diff options
author | netblue30 <netblue30@yahoo.com> | 2015-12-03 09:42:54 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-12-03 09:42:54 -0500 |
commit | 82c4f4ed6e1ba3c5fe87ca260fa6b545cab8a76b (patch) | |
tree | 2e1d621febeb282a908bc409f0e7cdcea1f653f9 /src | |
parent | --tracelog (diff) | |
download | firejail-82c4f4ed6e1ba3c5fe87ca260fa6b545cab8a76b.tar.gz firejail-82c4f4ed6e1ba3c5fe87ca260fa6b545cab8a76b.tar.zst firejail-82c4f4ed6e1ba3c5fe87ca260fa6b545cab8a76b.zip |
--tracelog
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs_home.c | 2 | ||||
-rw-r--r-- | src/firejail/usage.c | 2 | ||||
-rw-r--r-- | src/libtrace/libtrace.c | 12 | ||||
-rw-r--r-- | src/man/firejail.txt | 3 |
4 files changed, 18 insertions, 1 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index f9e8d62f9..d43302c9b 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -237,7 +237,7 @@ void fs_private(void) { | |||
237 | if (arg_debug) | 237 | if (arg_debug) |
238 | printf("Mounting a new /root directory\n"); | 238 | printf("Mounting a new /root directory\n"); |
239 | if (mount("tmpfs", "/root", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=700,gid=0") < 0) | 239 | if (mount("tmpfs", "/root", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=700,gid=0") < 0) |
240 | errExit("mounting home directory"); | 240 | errExit("mounting root directory"); |
241 | fs_logger("mount tmpfs on /root"); | 241 | fs_logger("mount tmpfs on /root"); |
242 | 242 | ||
243 | if (u != 0) { | 243 | if (u != 0) { |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 70b9cf24e..a64bafeb4 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -263,6 +263,8 @@ void usage(void) { | |||
263 | printf("\t--tmpfs=dirname - mount a tmpfs filesystem on directory dirname.\n\n"); | 263 | printf("\t--tmpfs=dirname - mount a tmpfs filesystem on directory dirname.\n\n"); |
264 | printf("\t--top - monitor the most CPU-intensive sandboxes.\n\n"); | 264 | printf("\t--top - monitor the most CPU-intensive sandboxes.\n\n"); |
265 | printf("\t--trace - trace open, access and connect system calls.\n\n"); | 265 | printf("\t--trace - trace open, access and connect system calls.\n\n"); |
266 | printf("\t--tracelog - add a log message in syslog for every access to blacklisted\n"); | ||
267 | printf("\t\tfiles or directories.\n\n"); | ||
266 | printf("\t--tree - print a tree of all sandboxed processes.\n\n"); | 268 | printf("\t--tree - print a tree of all sandboxed processes.\n\n"); |
267 | printf("\t--version - print program version and exit.\n\n"); | 269 | printf("\t--version - print program version and exit.\n\n"); |
268 | printf("\t--whitelist=dirname_or_filename - whitelist directory or file.\n\n"); | 270 | printf("\t--whitelist=dirname_or_filename - whitelist directory or file.\n\n"); |
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c index 3db931de1..3ca3ec698 100644 --- a/src/libtrace/libtrace.c +++ b/src/libtrace/libtrace.c | |||
@@ -29,6 +29,7 @@ | |||
29 | #include <arpa/inet.h> | 29 | #include <arpa/inet.h> |
30 | #include <sys/un.h> | 30 | #include <sys/un.h> |
31 | #include <sys/stat.h> | 31 | #include <sys/stat.h> |
32 | #include <dirent.h> | ||
32 | 33 | ||
33 | // break recursivity on fopen call | 34 | // break recursivity on fopen call |
34 | typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode); | 35 | typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode); |
@@ -431,6 +432,17 @@ int stat64(const char *pathname, struct stat64 *buf) { | |||
431 | } | 432 | } |
432 | #endif /* __GLIBC__ */ | 433 | #endif /* __GLIBC__ */ |
433 | 434 | ||
435 | // opendir | ||
436 | typedef DIR *(*orig_opendir_t)(const char *pathname); | ||
437 | static orig_opendir_t orig_opendir = NULL; | ||
438 | DIR *opendir(const char *pathname) { | ||
439 | if (!orig_opendir) | ||
440 | orig_opendir = (orig_opendir_t)dlsym(RTLD_NEXT, "opendir"); | ||
441 | |||
442 | DIR *rv = orig_opendir(pathname); | ||
443 | printf("%u:%s:opendir %s:%p\n", pid(), name(), pathname, rv); | ||
444 | return rv; | ||
445 | } | ||
434 | 446 | ||
435 | // access | 447 | // access |
436 | typedef int (*orig_access_t)(const char *pathname, int mode); | 448 | typedef int (*orig_access_t)(const char *pathname, int mode); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index fc52d4b79..28f75d023 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1296,6 +1296,9 @@ Child process initialized | |||
1296 | .br | 1296 | .br |
1297 | parent is shutting down, bye... | 1297 | parent is shutting down, bye... |
1298 | .TP | 1298 | .TP |
1299 | \fB\-\-tracelog | ||
1300 | Add a log message in syslog for every access to blacklisted files or directories. | ||
1301 | .TP | ||
1299 | \fB\-\-tree | 1302 | \fB\-\-tree |
1300 | Print a tree of all sandboxed processes, see MONITORING section for more details. | 1303 | Print a tree of all sandboxed processes, see MONITORING section for more details. |
1301 | .br | 1304 | .br |