 0)
150	else if (strcmp(argv[i], "--seccomp") == 0) {
151	arg_seccomp = 1;	148	arg_seccomp = 1;
152	}	149	else if (strcmp(argv[i], "--caps") == 0)
153	else if (strcmp(argv[i], "--caps") == 0) {
154	arg_caps = 1;	150	arg_caps = 1;
155	}	151	else if (strcmp(argv[i], "--interface") == 0)
156	else if (strcmp(argv[i], "--tree") == 0) {
157	arg_tree = 1;
158	}
159	else if (strcmp(argv[i], "--interface") == 0) {
160	arg_interface = 1;	152	arg_interface = 1;
161	}	153	else if (strcmp(argv[i], "--route") == 0)
162	else if (strcmp(argv[i], "--route") == 0) {
163	arg_route = 1;	154	arg_route = 1;
164	}	155	else if (strcmp(argv[i], "--arp") == 0)
165	else if (strcmp(argv[i], "--arp") == 0) {
166	arg_arp = 1;	156	arg_arp = 1;
167	}
168		157
169	else if (strncmp(argv[i], "--name=", 7) == 0) {	158	else if (strncmp(argv[i], "--name=", 7) == 0) {
170	char *name = argv[i] + 7;	159	char *name = argv[i] + 7;
@@ -201,8 +190,28 @@ int main(int argc, char **argv) {
201	}	190	}
202	}	191	}
203		192
204	if (arg_tree)	193	// allow only root user if /proc is mounted hidepid
205	tree((pid_t) pid);	194	if (pid_hidepid() && getuid() != 0) {
		195	fprintf(stderr, "Error: /proc is mounted hidepid, you would need to be root to run this command\n");
		196	exit(1);
		197	}
		198
		199	if (arg_top)
		200	top(); // never to return
		201	if (arg_tree) {
		202	tree();
		203	return 0;
		204	}
		205	if (arg_list) {
		206	list();
		207	return 0;
		208	}
		209	if (arg_netstats) {
		210	netstats();
		211	return 0;
		212	}
		213
		214	// cumulative options
206	if (arg_interface)	215	if (arg_interface)
207	interface((pid_t) pid);	216	interface((pid_t) pid);
208	if (arg_route)	217	if (arg_route)
@@ -220,7 +229,7 @@ int main(int argc, char **argv) {
220	if (arg_x11)	229	if (arg_x11)
221	x11((pid_t) pid);	230	x11((pid_t) pid);
222		231
223	if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp && !arg_x11)	232	if (!arg_interface && !arg_route && !arg_arp && !arg_seccomp && !arg_caps && !arg_cgroup && !arg_x11)
224	procevent((pid_t) pid); // never to return	233	procevent((pid_t) pid); // never to return
225		234
226	return 0;	235	return 0;


diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h index a873430a3..c5607a792 100644 --- a/src/firemon/firemon.h +++ b/src/firemon/firemon.h
@@ -75,7 +75,7 @@ void cpu(pid_t pid);
75	void cgroup(pid_t pid);	75	void cgroup(pid_t pid);
76		76
77	// tree.c	77	// tree.c
78	void tree(pid_t pid);	78	void tree(void);
79		79
80	// netstats.c	80	// netstats.c
81	void netstats(void);	81	void netstats(void);


diff --git a/src/firemon/tree.c b/src/firemon/tree.c index a4b92a11f..f6d22b517 100644 --- a/src/firemon/tree.c +++ b/src/firemon/tree.c
@@ -19,8 +19,8 @@
19	*/	19	*/
20	#include "firemon.h"	20	#include "firemon.h"
21		21
22	void tree(pid_t pid) {	22	void tree(void) {
23	pid_read(pid); // include all processes	23	pid_read(0); // include all processes
24		24
25	// print processes	25	// print processes
26	int i;	26	int i;