diff options
author | netblue30 <netblue30@yahoo.com> | 2020-04-06 10:35:23 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-04-06 10:35:23 -0400 |
commit | 1267eb2e3be2c75a69e290b6d03c529e75454c6a (patch) | |
tree | 079fda8b95c0c03d6e44d2525478da24c81f9426 /src/profstats/main.c | |
parent | Update bitwarden.profile (diff) | |
download | firejail-1267eb2e3be2c75a69e290b6d03c529e75454c6a.tar.gz firejail-1267eb2e3be2c75a69e290b6d03c529e75454c6a.tar.zst firejail-1267eb2e3be2c75a69e290b6d03c529e75454c6a.zip |
cleanup, fixes, more profstats
Diffstat (limited to 'src/profstats/main.c')
-rw-r--r-- | src/profstats/main.c | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/src/profstats/main.c b/src/profstats/main.c index 29acdc7bd..b94fdd213 100644 --- a/src/profstats/main.c +++ b/src/profstats/main.c | |||
@@ -32,8 +32,10 @@ static int cnt_dotlocal = 0; | |||
32 | static int cnt_globalsdotlocal = 0; | 32 | static int cnt_globalsdotlocal = 0; |
33 | static int cnt_netnone = 0; | 33 | static int cnt_netnone = 0; |
34 | static int cnt_noexec = 0; // include disable-exec.inc | 34 | static int cnt_noexec = 0; // include disable-exec.inc |
35 | static int cnt_privatebin = 0; | ||
35 | static int cnt_privatedev = 0; | 36 | static int cnt_privatedev = 0; |
36 | static int cnt_privatetmp = 0; | 37 | static int cnt_privatetmp = 0; |
38 | static int cnt_privateetc = 0; | ||
37 | static int cnt_whitelistvar = 0; // include whitelist-var-common.inc | 39 | static int cnt_whitelistvar = 0; // include whitelist-var-common.inc |
38 | static int cnt_whitelistrunuser = 0; // include whitelist-runuser-common.inc | 40 | static int cnt_whitelistrunuser = 0; // include whitelist-runuser-common.inc |
39 | static int cnt_whitelistusrshare = 0; // include whitelist-usr-share-common.inc | 41 | static int cnt_whitelistusrshare = 0; // include whitelist-usr-share-common.inc |
@@ -46,8 +48,10 @@ static int arg_apparmor = 0; | |||
46 | static int arg_caps = 0; | 48 | static int arg_caps = 0; |
47 | static int arg_seccomp = 0; | 49 | static int arg_seccomp = 0; |
48 | static int arg_noexec = 0; | 50 | static int arg_noexec = 0; |
51 | static int arg_privatebin = 0; | ||
49 | static int arg_privatedev = 0; | 52 | static int arg_privatedev = 0; |
50 | static int arg_privatetmp = 0; | 53 | static int arg_privatetmp = 0; |
54 | static int arg_privateetc = 0; | ||
51 | static int arg_whitelistvar = 0; | 55 | static int arg_whitelistvar = 0; |
52 | static int arg_whitelistrunuser = 0; | 56 | static int arg_whitelistrunuser = 0; |
53 | static int arg_whitelistusrshare = 0; | 57 | static int arg_whitelistusrshare = 0; |
@@ -65,7 +69,9 @@ static void usage(void) { | |||
65 | printf(" --caps - print profiles without caps\n"); | 69 | printf(" --caps - print profiles without caps\n"); |
66 | printf(" --ssh - print profiles without \"include disable-common.inc\"\n"); | 70 | printf(" --ssh - print profiles without \"include disable-common.inc\"\n"); |
67 | printf(" --noexec - print profiles without \"include disable-exec.inc\"\n"); | 71 | printf(" --noexec - print profiles without \"include disable-exec.inc\"\n"); |
72 | printf(" --private-bin - print profiles without private-bin\n"); | ||
