aboutsummaryrefslogtreecommitdiffstats
path: root/src/profstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2020-10-02 12:43:56 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2020-10-02 12:43:56 -0400
commit2b0fe9759501818b10e0654e7f83383bb4b8e8a4 (patch)
tree998e9a852ca75eba18c145f1f9e27bb50d4d829a /src/profstats
parentsplitting up media players whitelists in whitelist-players.inc - relnotes (diff)
downloadfirejail-2b0fe9759501818b10e0654e7f83383bb4b8e8a4.tar.gz
firejail-2b0fe9759501818b10e0654e7f83383bb4b8e8a4.tar.zst
firejail-2b0fe9759501818b10e0654e7f83383bb4b8e8a4.zip
profstats - add count for whitelisted home dir, dbus-user none
Diffstat (limited to 'src/profstats')
-rw-r--r--src/profstats/main.c22
1 files changed, 22 insertions, 0 deletions
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 194cb210a..4c1221464 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -29,6 +29,7 @@ static int cnt_apparmor = 0;
29static int cnt_seccomp = 0; 29static int cnt_seccomp = 0;
30static int cnt_caps = 0; 30static int cnt_caps = 0;
31static int cnt_dbus_system_none = 0; 31static int cnt_dbus_system_none = 0;
32static int cnt_dbus_user_none = 0;
32static int cnt_dotlocal = 0; 33static int cnt_dotlocal = 0;
33static int cnt_globalsdotlocal = 0; 34static int cnt_globalsdotlocal = 0;
34static int cnt_netnone = 0; 35static int cnt_netnone = 0;
@@ -42,6 +43,7 @@ static int cnt_whitelistrunuser = 0; // include whitelist-runuser-common.inc
42static int cnt_whitelistusrshare = 0; // include whitelist-usr-share-common.inc 43static int cnt_whitelistusrshare = 0; // include whitelist-usr-share-common.inc
43static int cnt_ssh = 0; 44static int cnt_ssh = 0;
44static int cnt_mdwx = 0; 45static int cnt_mdwx = 0;
46static int cnt_whitelisthome = 0;
45 47
46static int level = 0; 48static int level = 0;
47static int arg_debug = 0; 49static int arg_debug = 0;
@@ -59,6 +61,8 @@ static int arg_whitelistusrshare = 0;
59static int arg_ssh = 0; 61static int arg_ssh = 0;
60static int arg_mdwx = 0; 62static int arg_mdwx = 0;
61static int arg_dbus_system_none = 0; 63static int arg_dbus_system_none = 0;
64static int arg_dbus_user_none = 0;
65static int arg_whitelisthome = 0;
62 66
63 67
64static char *profile = NULL; 68static char *profile = NULL;
@@ -71,6 +75,7 @@ static void usage(void) {
71 printf(" --apparmor - print profiles without apparmor\n"); 75 printf(" --apparmor - print profiles without apparmor\n");
72 printf(" --caps - print profiles without caps\n"); 76 printf(" --caps - print profiles without caps\n");
73 printf(" --dbus-system-none - profiles without \"dbus-system none\"\n"); 77 printf(" --dbus-system-none - profiles without \"dbus-system none\"\n");
78 printf(" --dbus-user-none - profiles without \"dbus-user none\"\n");
74 printf(" --ssh - print profiles without \"include disable-common.inc\"\n"); 79 printf(" --ssh - print profiles without \"include disable-common.inc\"\n");
75 printf(" --noexec - print profiles without \"include disable-exec.inc\"\n"); 80 printf(" --noexec - print profiles without \"include disable-exec.inc\"\n");
76 printf(" --private-bin - print profiles without private-bin\n"); 81 printf(" --private-bin - print profiles without private-bin\n");
@@ -79,6 +84,7 @@ static void usage(void) {
79 printf(" --private-tmp - print profiles without private-tmp\n"); 84 printf(" --private-tmp - print profiles without private-tmp\n");
80 printf(" --seccomp - print profiles without seccomp\n"); 85 printf(" --seccomp - print profiles without seccomp\n");
81 printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n"); 86 printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");
