diff options
author | netblue30 <netblue30@yahoo.com> | 2020-09-08 08:21:05 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-09-08 08:21:05 -0400 |
commit | aee833f8bbc958d71f78d55ba677a419b970aa05 (patch) | |
tree | 399b278ec726ddd0133f698a4dc91d4dc5a3e20a /src/profstats | |
parent | fix #3625 -- hedgewars crashes without access to liblua (diff) | |
download | firejail-aee833f8bbc958d71f78d55ba677a419b970aa05.tar.gz firejail-aee833f8bbc958d71f78d55ba677a419b970aa05.tar.zst firejail-aee833f8bbc958d71f78d55ba677a419b970aa05.zip |
profstats: track dbus-system none
Diffstat (limited to 'src/profstats')
-rw-r--r-- | src/profstats/main.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/profstats/main.c b/src/profstats/main.c index a75ad8e29..194cb210a 100644 --- a/src/profstats/main.c +++ b/src/profstats/main.c | |||
@@ -28,6 +28,7 @@ static int cnt_profiles = 0; | |||
28 | static int cnt_apparmor = 0; | 28 | static int cnt_apparmor = 0; |
29 | static int cnt_seccomp = 0; | 29 | static int cnt_seccomp = 0; |
30 | static int cnt_caps = 0; | 30 | static int cnt_caps = 0; |
31 | static int cnt_dbus_system_none = 0; | ||
31 | static int cnt_dotlocal = 0; | 32 | static int cnt_dotlocal = 0; |
32 | static int cnt_globalsdotlocal = 0; | 33 | static int cnt_globalsdotlocal = 0; |
33 | static int cnt_netnone = 0; | 34 | static int cnt_netnone = 0; |
@@ -57,6 +58,8 @@ static int arg_whitelistrunuser = 0; | |||
57 | static int arg_whitelistusrshare = 0; | 58 | static int arg_whitelistusrshare = 0; |
58 | static int arg_ssh = 0; | 59 | static int arg_ssh = 0; |
59 | static int arg_mdwx = 0; | 60 | static int arg_mdwx = 0; |
61 | static int arg_dbus_system_none = 0; | ||
62 | |||
60 | 63 | ||
61 | static char *profile = NULL; | 64 | static char *profile = NULL; |
62 | 65 | ||
@@ -67,6 +70,7 @@ static void usage(void) { | |||
67 | printf("Options:\n"); | 70 | printf("Options:\n"); |
68 | printf(" --apparmor - print profiles without apparmor\n"); | 71 | printf(" --apparmor - print profiles without apparmor\n"); |
69 | printf(" --caps - print profiles without caps\n"); | 72 | printf(" --caps - print profiles without caps\n"); |
73 | printf(" --dbus-system-none - profiles without \"dbus-system none\"\n"); | ||
70 | printf(" --ssh - print profiles without \"include disable-common.inc\"\n"); | 74 | printf(" --ssh - print profiles without \"include disable-common.inc\"\n"); |
71 | printf(" --noexec - print profiles without \"include disable-exec.inc\"\n"); | 75 | printf(" --noexec - print profiles without \"include disable-exec.inc\"\n"); |
72 | printf(" --private-bin - print profiles without private-bin\n"); | 76 | printf(" --private-bin - print profiles without private-bin\n"); |
@@ -138,6 +142,8 @@ void process_file(const char *fname) { | |||
138 | cnt_privatetmp++; | 142 | cnt_privatetmp++; |
139 | else if (strncmp(ptr, "private-etc", 11) == 0) | 143 | else if (strncmp(ptr, "private-etc", 11) == 0) |
140 | cnt_privateetc++; | 144 | cnt_privateetc++; |
145 | else if (strncmp(ptr, "dbus-system none", 16) == 0) | ||
146 | cnt_dbus_system_none++; | ||
