diff options
author | netblue30 <netblue30@protonmail.com> | 2021-05-12 15:59:31 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-05-12 15:59:31 -0400 |
commit | 13e699fe26cc0eda1d7cd1f214d2909e08a1dc58 (patch) | |
tree | d45983d62b3286f10391c062fa7df7c68ca66986 /src/profstats | |
parent | Update dino.profile (diff) | |
download | firejail-13e699fe26cc0eda1d7cd1f214d2909e08a1dc58.tar.gz firejail-13e699fe26cc0eda1d7cd1f214d2909e08a1dc58.tar.zst firejail-13e699fe26cc0eda1d7cd1f214d2909e08a1dc58.zip |
more --build
Diffstat (limited to 'src/profstats')
-rw-r--r-- | src/profstats/main.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/profstats/main.c b/src/profstats/main.c index 5035280b1..10e44bd65 100644 --- a/src/profstats/main.c +++ b/src/profstats/main.c | |||
@@ -46,6 +46,7 @@ static int cnt_whitelistusrshare = 0; // include whitelist-usr-share-common.inc | |||
46 | static int cnt_ssh = 0; | 46 | static int cnt_ssh = 0; |
47 | static int cnt_mdwx = 0; | 47 | static int cnt_mdwx = 0; |
48 | static int cnt_whitelisthome = 0; | 48 | static int cnt_whitelisthome = 0; |
49 | static int cnt_noroot = 0; | ||
49 | 50 | ||
50 | static int level = 0; | 51 | static int level = 0; |
51 | static int arg_debug = 0; | 52 | static int arg_debug = 0; |
@@ -65,6 +66,7 @@ static int arg_mdwx = 0; | |||
65 | static int arg_dbus_system_none = 0; | 66 | static int arg_dbus_system_none = 0; |
66 | static int arg_dbus_user_none = 0; | 67 | static int arg_dbus_user_none = 0; |
67 | static int arg_whitelisthome = 0; | 68 | static int arg_whitelisthome = 0; |
69 | static int arg_noroot = 0; | ||
68 | 70 | ||
69 | 71 | ||
70 | static char *profile = NULL; | 72 | static char *profile = NULL; |
@@ -80,6 +82,7 @@ static void usage(void) { | |||
80 | printf(" --dbus-user-none - profiles without \"dbus-user none\"\n"); | 82 | printf(" --dbus-user-none - profiles without \"dbus-user none\"\n"); |
81 | printf(" --ssh - print profiles without \"include disable-common.inc\"\n"); | 83 | printf(" --ssh - print profiles without \"include disable-common.inc\"\n"); |
82 | printf(" --noexec - print profiles without \"include disable-exec.inc\"\n"); | 84 | printf(" --noexec - print profiles without \"include disable-exec.inc\"\n"); |
85 | printf(" --noroot - print profiles without \"noroot\"\n"); | ||
83 | printf(" --private-bin - print profiles without private-bin\n"); | 86 | printf(" --private-bin - print profiles without private-bin\n"); |
84 | printf(" --private-dev - print profiles without private-dev\n"); | 87 | printf(" --private-dev - print profiles without private-dev\n"); |
85 | printf(" --private-etc - print profiles without private-etc\n"); | 88 | printf(" --private-etc - print profiles without private-etc\n"); |
@@ -128,6 +131,8 @@ void process_file(const char *fname) { | |||
128 | cnt_caps++; | 131 | cnt_caps++; |
129 | else if (strncmp(ptr, "include disable-exec.inc", 24) == 0) | 132 | else if (strncmp(ptr, "include disable-exec.inc", 24) == 0) |
130 | cnt_noexec++; | 133 | cnt_noexec++; |
134 | else if (strncmp(ptr, "noroot", 6) == 0) | ||
135 | cnt_noroot++; | ||
