install profstats in /etc/firejail directory - undocumented, used only for development

author: netblue30 <netblue30@protonmail.com> 2021-11-30 08:23:01 -0500
committer: netblue30 <netblue30@protonmail.com> 2021-11-30 08:23:01 -0500
commit: 8f93df99f16820d0b54a05e98abbcd8fcd1b83f1 (patch)
tree: b22face0e67d7a27fc0b679f6c74ae3a5b67820d /src/profstats/main.c
parent: Merge pull request #4712 from kmk3/configure-improvements2 (diff)
download: firejail-8f93df99f16820d0b54a05e98abbcd8fcd1b83f1.tar.gz
firejail-8f93df99f16820d0b54a05e98abbcd8fcd1b83f1.tar.zst
firejail-8f93df99f16820d0b54a05e98abbcd8fcd1b83f1.zip
1 files changed, 22 insertions, 2 deletions
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 10e44bd65..72c0710fe 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -67,11 +67,11 @@ static int arg_dbus_system_none = 0;
 static int arg_dbus_user_none = 0;
 static int arg_whitelisthome = 0;
 static int arg_noroot = 0;
+static int arg_print_blacklist = 0;
+static int arg_print_whitelist = 0;
 static char *profile = NULL;
 static void usage(void) {
        printf("proftool - print profile statistics\n");
        printf("Usage: proftool [options] file[s]\n");
@@ -87,6 +87,8 @@ static void usage(void) {
        printf("   --private-dev - print profiles without private-dev\n");
        printf("   --private-etc - print profiles without private-etc\n");
        printf("   --private-tmp - print profiles without private-tmp\n");
+        printf("   --print-blacklist - print all blacklists for a profile\n");
+        printf("   --print-whitelist - print all whitelists for a profile\n");
        printf("   --seccomp - print profiles without seccomp\n");
        printf("   --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");
        printf("   --whitelist-home - print profiles whitelisting home directory\n");
@@ -125,6 +127,17 @@ void process_file(const char *fname) {
                if (*ptr == '\n' || *ptr == '#')
                        continue;
+                if (arg_print_blacklist) {
+                        if (strncmp(ptr, "blacklist", 9) == 0 ||
+                            strncmp(ptr, "noblacklist", 11) == 0)
+                                printf("%s: %s\n", fname, ptr);
+                }
+                else if (arg_print_whitelist) {
+                        if (strncmp(ptr, "whitelist", 9) == 0 ||
+                            strncmp(ptr, "nowhitelist", 11) == 0)
+                                printf("%s: %s\n", fname, ptr);
+                }
                if (strncmp(ptr, "seccomp", 7) == 0)
                        cnt_seccomp++;
                else if (strncmp(ptr, "caps", 4) == 0)
@@ -227,6 +240,10 @@ int main(int argc, char **argv) {
                        arg_privatetmp = 1;
                else if (strcmp(argv[i], "--private-etc") == 0)
                        arg_privateetc = 1;
+                else if (strcmp(argv[i], "--print-blacklist") == 0)
+                        arg_print_blacklist = 1;
+                else if (strcmp(argv[i], "--print-whitelist") == 0)
+                        arg_print_whitelist = 1;
                else if (strcmp(argv[i], "--whitelist-home") == 0)
                        arg_whitelisthome = 1;
                else if (strcmp(argv[i], "--whitelist-var") == 0)
@@ -347,6 +364,9 @@ int main(int argc, char **argv) {
                assert(level == 0);
        }
+        if (arg_print_blacklist || arg_print_whitelist)
+                return 0;
        printf("\n");
        printf("Stats:\n");
        printf("    profiles\t\t\t%d\n", cnt_profiles);
author	netblue30 <netblue30@protonmail.com>	2021-11-30 08:23:01 -0500
committer	netblue30 <netblue30@protonmail.com>	2021-11-30 08:23:01 -0500
commit	8f93df99f16820d0b54a05e98abbcd8fcd1b83f1 (patch)
tree	b22face0e67d7a27fc0b679f6c74ae3a5b67820d /src/profstats/main.c
parent	Merge pull request #4712 from kmk3/configure-improvements2 (diff)