141 | else if (strncmp(ptr, "include ", 8) == 0) { | 147 | else if (strncmp(ptr, "include ", 8) == 0) { |
142 | // not processing .local files | 148 | // not processing .local files |
143 | if (strstr(ptr, ".local")) { | 149 | if (strstr(ptr, ".local")) { |
@@ -148,6 +154,11 @@ void process_file(const char *fname) { | |||
148 | cnt_dotlocal++; | 154 | cnt_dotlocal++; |
149 | continue; | 155 | continue; |
150 | } | 156 | } |
157 | // clean blanks | ||
158 | char *ptr = buf + 8; | ||
159 | while (*ptr != '\0' && *ptr != ' ' && *ptr != '\t') | ||
160 | ptr++; | ||
161 | *ptr = '\0'; | ||
151 | process_file(buf + 8); | 162 | process_file(buf + 8); |
152 | } | 163 | } |
153 | } | 164 | } |
@@ -197,6 +208,8 @@ int main(int argc, char **argv) { | |||
197 | arg_whitelistusrshare = 1; | 208 | arg_whitelistusrshare = 1; |
198 | else if (strcmp(argv[i], "--ssh") == 0) | 209 | else if (strcmp(argv[i], "--ssh") == 0) |
199 | arg_ssh = 1; | 210 | arg_ssh = 1; |
211 | else if (strcmp(argv[i], "--dbus-system-none") == 0) | ||
212 | arg_dbus_system_none = 1; | ||
200 | else if (*argv[i] == '-') { | 213 | else if (*argv[i] == '-') { |
201 | fprintf(stderr, "Error: invalid option %s\n", argv[i]); | 214 | fprintf(stderr, "Error: invalid option %s\n", argv[i]); |
202 | return 1; | 215 | return 1; |
@@ -228,6 +241,7 @@ int main(int argc, char **argv) { | |||
228 | int whitelistvar = cnt_whitelistvar; | 241 | int whitelistvar = cnt_whitelistvar; |
229 | int whitelistrunuser = cnt_whitelistrunuser; | 242 | int whitelistrunuser = cnt_whitelistrunuser; |
230 | int whitelistusrshare = cnt_whitelistusrshare; | 243 | int whitelistusrshare = cnt_whitelistusrshare; |
244 | int dbussystemnone = cnt_dbus_system_none; | ||
231 | int ssh = cnt_ssh; | 245 | int ssh = cnt_ssh; |
232 | int mdwx = cnt_mdwx; | 246 | int mdwx = cnt_mdwx; |
233 | 247 | ||
@@ -249,6 +263,8 @@ int main(int argc, char **argv) { | |||
249 | if (cnt_whitelistrunuser > (whitelistrunuser + 1)) | 263 | if (cnt_whitelistrunuser > (whitelistrunuser + 1)) |
250 | cnt_whitelistrunuser = whitelistrunuser + 1; | 264 | cnt_whitelistrunuser = whitelistrunuser + 1; |
251 | 265 | ||
266 | if (arg_dbus_system_none && dbussystemnone == cnt_dbus_system_none) | ||
267 | printf("No dbus-system none found in %s\n", argv[i]); | ||
252 | if (arg_apparmor && apparmor == cnt_apparmor) | 268 | if (arg_apparmor && apparmor == cnt_apparmor) |
253 | printf("No apparmor found in %s\n", argv[i]); | 269 | printf("No apparmor found in %s\n", argv[i]); |
254 | if (arg_caps && caps == cnt_caps) | 270 | if (arg_caps && caps == cnt_caps) |
@@ -299,6 +315,7 @@ int main(int argc, char **argv) { | |||
299 | printf("\t\t\t\t\tor blacklist ${RUNUSER})\n"); | 315 | printf("\t\t\t\t\tor blacklist ${RUNUSER})\n"); |
300 | printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare); | 316 | printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare); |
301 | printf(" net none\t\t\t%d\n", cnt_netnone); | 317 | printf(" net none\t\t\t%d\n", cnt_netnone); |
318 | printf(" dbus-system none \t\t%d\n", cnt_dbus_system_none); | ||
302 | printf("\n"); | 319 | printf("\n"); |
303 | return 0; | 320 | return 0; |
304 | } | 321 | } |