diff options
author | netblue30 <netblue30@yahoo.com> | 2016-11-11 09:44:45 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-11-11 09:44:45 -0500 |
commit | c8f8341c277acc6a424be0777681455e0d07fd72 (patch) | |
tree | 4b169090b18c076b5832028d44852848c0bb635f /src | |
parent | hidepid part 2 (diff) | |
download | firejail-c8f8341c277acc6a424be0777681455e0d07fd72.tar.gz firejail-c8f8341c277acc6a424be0777681455e0d07fd72.tar.zst firejail-c8f8341c277acc6a424be0777681455e0d07fd72.zip |
hidepid part 3
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/bandwidth.c | 15 | ||||
-rw-r--r-- | src/firejail/caps.c | 16 | ||||
-rw-r--r-- | src/firejail/cpu.c | 15 | ||||
-rw-r--r-- | src/firejail/firejail.h | 12 | ||||
-rw-r--r-- | src/firejail/fs_logger.c | 16 | ||||
-rw-r--r-- | src/firejail/join.c | 15 | ||||
-rw-r--r-- | src/firejail/ls.c | 16 | ||||
-rw-r--r-- | src/firejail/network_main.c | 17 | ||||
-rw-r--r-- | src/firejail/protocol.c | 23 | ||||
-rw-r--r-- | src/firejail/seccomp.c | 15 | ||||
-rw-r--r-- | src/firejail/shutdown.c | 16 |
11 files changed, 2 insertions, 174 deletions
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index 512cc0b05..5e9002f22 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -311,21 +311,6 @@ void bandwidth_set(pid_t pid, const char *dev, int down, int up) { | |||
311 | //*********************************** | 311 | //*********************************** |
312 | // command execution | 312 | // command execution |
313 | //*********************************** | 313 | //*********************************** |
314 | void bandwidth_name(const char *name, const char *command, const char *dev, int down, int up) { | ||
315 | EUID_ASSERT(); | ||
316 | if (!name || strlen(name) == 0) { | ||
317 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
318 | exit(1); | ||
319 | } | ||
320 | pid_t pid; | ||
321 | if (name2pid(name, &pid)) { | ||
322 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
323 | exit(1); | ||
324 | } | ||
325 | |||
326 | bandwidth_pid(pid, command, dev, down, up); | ||
327 | } | ||
328 | |||
329 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up) { | 314 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up) { |
330 | EUID_ASSERT(); | 315 | EUID_ASSERT(); |
331 | //************************ | 316 | //************************ |
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 2d42c7d8a..3fd8b576e 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
@@ -401,22 +401,6 @@ static uint64_t extract_caps(int pid) { | |||
401 | exit(1); | 401 | exit(1); |
402 | } | 402 | } |
403 | 403 | ||
404 | |||
405 | void caps_print_filter_name(const char *name) { | ||
406 | EUID_ASSERT(); | ||
407 | if (!name || strlen(name) == 0) { | ||
408 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
409 | exit(1); | ||
410 | } | ||
411 | pid_t pid; | ||
412 | if (name2pid(name, &pid)) { | ||
413 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
414 | exit(1); | ||
415 | } | ||
416 | |||
417 | caps_print_filter(pid); | ||
418 | } | ||
419 | |||
420 | void caps_print_filter(pid_t pid) { | 404 | void caps_print_filter(pid_t pid) { |
421 | EUID_ASSERT(); | 405 | EUID_ASSERT(); |
422 | 406 | ||
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c index cfb03e5fc..7f53fed0f 100644 --- a/src/firejail/cpu.c +++ b/src/firejail/cpu.c | |||
@@ -168,21 +168,6 @@ static void print_cpu(int pid) { | |||
168 | free(file); | 168 | free(file); |
169 | } | 169 | } |
170 | 170 | ||
171 | void cpu_print_filter_name(const char *name) { | ||
172 | EUID_ASSERT(); | ||
173 | if (!name || strlen(name) == 0) { | ||
174 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
175 | exit(1); | ||
176 | } | ||
177 | pid_t pid; | ||
178 | if (name2pid(name, &pid)) { | ||
179 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
180 | exit(1); | ||
181 | } | ||
182 | |||
183 | cpu_print_filter(pid); | ||
184 | } | ||
185 | |||
186 | void cpu_print_filter(pid_t pid) { | 171 | void cpu_print_filter(pid_t pid) { |