131 | else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0) | 136 | else if (strncmp(ptr, "include whitelist-var-common.inc", 32) == 0) |
132 | cnt_whitelistvar++; | 137 | cnt_whitelistvar++; |
133 | else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 || | 138 | else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 || |
@@ -212,6 +217,8 @@ int main(int argc, char **argv) { | |||
212 | arg_mdwx = 1; | 217 | arg_mdwx = 1; |
213 | else if (strcmp(argv[i], "--noexec") == 0) | 218 | else if (strcmp(argv[i], "--noexec") == 0) |
214 | arg_noexec = 1; | 219 | arg_noexec = 1; |
220 | else if (strcmp(argv[i], "--noroot") == 0) | ||
221 | arg_noroot = 1; | ||
215 | else if (strcmp(argv[i], "--private-bin") == 0) | 222 | else if (strcmp(argv[i], "--private-bin") == 0) |
216 | arg_privatebin = 1; | 223 | arg_privatebin = 1; |
217 | else if (strcmp(argv[i], "--private-dev") == 0) | 224 | else if (strcmp(argv[i], "--private-dev") == 0) |
@@ -256,6 +263,7 @@ int main(int argc, char **argv) { | |||
256 | int caps = cnt_caps; | 263 | int caps = cnt_caps; |
257 | int apparmor = cnt_apparmor; | 264 | int apparmor = cnt_apparmor; |
258 | int noexec = cnt_noexec; | 265 | int noexec = cnt_noexec; |
266 | int noroot = cnt_noroot; | ||
259 | int privatebin = cnt_privatebin; | 267 | int privatebin = cnt_privatebin; |
260 | int privatetmp = cnt_privatetmp; | 268 | int privatetmp = cnt_privatetmp; |
261 | int privatedev = cnt_privatedev; | 269 | int privatedev = cnt_privatedev; |
@@ -313,6 +321,8 @@ int main(int argc, char **argv) { | |||
313 | printf("No seccomp found in %s\n", argv[i]); | 321 | printf("No seccomp found in %s\n", argv[i]); |
314 | if (arg_noexec && noexec == cnt_noexec) | 322 | if (arg_noexec && noexec == cnt_noexec) |
315 | printf("No include disable-exec.inc found in %s\n", argv[i]); | 323 | printf("No include disable-exec.inc found in %s\n", argv[i]); |
324 | if (arg_noroot && noroot == cnt_noroot) | ||
325 | printf("No noroot found in %s\n", argv[i]); | ||
316 | if (arg_privatedev && privatedev == cnt_privatedev) | 326 | if (arg_privatedev && privatedev == cnt_privatedev) |
317 | printf("No private-dev found in %s\n", argv[i]); | 327 | printf("No private-dev found in %s\n", argv[i]); |
318 | if (arg_privatebin && privatebin == cnt_privatebin) | 328 | if (arg_privatebin && privatebin == cnt_privatebin) |
@@ -346,6 +356,7 @@ int main(int argc, char **argv) { | |||
346 | printf(" seccomp\t\t\t%d\n", cnt_seccomp); | 356 | printf(" seccomp\t\t\t%d\n", cnt_seccomp); |
347 | printf(" capabilities\t\t%d\n", cnt_caps); | 357 | printf(" capabilities\t\t%d\n", cnt_caps); |
348 | printf(" noexec\t\t\t%d (include disable-exec.inc)\n", cnt_noexec); | 358 | printf(" noexec\t\t\t%d (include disable-exec.inc)\n", cnt_noexec); |
359 | printf(" noroot\t\t\t%d\n", cnt_noroot); | ||
349 | printf(" memory-deny-write-execute\t%d\n", cnt_mdwx); | 360 | printf(" memory-deny-write-execute\t%d\n", cnt_mdwx); |
350 | printf(" apparmor\t\t\t%d\n", cnt_apparmor); | 361 | printf(" apparmor\t\t\t%d\n", cnt_apparmor); |
351 | printf(" private-bin\t\t\t%d\n", cnt_privatebin); | 362 | printf(" private-bin\t\t\t%d\n", cnt_privatebin); |