68 | printf(" --private-dev - print profiles without private-dev\n"); | 73 | printf(" --private-dev - print profiles without private-dev\n"); |
74 | printf(" --private-etc - print profiles without private-etc\n"); | ||
69 | printf(" --private-tmp - print profiles without private-tmp\n"); | 75 | printf(" --private-tmp - print profiles without private-tmp\n"); |
70 | printf(" --seccomp - print profiles without seccomp\n"); | 76 | printf(" --seccomp - print profiles without seccomp\n"); |
71 | printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n"); | 77 | printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n"); |
@@ -124,10 +130,14 @@ void process_file(const char *fname) { | |||
124 | cnt_netnone++; | 130 | cnt_netnone++; |
125 | else if (strncmp(ptr, "apparmor", 8) == 0) | 131 | else if (strncmp(ptr, "apparmor", 8) == 0) |
126 | cnt_apparmor++; | 132 | cnt_apparmor++; |
133 | else if (strncmp(ptr, "private-bin", 11) == 0) | ||
134 | cnt_privatebin++; | ||
127 | else if (strncmp(ptr, "private-dev", 11) == 0) | 135 | else if (strncmp(ptr, "private-dev", 11) == 0) |
128 | cnt_privatedev++; | 136 | cnt_privatedev++; |
129 | else if (strncmp(ptr, "private-tmp", 11) == 0) | 137 | else if (strncmp(ptr, "private-tmp", 11) == 0) |
130 | cnt_privatetmp++; | 138 | cnt_privatetmp++; |
139 | else if (strncmp(ptr, "private-etc", 11) == 0) | ||
140 | cnt_privateetc++; | ||
131 | else if (strncmp(ptr, "include ", 8) == 0) { | 141 | else if (strncmp(ptr, "include ", 8) == 0) { |
132 | // not processing .local files | 142 | // not processing .local files |
133 | if (strstr(ptr, ".local")) { | 143 | if (strstr(ptr, ".local")) { |
@@ -171,10 +181,14 @@ int main(int argc, char **argv) { | |||
171 | arg_mdwx = 1; | 181 | arg_mdwx = 1; |
172 | else if (strcmp(argv[i], "--noexec") == 0) | 182 | else if (strcmp(argv[i], "--noexec") == 0) |
173 | arg_noexec = 1; | 183 | arg_noexec = 1; |
184 | else if (strcmp(argv[i], "--private-bin") == 0) | ||
185 | arg_privatebin = 1; | ||
174 | else if (strcmp(argv[i], "--private-dev") == 0) | 186 | else if (strcmp(argv[i], "--private-dev") == 0) |
175 | arg_privatedev = 1; | 187 | arg_privatedev = 1; |
176 | else if (strcmp(argv[i], "--private-tmp") == 0) | 188 | else if (strcmp(argv[i], "--private-tmp") == 0) |
177 | arg_privatetmp = 1; | 189 | arg_privatetmp = 1; |
190 | else if (strcmp(argv[i], "--private-etc") == 0) | ||
191 | arg_privateetc = 1; | ||
178 | else if (strcmp(argv[i], "--whitelist-var") == 0) | 192 | else if (strcmp(argv[i], "--whitelist-var") == 0) |
179 | arg_whitelistvar = 1; | 193 | arg_whitelistvar = 1; |
180 | else if (strcmp(argv[i], "--whitelist-runuser") == 0) | 194 | else if (strcmp(argv[i], "--whitelist-runuser") == 0) |
@@ -205,8 +219,10 @@ int main(int argc, char **argv) { | |||
205 | int caps = cnt_caps; | 219 | int caps = cnt_caps; |
206 | int apparmor = cnt_apparmor; | 220 | int apparmor = cnt_apparmor; |
207 | int noexec = cnt_noexec; | 221 | int noexec = cnt_noexec; |
222 | int privatebin = cnt_privatebin; | ||
208 | int privatetmp = cnt_privatetmp; | 223 | int privatetmp = cnt_privatetmp; |
209 | int privatedev = cnt_privatedev; | 224 | int privatedev = cnt_privatedev; |
225 | int privateetc = cnt_privateetc; | ||
