aboutsummaryrefslogtreecommitdiffstats
path: root/src/profstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2020-09-08 08:21:05 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2020-09-08 08:21:05 -0400
commitaee833f8bbc958d71f78d55ba677a419b970aa05 (patch)
tree399b278ec726ddd0133f698a4dc91d4dc5a3e20a /src/profstats
parentfix #3625 -- hedgewars crashes without access to liblua (diff)
downloadfirejail-aee833f8bbc958d71f78d55ba677a419b970aa05.tar.gz
firejail-aee833f8bbc958d71f78d55ba677a419b970aa05.tar.zst
firejail-aee833f8bbc958d71f78d55ba677a419b970aa05.zip
profstats: track dbus-system none
Diffstat (limited to 'src/profstats')
-rw-r--r--src/profstats/main.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/src/profstats/main.c b/src/profstats/main.c
index a75ad8e29..194cb210a 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -28,6 +28,7 @@ static int cnt_profiles = 0;
28static int cnt_apparmor = 0; 28static int cnt_apparmor = 0;
29static int cnt_seccomp = 0; 29static int cnt_seccomp = 0;
30static int cnt_caps = 0; 30static int cnt_caps = 0;
31static int cnt_dbus_system_none = 0;
31static int cnt_dotlocal = 0; 32static int cnt_dotlocal = 0;
32static int cnt_globalsdotlocal = 0; 33static int cnt_globalsdotlocal = 0;
33static int cnt_netnone = 0; 34static int cnt_netnone = 0;
@@ -57,6 +58,8 @@ static int arg_whitelistrunuser = 0;
57static int arg_whitelistusrshare = 0; 58static int arg_whitelistusrshare = 0;
58static int arg_ssh = 0; 59static int arg_ssh = 0;
59static int arg_mdwx = 0; 60static int arg_mdwx = 0;
61static int arg_dbus_system_none = 0;
62
60 63
61static char *profile = NULL; 64static char *profile = NULL;
62 65
@@ -67,6 +70,7 @@ static void usage(void) {
67 printf("Options:\n"); 70 printf("Options:\n");
68 printf(" --apparmor - print profiles without apparmor\n"); 71 printf(" --apparmor - print profiles without apparmor\n");
69 printf(" --caps - print profiles without caps\n"); 72 printf(" --caps - print profiles without caps\n");
73 printf(" --dbus-system-none - profiles without \"dbus-system none\"\n");
70 printf(" --ssh - print profiles without \"include disable-common.inc\"\n"); 74 printf(" --ssh - print profiles without \"include disable-common.inc\"\n");
71 printf(" --noexec - print profiles without \"include disable-exec.inc\"\n"); 75 printf(" --noexec - print profiles without \"include disable-exec.inc\"\n");
72 printf(" --private-bin - print profiles without private-bin\n"); 76 printf(" --private-bin - print profiles without private-bin\n");
@@ -138,6 +142,8 @@ void process_file(const char *fname) {
138 cnt_privatetmp++; 142 cnt_privatetmp++;
139 else if (strncmp(ptr, "private-etc", 11) == 0) 143 else if (strncmp(ptr, "private-etc", 11) == 0)
140 cnt_privateetc++; 144 cnt_privateetc++;
145 else if (strncmp(ptr, "dbus-system none", 16) == 0)
146 cnt_dbus_system_none++;
141 else if (strncmp(ptr, "include ", 8) == 0) { 147 else if (strncmp(ptr, "include ", 8) == 0) {
142 // not processing .local files 148 // not processing .local files
143 if (strstr(ptr, ".local")) { 149 if (strstr(ptr, ".local")) {
@@ -148,6 +154,11 @@ void process_file(const char *fname) {
148 cnt_dotlocal++; 154 cnt_dotlocal++;
149 continue; 155 continue;
150 } 156 }
157 // clean blanks
158 char *ptr = buf + 8;
159 while (*ptr != '\0' && *ptr != ' ' && *ptr != '\t')
160 ptr++;
161 *ptr = '\0';
151 process_file(buf + 8); 162 process_file(buf + 8);
152 } 163 }
153 } 164 }
@@ -197,6 +208,8 @@ int main(int argc, char **argv) {
197 arg_whitelistusrshare = 1; 208 arg_whitelistusrshare = 1;
198 else if (strcmp(argv[i], "--ssh") == 0) 209 else if (strcmp(argv[i], "--ssh") == 0)
199 arg_ssh = 1; 210 arg_ssh = 1;
211 else if (strcmp(argv[i], "--dbus-system-none") == 0)
212 arg_dbus_system_none = 1;
200 else if (*argv[i] == '-') { 213 else if (*argv[i] == '-') {
201 fprintf(stderr, "Error: invalid option %s\n", argv[i]); 214 fprintf(stderr, "Error: invalid option %s\n", argv[i]);
202 return 1; 215 return 1;
@@ -228,6 +241,7 @@ int main(int argc, char **argv) {
228 int whitelistvar = cnt_whitelistvar; 241 int whitelistvar = cnt_whitelistvar;
229 int whitelistrunuser = cnt_whitelistrunuser; 242 int whitelistrunuser = cnt_whitelistrunuser;
230 int whitelistusrshare = cnt_whitelistusrshare; 243 int whitelistusrshare = cnt_whitelistusrshare;
244 int dbussystemnone = cnt_dbus_system_none;
231 int ssh = cnt_ssh; 245 int ssh = cnt_ssh;
232 int mdwx = cnt_mdwx; 246 int mdwx = cnt_mdwx;
233 247
@@ -249,6 +263,8 @@ int main(int argc, char **argv) {
249 if (cnt_whitelistrunuser > (whitelistrunuser + 1)) 263 if (cnt_whitelistrunuser > (whitelistrunuser + 1))
250 cnt_whitelistrunuser = whitelistrunuser + 1; 264 cnt_whitelistrunuser = whitelistrunuser + 1;
251 265
266 if (arg_dbus_system_none && dbussystemnone == cnt_dbus_system_none)
267 printf("No dbus-system none found in %s\n", argv[i]);
252 if (arg_apparmor && apparmor == cnt_apparmor) 268 if (arg_apparmor && apparmor == cnt_apparmor)
253 printf("No apparmor found in %s\n", argv[i]); 269 printf("No apparmor found in %s\n", argv[i]);
254 if (arg_caps && caps == cnt_caps) 270 if (arg_caps && caps == cnt_caps)
@@ -299,6 +315,7 @@ int main(int argc, char **argv) {
299 printf("\t\t\t\t\tor blacklist ${RUNUSER})\n"); 315 printf("\t\t\t\t\tor blacklist ${RUNUSER})\n");
300 printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare); 316 printf(" whitelist usr/share\t\t%d (include whitelist-usr-share-common.inc\n", cnt_whitelistusrshare);
301 printf(" net none\t\t\t%d\n", cnt_netnone); 317 printf(" net none\t\t\t%d\n", cnt_netnone);
318 printf(" dbus-system none \t\t%d\n", cnt_dbus_system_none);
302 printf("\n"); 319 printf("\n");
303 return 0; 320 return 0;
304} 321}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 13:36:38 +0000