187 | EUID_ASSERT(); | 172 | EUID_ASSERT(); |
188 | 173 | ||
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index b8126cfe7..435405fd9 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -356,7 +356,6 @@ void net_configure_bridge(Bridge *br, char *dev_name); | |||
356 | void net_configure_sandbox_ip(Bridge *br); | 356 | void net_configure_sandbox_ip(Bridge *br); |
357 | void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child); | 357 | void net_configure_veth_pair(Bridge *br, const char *ifname, pid_t child); |
358 | void net_check_cfg(void); | 358 | void net_check_cfg(void); |
359 | void net_dns_print_name(const char *name); | ||
360 | void net_dns_print(pid_t pid); | 359 | void net_dns_print(pid_t pid); |
361 | void network_main(pid_t child); | 360 | void network_main(pid_t child); |
362 | 361 | ||
@@ -420,9 +419,9 @@ void usage(void); | |||
420 | 419 | ||
421 | // join.c | 420 | // join.c |
422 | void join(pid_t pid, int argc, char **argv, int index); | 421 | void join(pid_t pid, int argc, char **argv, int index); |
423 | void join_name(const char *name, int argc, char **argv, int index); | 422 | |
423 | // shutdown.c | ||
424 | void shut(pid_t pid); | 424 | void shut(pid_t pid); |
425 | void shut_name(const char *name); | ||
426 | 425 | ||
427 | // restricted_shell.c | 426 | // restricted_shell.c |
428 | int restricted_shell(const char *user); | 427 | int restricted_shell(const char *user); |
@@ -501,7 +500,6 @@ void seccomp_filter_32(void); | |||
501 | void seccomp_filter_64(void); | 500 | void seccomp_filter_64(void); |
502 | int seccomp_filter_drop(int enforce_seccomp); | 501 | int seccomp_filter_drop(int enforce_seccomp); |
503 | int seccomp_filter_keep(void); | 502 | int seccomp_filter_keep(void); |
504 | void seccomp_print_filter_name(const char *name); | ||
505 | void seccomp_print_filter(pid_t pid); | 503 | void seccomp_print_filter(pid_t pid); |
506 | 504 | ||
507 | // caps.c | 505 | // caps.c |
@@ -513,7 +511,6 @@ int caps_check_list(const char *clist, void (*callback)(int)); | |||
513 | void caps_drop_list(const char *clist); | 511 | void caps_drop_list(const char *clist); |
514 | void caps_keep_list(const char *clist); | 512 | void caps_keep_list(const char *clist); |
515 | void caps_print_filter(pid_t pid); | 513 | void caps_print_filter(pid_t pid); |
516 | void caps_print_filter_name(const char *name); | ||
517 | 514 | ||
518 | // syscall.c | 515 | // syscall.c |
519 | const char *syscall_find_nr(int nr); | 516 | const char *syscall_find_nr(int nr); |
@@ -536,7 +533,6 @@ void read_cpu_list(const char *str); | |||
536 | void set_cpu_affinity(void); | 533 | void set_cpu_affinity(void); |
537 | void load_cpu(const char *fname); | 534 | void load_cpu(const char *fname); |
538 | void save_cpu(void); | 535 | void save_cpu(void); |
539 | void cpu_print_filter_name(const char *name); | ||
540 | void cpu_print_filter(pid_t pid); | 536 | void cpu_print_filter(pid_t pid); |
541 | 537 | ||
542 | // cgroup.c | 538 | // cgroup.c |
@@ -554,7 +550,6 @@ void netfilter6(const char *fname); | |||
554 | 550 | ||
555 | // bandwidth.c | 551 | // bandwidth.c |
556 | void bandwidth_del_run_file(pid_t pid); | 552 | void bandwidth_del_run_file(pid_t pid); |
557 | void bandwidth_name(const char *name, const char *command, const char *dev, int down, int up); | ||
558 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up); | 553 | void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, int up); |
559 | void network_del_run_file(pid_t pid); | 554 | void network_del_run_file(pid_t pid); |
560 | void network_set_run_file(pid_t pid); | 555 | void network_set_run_file(pid_t pid); |
@@ -599,7 +594,6 @@ void fs_private_bin_list(void); | |||
599 | // protocol.c | 594 | // protocol.c |
600 | void protocol_filter_save(void); | 595 | void protocol_filter_save(void); |
601 | void protocol_filter_load(const char *fname); | 596 | void protocol_filter_load(const char *fname); |