87 printf(" --whitelist-home - print profiles whitelisting home directory\n");
82 printf(" --whitelist-var - print profiles without \"include whitelist-var-common.inc\"\n"); 88 printf(" --whitelist-var - print profiles without \"include whitelist-var-common.inc\"\n");
83 printf(" --whitelist-runuser - print profiles without \"include whitelist-runuser-common.inc\" or \"blacklist ${RUNUSER}\"\n"); 89 printf(" --whitelist-runuser - print profiles without \"include whitelist-runuser-common.inc\" or \"blacklist ${RUNUSER}\"\n");
84 printf(" --whitelist-usrshare - print profiles without \"include whitelist-usr-share-common.inc\"\n"); 90 printf(" --whitelist-usrshare - print profiles without \"include whitelist-usr-share-common.inc\"\n");
@@ -124,6 +130,8 @@ void process_file(const char *fname) {
124 else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 || 130 else if (strncmp(ptr, "include whitelist-runuser-common.inc", 36) == 0 ||
125 strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0) 131 strncmp(ptr, "blacklist ${RUNUSER}", 20) == 0)
126 cnt_whitelistrunuser++; 132 cnt_whitelistrunuser++;
133 else if (strncmp(ptr, "include whitelist-common.inc", 28) == 0)
134 cnt_whitelisthome++;
127 else if (strncmp(ptr, "include whitelist-usr-share-common.inc", 38) == 0) 135 else if (strncmp(ptr, "include whitelist-usr-share-common.inc", 38) == 0)
128 cnt_whitelistusrshare++; 136 cnt_whitelistusrshare++;
129 else if (strncmp(ptr, "include disable-common.inc", 26) == 0) 137 else if (strncmp(ptr, "include disable-common.inc", 26) == 0)
@@ -144,6 +152,8 @@ void process_file(const char *fname) {
144 cnt_privateetc++; 152 cnt_privateetc++;
145 else if (strncmp(ptr, "dbus-system none", 16) == 0) 153 else if (strncmp(ptr, "dbus-system none", 16) == 0)
146 cnt_dbus_system_none++; 154 cnt_dbus_system_none++;
155 else if (strncmp(ptr, "dbus-user none", 14) == 0)
156 cnt_dbus_user_none++;
147 else if (strncmp(ptr, "include ", 8) == 0) { 157 else if (strncmp(ptr, "include ", 8) == 0) {
148 // not processing .local files 158 // not processing .local files
149 if (strstr(ptr, ".local")) { 159 if (strstr(ptr, ".local")) {
@@ -200,6 +210,8 @@ int main(int argc, char **argv) {
200 arg_privatetmp = 1; 210 arg_privatetmp = 1;
201 else if (strcmp(argv[i], "--private-etc") == 0) 211 else if (strcmp(argv[i], "--private-etc") == 0)
202 arg_privateetc = 1; 212 arg_privateetc = 1;
213 else if (strcmp(argv[i], "--whitelist-home") == 0)
214 arg_whitelisthome = 1;
203 else if (strcmp(argv[i], "--whitelist-var") == 0) 215 else if (strcmp(argv[i], "--whitelist-var") == 0)
204 arg_whitelistvar = 1; 216 arg_whitelistvar = 1;
205 else if (strcmp(argv[i], "--whitelist-runuser") == 0) 217 else if (strcmp(argv[i], "--whitelist-runuser") == 0)
@@ -210,6 +222,8 @@ int main(int argc, char **argv) {
210 arg_ssh = 1; 222 arg_ssh = 1;
211 else if (strcmp(argv[i], "--dbus-system-none") == 0) 223 else if (strcmp(argv[i], "--dbus-system-none") == 0)
212 arg_dbus_system_none = 1; 224 arg_dbus_system_none = 1;
225 else if (strcmp(argv[i], "--dbus-user-none") == 0)
226 arg_dbus_user_none = 1;
213 else if (*argv[i] == '-') { 227 else if (*argv[i] == '-') {
214 fprintf(stderr, "Error: invalid option %s\n", argv[i]); 228 fprintf(stderr, "Error: invalid option %s\n", argv[i]);
215 return 1; 229 return 1;
@@ -238,10 +252,12 @@ int main(int argc, char **argv) {
238 int privateetc = cnt_privateetc; 252 int privateetc = cnt_privateetc;
239 int dotlocal = cnt_dotlocal; 253 int dotlocal = cnt_dotlocal;
240 int globalsdotlocal = cnt_globalsdotlocal; 254 int globalsdotlocal = cnt_globalsdotlocal;