download	firejail-8f93df99f16820d0b54a05e98abbcd8fcd1b83f1.tar.gz firejail-8f93df99f16820d0b54a05e98abbcd8fcd1b83f1.tar.zst firejail-8f93df99f16820d0b54a05e98abbcd8fcd1b83f1.zip

diff --git a/src/profstats/main.c b/src/profstats/main.c index 10e44bd65..72c0710fe 100644 --- a/src/profstats/main.c +++ b/src/profstats/main.c
@@ -67,11 +67,11 @@ static int arg_dbus_system_none = 0;
67	static int arg_dbus_user_none = 0;	67	static int arg_dbus_user_none = 0;
68	static int arg_whitelisthome = 0;	68	static int arg_whitelisthome = 0;
69	static int arg_noroot = 0;	69	static int arg_noroot = 0;
70		70	static int arg_print_blacklist = 0;
		71	static int arg_print_whitelist = 0;
71		72
72	static char *profile = NULL;	73	static char *profile = NULL;
73		74
74
75	static void usage(void) {	75	static void usage(void) {
76	printf("proftool - print profile statistics\n");	76	printf("proftool - print profile statistics\n");
77	printf("Usage: proftool [options] file[s]\n");	77	printf("Usage: proftool [options] file[s]\n");
@@ -87,6 +87,8 @@ static void usage(void) {
87	printf(" --private-dev - print profiles without private-dev\n");	87	printf(" --private-dev - print profiles without private-dev\n");
88	printf(" --private-etc - print profiles without private-etc\n");	88	printf(" --private-etc - print profiles without private-etc\n");
89	printf(" --private-tmp - print profiles without private-tmp\n");	89	printf(" --private-tmp - print profiles without private-tmp\n");
		90	printf(" --print-blacklist - print all blacklists for a profile\n");
		91	printf(" --print-whitelist - print all whitelists for a profile\n");
90	printf(" --seccomp - print profiles without seccomp\n");	92	printf(" --seccomp - print profiles without seccomp\n");
91	printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");	93	printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");
92	printf(" --whitelist-home - print profiles whitelisting home directory\n");	94	printf(" --whitelist-home - print profiles whitelisting home directory\n");
@@ -125,6 +127,17 @@ void process_file(const char *fname) {
125	if (ptr == '\n' \|\| ptr == '#')	127	if (ptr == '\n' \|\| ptr == '#')
126	continue;	128	continue;
127		129
		130	if (arg_print_blacklist) {
		131	if (strncmp(ptr, "blacklist", 9) == 0 \|\|
		132	strncmp(ptr, "noblacklist", 11) == 0)
		133	printf("%s: %s\n", fname, ptr);
		134	}
		135	else if (arg_print_whitelist) {
		136	if (strncmp(ptr, "whitelist", 9) == 0 \|\|
		137	strncmp(ptr, "nowhitelist", 11) == 0)
		138	printf("%s: %s\n", fname, ptr);
		139	}
		140
128	if (strncmp(ptr, "seccomp", 7) == 0)	141	if (strncmp(ptr, "seccomp", 7) == 0)
129	cnt_seccomp++;	142	cnt_seccomp++;
130	else if (strncmp(ptr, "caps", 4) == 0)	143	else if (strncmp(ptr, "caps", 4) == 0)
@@ -227,6 +240,10 @@ int main(int argc, char **argv) {
227	arg_privatetmp = 1;	240	arg_privatetmp = 1;
228	else if (strcmp(argv[i], "--private-etc") == 0)	241	else if (strcmp(argv[i], "--private-etc") == 0)
229	arg_privateetc = 1;	242	arg_privateetc = 1;
		243	else if (strcmp(argv[i], "--print-blacklist") == 0)
		244	arg_print_blacklist = 1;
		245	else if (strcmp(argv[i], "--print-whitelist") == 0)
		246	arg_print_whitelist = 1;
230	else if (strcmp(argv[i], "--whitelist-home") == 0)	247	else if (strcmp(argv[i], "--whitelist-home") == 0)
231	arg_whitelisthome = 1;	248	arg_whitelisthome = 1;
232	else if (strcmp(argv[i], "--whitelist-var") == 0)	249	else if (strcmp(argv[i], "--whitelist-var") == 0)
@@ -347,6 +364,9 @@ int main(int argc, char **argv) {
347	assert(level == 0);	364	assert(level == 0);
348	}	365	}
349		366
		367	if (arg_print_blacklist \|\| arg_print_whitelist)
		368	return 0;
		369
350	printf("\n");	370	printf("\n");
351	printf("Stats:\n");	371	printf("Stats:\n");
352	printf(" profiles\t\t\t%d\n", cnt_profiles);	372	printf(" profiles\t\t\t%d\n", cnt_profiles);