602 | void protocol_print_filter_name(const char *name); | ||
603 | void protocol_print_filter(pid_t pid); | 597 | void protocol_print_filter(pid_t pid); |
604 | 598 | ||
605 | // restrict_users.c | 599 | // restrict_users.c |
@@ -612,7 +606,6 @@ void fs_logger2int(const char *msg1, int d); | |||
612 | void fs_logger3(const char *msg1, const char *msg2, const char *msg3); | 606 | void fs_logger3(const char *msg1, const char *msg2, const char *msg3); |
613 | void fs_logger_print(void); | 607 | void fs_logger_print(void); |
614 | void fs_logger_change_owner(void); | 608 | void fs_logger_change_owner(void); |
615 | void fs_logger_print_log_name(const char *name); | ||
616 | void fs_logger_print_log(pid_t pid); | 609 | void fs_logger_print_log(pid_t pid); |
617 | 610 | ||
618 | // run_symlink.c | 611 | // run_symlink.c |
@@ -641,7 +634,6 @@ enum { | |||
641 | SANDBOX_FS_PUT, | 634 | SANDBOX_FS_PUT, |
642 | SANDBOX_FS_MAX // this should always be the last entry | 635 | SANDBOX_FS_MAX // this should always be the last entry |
643 | }; | 636 | }; |
644 | void sandboxfs_name(int op, const char *name, const char *path1, const char *path2); | ||
645 | void sandboxfs(int op, pid_t pid, const char *path1, const char *path2); | 637 | void sandboxfs(int op, pid_t pid, const char *path1, const char *path2); |
646 | 638 | ||
647 | // checkcfg.c | 639 | // checkcfg.c |
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c index 9f33b36d9..052a41457 100644 --- a/src/firejail/fs_logger.c +++ b/src/firejail/fs_logger.c | |||
@@ -117,22 +117,6 @@ void fs_logger_change_owner(void) { | |||
117 | errExit("chown"); | 117 | errExit("chown"); |
118 | } | 118 | } |
119 | 119 | ||
120 | void fs_logger_print_log_name(const char *name) { | ||
121 | EUID_ASSERT(); | ||
122 | |||
123 | if (!name || strlen(name) == 0) { | ||
124 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
125 | exit(1); | ||
126 | } | ||
127 | pid_t pid; | ||
128 | if (name2pid(name, &pid)) { | ||
129 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
130 | exit(1); | ||
131 | } | ||
132 | |||
133 | fs_logger_print_log(pid); | ||
134 | } | ||
135 | |||
136 | void fs_logger_print_log(pid_t pid) { | 120 | void fs_logger_print_log(pid_t pid) { |
137 | EUID_ASSERT(); | 121 | EUID_ASSERT(); |
138 | 122 | ||
diff --git a/src/firejail/join.c b/src/firejail/join.c index 6f1e9455c..899166447 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -173,21 +173,6 @@ static void extract_user_namespace(pid_t pid) { | |||
173 | free(uidmap); | 173 | free(uidmap); |
174 | } | 174 | } |
175 | 175 | ||
176 | void join_name(const char *name, int argc, char **argv, int index) { | ||
177 | EUID_ASSERT(); | ||
178 | if (!name || strlen(name) == 0) { | ||
179 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
180 | exit(1); | ||
181 | } | ||
182 | |||
183 | pid_t pid; | ||
184 | if (name2pid(name, &pid)) { | ||
185 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
186 | exit(1); | ||
187 | } | ||
188 | join(pid, argc, argv, index); | ||
189 | } | ||
190 | |||
191 | void join(pid_t pid, int argc, char **argv, int index) { | 176 | void join(pid_t pid, int argc, char **argv, int index) { |
192 | EUID_ASSERT(); | 177 | EUID_ASSERT(); |
193 | char *homedir = cfg.homedir; | 178 | char *homedir = cfg.homedir; |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 1b759d7a1..86c3a6079 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
@@ -185,22 +185,6 @@ static void print_directory(const char *path) { | |||
185 | free(namelist); | 185 | free(namelist); |
186 | } | 186 | } |
187 | 187 | ||
188 | void sandboxfs_name(int op, const char *name, const char *path1, const char *path2) { | ||
189 | EUID_ASSERT(); | ||
190 | |||
191 | if (!name || strlen(name) == 0) { | ||
192 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
193 | exit(1); | ||
194 | } | ||
195 | pid_t pid; | ||
196 | if (name2pid(name, &pid)) { | ||
197 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
198 | exit(1); | ||
199 | } | ||
200 | |||
