add support for sandbox name in profile files

author: netblue30 <netblue30@yahoo.com> 2015-12-17 10:31:39 -0500
committer: netblue30 <netblue30@yahoo.com> 2015-12-17 10:31:39 -0500
commit: 24d38a4a23dc0beb66fe03dd042aefae47b03d50 (patch)
tree: df42fee1cdb91d70da9b2905898664a5de35cf9f /src
parent: better error reporting for profile files (diff)
download: firejail-24d38a4a23dc0beb66fe03dd042aefae47b03d50.tar.gz
firejail-24d38a4a23dc0beb66fe03dd042aefae47b03d50.tar.zst
firejail-24d38a4a23dc0beb66fe03dd042aefae47b03d50.zip
3 files changed, 35 insertions, 2 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 4a1990382..356807acf 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -276,9 +276,9 @@ int sandbox(void* sandbox_arg) {
        //****************************
        // log sandbox data
        //****************************
-        fs_logger2int("sandbox pid:", (int) sandbox_pid);
        if (cfg.name)
                fs_logger2("sandbox name:", cfg.name);
+        fs_logger2int("sandbox pid:", (int) sandbox_pid);
        if (cfg.chrootdir)
                fs_logger("sandbox filesystem: chroot");
        else if (arg_overlay)   
diff --git a/src/lib/common.c b/src/lib/common.c
index 7d2ee5362..90cee3e10 100644
--- a/src/lib/common.c
+++ b/src/lib/common.c
@@ -31,6 +31,7 @@
 #include <dirent.h>
 #include <string.h>
 #include "../include/common.h"
+#define BUFLEN 4096
 int join_namespace(pid_t pid, char *type) {
        char *path;
@@ -100,6 +101,32 @@ int name2pid(const char *name, pid_t *pid) {
                        char *start = ptr;
                        if (!ptr) {
                                free(cmd);
+                                
+                                // extract name for /run/mnt/firejail/fslogger file
+                                char *fname;
+                                if (asprintf(&fname, "/proc/%d/root/run/firejail/mnt/fslogger", newpid) == -1)
+                                        errExit("asprintf");
+                                struct stat s;
+                                if (stat(fname, &s) == 0) {
+                                        FILE *fp = fopen(fname, "r");
+                                        if (fp) {
+                                                char buf[BUFLEN];
+                                                if (fgets(buf, BUFLEN, fp)) {
+                                                        if (strncmp(buf, "sandbox name: ", 14) == 0) {
+                                                                char *ptr2 = buf + 14;
+                                                                if (strncmp(name, ptr2, strlen(name)) == 0) {
+                                                                        fclose(fp);
+                                                                        *pid = newpid;
+                                                                        closedir(dir);
+                                                                        return 0;
+                                                                }
+                                                        }
+                                                }
+                                                fclose(fp);
+                                        }
+                                }       
+                                
                                continue;
                        }
                        while (*ptr != ' ' && *ptr != '\t' && *ptr != '\0')
@@ -119,7 +146,6 @@ int name2pid(const char *name, pid_t *pid) {
        return 1;
 }
-#define BUFLEN 4096
 char *pid_proc_comm(const pid_t pid) {
        // open /proc/pid/cmdline file
        char *fname;
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index e9cb1aa49..59d4a81ae 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -233,6 +233,13 @@ cgroup /sys/fs/cgroup/g1/tasks
 The sandbox is placed in g1 control group.
 .SH User Environment
+.TP
+\fBname sandboxname
+Set sandbox name. Example:
+.br
+.br
+name browser
 .TP
 \fBenv name=value
author	netblue30 <netblue30@yahoo.com>	2015-12-17 10:31:39 -0500
committer	netblue30 <netblue30@yahoo.com>	2015-12-17 10:31:39 -0500
commit	24d38a4a23dc0beb66fe03dd042aefae47b03d50 (patch)
tree	df42fee1cdb91d70da9b2905898664a5de35cf9f /src
parent	better error reporting for profile files (diff)
download	firejail-24d38a4a23dc0beb66fe03dd042aefae47b03d50.tar.gz firejail-24d38a4a23dc0beb66fe03dd042aefae47b03d50.tar.zst firejail-24d38a4a23dc0beb66fe03dd042aefae47b03d50.zip