255 int whitelisthome = cnt_whitelisthome;
241 int whitelistvar = cnt_whitelistvar; 256 int whitelistvar = cnt_whitelistvar;
242 int whitelistrunuser = cnt_whitelistrunuser; 257 int whitelistrunuser = cnt_whitelistrunuser;
243 int whitelistusrshare = cnt_whitelistusrshare; 258 int whitelistusrshare = cnt_whitelistusrshare;
244 int dbussystemnone = cnt_dbus_system_none; 259 int dbussystemnone = cnt_dbus_system_none;
260 int dbususernone = cnt_dbus_user_none;
245 int ssh = cnt_ssh; 261 int ssh = cnt_ssh;
246 int mdwx = cnt_mdwx; 262 int mdwx = cnt_mdwx;
247 263
@@ -265,6 +281,8 @@ int main(int argc, char **argv) {
265 281
266 if (arg_dbus_system_none && dbussystemnone == cnt_dbus_system_none) 282 if (arg_dbus_system_none && dbussystemnone == cnt_dbus_system_none)
267 printf("No dbus-system none found in %s\n", argv[i]); 283 printf("No dbus-system none found in %s\n", argv[i]);
284 if (arg_dbus_user_none && dbususernone == cnt_dbus_user_none)
285 printf("No dbus-user none found in %s\n", argv[i]);
268 if (arg_apparmor && apparmor == cnt_apparmor) 286 if (arg_apparmor && apparmor == cnt_apparmor)
269 printf("No apparmor found in %s\n", argv[i]); 287 printf("No apparmor found in %s\n", argv[i]);
270 if (arg_caps && caps == cnt_caps) 288 if (arg_caps && caps == cnt_caps)
@@ -281,6 +299,8 @@ int main(int argc, char **argv) {
281 printf("No private-tmp found in %s\n", argv[i]); 299 printf("No private-tmp found in %s\n", argv[i]);
282 if (arg_privateetc && privateetc == cnt_privateetc) 300 if (arg_privateetc && privateetc == cnt_privateetc)
283 printf("No private-etc found in %s\n", argv[i]); 301 printf("No private-etc found in %s\n", argv[i]);
302 if (arg_whitelisthome && whitelisthome == cnt_whitelisthome)
303 printf("Home directory not whitelisted in %s\n", argv[i]);
284 if (arg_whitelistvar && whitelistvar == cnt_whitelistvar) 304 if (arg_whitelistvar && whitelistvar == cnt_whitelistvar)
285 printf("No include whitelist-var-common.inc found in %s\n", argv[i]); 305 printf("No include whitelist-var-common.inc found in %s\n", argv[i]);
286 if (arg_whitelistrunuser && whitelistrunuser == cnt_whitelistrunuser) 306 if (arg_whitelistrunuser && whitelistrunuser == cnt_whitelistrunuser)
@@ -310,11 +330,13 @@ int main(int argc, char **argv) {
310 printf(" private-dev\t\t\t%d\n", cnt_privatedev); 330 printf(" private-dev\t\t\t%d\n", cnt_privatedev);
311 printf(" private-etc\t\t\t%d\n", cnt_privateetc); 331 printf(" private-etc\t\t\t%d\n", cnt_privateetc);
312 printf(" private-tmp\t\t\t%d\n", cnt_privatetmp); 332 printf(" private-tmp\t\t\t%d\n", cnt_privatetmp);
333 printf(" whitelist home directory\t%d\n", cnt_whitelisthome);
313 printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar); 334 printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar);
314 printf(" whitelist run/user\t\t%d (include whitelist-runuser-common.inc\n", cnt_whitelistrunuser); 335 printf(" whitelist run/user\t\t%d (include whitelist-runuser-common.inc\n", cnt_whitelistrunuser);
315 printf("\t\t\t\t\tor blacklist ${RUNUSER})\n"); 336 printf("\t\t\t\t\tor blacklist ${RUNUSER})\n");
316 printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare); 337 printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare);
317 printf(" net none\t\t\t%d\n", cnt_netnone); 338 printf(" net none\t\t\t%d\n", cnt_netnone);
339 printf(" dbus-user none \t\t%d\n", cnt_dbus_user_none);
318 printf(" dbus-system none \t\t%d\n", cnt_dbus_system_none); 340 printf(" dbus-system none \t\t%d\n", cnt_dbus_system_none);
319 printf("\n"); 341 printf("\n");
320 return 0; 342 return 0;
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 14:27:16 +0000