201 | sandboxfs(op, pid, path1, path2); | ||
202 | } | ||
203 | |||
204 | char *expand_path(const char *path) { | 188 | char *expand_path(const char *path) { |
205 | char *fname = NULL; | 189 | char *fname = NULL; |
206 | if (*path == '/') { | 190 | if (*path == '/') { |
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index 8a9c47f0e..9fbc09d2b 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -231,23 +231,6 @@ void net_check_cfg(void) { | |||
231 | } | 231 | } |
232 | } | 232 | } |
233 | 233 | ||
234 | |||
235 | |||
236 | void net_dns_print_name(const char *name) { | ||
237 | EUID_ASSERT(); | ||
238 | if (!name || strlen(name) == 0) { | ||
239 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
240 | exit(1); | ||
241 | } | ||
242 | pid_t pid; | ||
243 | if (name2pid(name, &pid)) { | ||
244 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
245 | exit(1); | ||
246 | } | ||
247 | |||
248 | net_dns_print(pid); | ||
249 | } | ||
250 | |||
251 | #define MAXBUF 4096 | 234 | #define MAXBUF 4096 |
252 | void net_dns_print(pid_t pid) { | 235 | void net_dns_print(pid_t pid) { |
253 | EUID_ASSERT(); | 236 | EUID_ASSERT(); |
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index e8e88aee9..2a09ed010 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c | |||
@@ -59,29 +59,6 @@ void protocol_filter_load(const char *fname) { | |||
59 | 59 | ||
60 | 60 | ||
61 | // --protocol.print | 61 | // --protocol.print |
62 | void protocol_print_filter_name(const char *name) { | ||
63 | EUID_ASSERT(); | ||
64 | |||
65 | (void) name; | ||
66 | #ifdef SYS_socket | ||
67 | if (!name || strlen(name) == 0) { | ||
68 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
69 | exit(1); | ||
70 | } | ||
71 | pid_t pid; | ||
72 | if (name2pid(name, &pid)) { | ||
73 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
74 | exit(1); | ||
75 | } | ||
76 | |||
77 | protocol_print_filter(pid); | ||
78 | #else | ||
79 | fprintf(stderr, "Warning: --protocol not supported on this platform\n"); | ||
80 | return; | ||
81 | #endif | ||
82 | } | ||
83 | |||
84 | // --protocol.print | ||
85 | void protocol_print_filter(pid_t pid) { | 62 | void protocol_print_filter(pid_t pid) { |
86 | EUID_ASSERT(); | 63 | EUID_ASSERT(); |
87 | 64 | ||
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index 20807f5b1..4a2221e98 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -232,21 +232,6 @@ int seccomp_filter_keep(void) { | |||
232 | return seccomp_load(RUN_SECCOMP_CFG); | 232 | return seccomp_load(RUN_SECCOMP_CFG); |
233 | } | 233 | } |
234 | 234 | ||
235 | void seccomp_print_filter_name(const char *name) { | ||
236 | EUID_ASSERT(); | ||
237 | if (!name || strlen(name) == 0) { | ||
238 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
239 | exit(1); | ||
240 | } | ||
241 | pid_t pid; | ||
242 | if (name2pid(name, &pid)) { | ||
243 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
244 | exit(1); | ||
245 | } | ||
246 | |||
247 | seccomp_print_filter(pid); | ||
248 | } | ||
249 | |||
250 | void seccomp_print_filter(pid_t pid) { | 235 | void seccomp_print_filter(pid_t pid) { |
251 | EUID_ASSERT(); | 236 | EUID_ASSERT(); |
252 | 237 | ||
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index 8d8035bfb..c23e87321 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c | |||
@@ -23,22 +23,6 @@ | |||
23 | #include <fcntl.h> | 23 | #include <fcntl.h> |
24 | #include <sys/prctl.h> | 24 | #include <sys/prctl.h> |
25 | 25 | ||
26 | void shut_name(const char *name) { | ||
27 | EUID_ASSERT(); | ||
28 | if (!name || strlen(name) == 0) { | ||
29 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
30 | exit(1); | ||
31 | } | ||
32 | |||
33 | pid_t pid; | ||
34 | if (name2pid(name, &pid)) { | ||
35 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
36 | exit(1); | ||
37 | } | ||
38 | |||
39 | shut(pid); | ||
40 | } | ||
41 | |||
42 | void shut(pid_t pid) { | 26 | void shut(pid_t pid) { |
43 | EUID_ASSERT(); | 27 | EUID_ASSERT(); |
44 | 28 | ||