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 4a1990382..356807acf 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -276,9 +276,9 @@ int sandbox(void* sandbox_arg) {
276	//****************************	276	//****************************
277	// log sandbox data	277	// log sandbox data
278	//****************************	278	//****************************
279	fs_logger2int("sandbox pid:", (int) sandbox_pid);
280	if (cfg.name)	279	if (cfg.name)
281	fs_logger2("sandbox name:", cfg.name);	280	fs_logger2("sandbox name:", cfg.name);
		281	fs_logger2int("sandbox pid:", (int) sandbox_pid);
282	if (cfg.chrootdir)	282	if (cfg.chrootdir)
283	fs_logger("sandbox filesystem: chroot");	283	fs_logger("sandbox filesystem: chroot");
284	else if (arg_overlay)	284	else if (arg_overlay)


diff --git a/src/lib/common.c b/src/lib/common.c index 7d2ee5362..90cee3e10 100644 --- a/src/lib/common.c +++ b/src/lib/common.c
@@ -31,6 +31,7 @@
31	#include <dirent.h>	31	#include <dirent.h>
32	#include <string.h>	32	#include <string.h>
33	#include "../include/common.h"	33	#include "../include/common.h"
		34	#define BUFLEN 4096
34		35
35	int join_namespace(pid_t pid, char *type) {	36	int join_namespace(pid_t pid, char *type) {
36	char *path;	37	char *path;
@@ -100,6 +101,32 @@ int name2pid(const char name, pid_t pid) {
100	char *start = ptr;	101	char *start = ptr;
101	if (!ptr) {	102	if (!ptr) {
102	free(cmd);	103	free(cmd);
		104
		105	// extract name for /run/mnt/firejail/fslogger file
		106	char *fname;
		107	if (asprintf(&fname, "/proc/%d/root/run/firejail/mnt/fslogger", newpid) == -1)
		108	errExit("asprintf");
		109
		110	struct stat s;
		111	if (stat(fname, &s) == 0) {
		112	FILE *fp = fopen(fname, "r");
		113	if (fp) {
		114	char buf[BUFLEN];
		115	if (fgets(buf, BUFLEN, fp)) {
		116	if (strncmp(buf, "sandbox name: ", 14) == 0) {
		117	char *ptr2 = buf + 14;
		118	if (strncmp(name, ptr2, strlen(name)) == 0) {
		119	fclose(fp);
		120	*pid = newpid;
		121	closedir(dir);
		122	return 0;
		123	}
		124	}
		125	}
		126	fclose(fp);
		127	}
		128	}
		129
103	continue;	130	continue;
104	}	131	}
105	while (ptr != ' ' && ptr != '\t' && *ptr != '\0')	132	while (ptr != ' ' && ptr != '\t' && *ptr != '\0')
@@ -119,7 +146,6 @@ int name2pid(const char name, pid_t pid) {
119	return 1;	146	return 1;
120	}	147	}
121		148
122	#define BUFLEN 4096
123	char *pid_proc_comm(const pid_t pid) {	149	char *pid_proc_comm(const pid_t pid) {
124	// open /proc/pid/cmdline file	150	// open /proc/pid/cmdline file
125	char *fname;	151	char *fname;


diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index e9cb1aa49..59d4a81ae 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -233,6 +233,13 @@ cgroup /sys/fs/cgroup/g1/tasks
233	The sandbox is placed in g1 control group.	233	The sandbox is placed in g1 control group.
234		234
235	.SH User Environment	235	.SH User Environment
		236	.TP
		237	\fBname sandboxname
		238	Set sandbox name. Example:
		239	.br
		240
		241	.br
		242	name browser
236		243
237	.TP	244	.TP
238	\fBenv name=value	245	\fBenv name=value