210 | int dotlocal = cnt_dotlocal; | 226 | int dotlocal = cnt_dotlocal; |
211 | int globalsdotlocal = cnt_globalsdotlocal; | 227 | int globalsdotlocal = cnt_globalsdotlocal; |
212 | int whitelistvar = cnt_whitelistvar; | 228 | int whitelistvar = cnt_whitelistvar; |
@@ -241,8 +257,12 @@ int main(int argc, char **argv) { | |||
241 | printf("No include disable-exec.inc found in %s\n", argv[i]); | 257 | printf("No include disable-exec.inc found in %s\n", argv[i]); |
242 | if (arg_privatedev && privatedev == cnt_privatedev) | 258 | if (arg_privatedev && privatedev == cnt_privatedev) |
243 | printf("No private-dev found in %s\n", argv[i]); | 259 | printf("No private-dev found in %s\n", argv[i]); |
260 | if (arg_privatebin && privatebin == cnt_privatebin) | ||
261 | printf("No private-bin found in %s\n", argv[i]); | ||
244 | if (arg_privatetmp && privatetmp == cnt_privatetmp) | 262 | if (arg_privatetmp && privatetmp == cnt_privatetmp) |
245 | printf("No private-tmp found in %s\n", argv[i]); | 263 | printf("No private-tmp found in %s\n", argv[i]); |
264 | if (arg_privateetc && privateetc == cnt_privateetc) | ||
265 | printf("No private-etc found in %s\n", argv[i]); | ||
246 | if (arg_whitelistvar && whitelistvar == cnt_whitelistvar) | 266 | if (arg_whitelistvar && whitelistvar == cnt_whitelistvar) |
247 | printf("No include whitelist-var-common.inc found in %s\n", argv[i]); | 267 | printf("No include whitelist-var-common.inc found in %s\n", argv[i]); |
248 | if (arg_whitelistrunuser && whitelistrunuser == cnt_whitelistrunuser) | 268 | if (arg_whitelistrunuser && whitelistrunuser == cnt_whitelistrunuser) |
@@ -268,12 +288,14 @@ int main(int argc, char **argv) { | |||
268 | printf(" noexec\t\t\t%d (include disable-exec.inc)\n", cnt_noexec); | 288 | printf(" noexec\t\t\t%d (include disable-exec.inc)\n", cnt_noexec); |
269 | printf(" memory-deny-write-execute\t%d\n", cnt_mdwx); | 289 | printf(" memory-deny-write-execute\t%d\n", cnt_mdwx); |
270 | printf(" apparmor\t\t\t%d\n", cnt_apparmor); | 290 | printf(" apparmor\t\t\t%d\n", cnt_apparmor); |
291 | printf(" private-bin\t\t\t%d\n", cnt_privatebin); | ||
271 | printf(" private-dev\t\t\t%d\n", cnt_privatedev); | 292 | printf(" private-dev\t\t\t%d\n", cnt_privatedev); |
293 | printf(" private-etc\t\t\t%d\n", cnt_privateetc); | ||
272 | printf(" private-tmp\t\t\t%d\n", cnt_privatetmp); | 294 | printf(" private-tmp\t\t\t%d\n", cnt_privatetmp); |
273 | printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar); | 295 | printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar); |
274 | printf(" whitelist run/user\t\t%d (include whitelist-runuser-common.inc)\n", cnt_whitelistrunuser); | 296 | printf(" whitelist run/user\t\t%d (include whitelist-runuser-common.inc\n", cnt_whitelistrunuser); |
275 | printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare); | ||
276 | printf("\t\t\t\t\tor blacklist ${RUNUSER})\n"); | 297 | printf("\t\t\t\t\tor blacklist ${RUNUSER})\n"); |
298 | printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare); | ||
277 | printf(" net none\t\t\t%d\n", cnt_netnone); | 299 | printf(" net none\t\t\t%d\n", cnt_netnone); |
278 | printf("\n"); | 300 | printf("\n"); |
279 | return 0; | 301 | return 0; |