traclog added to various profiles

author: netblue30 <netblue30@yahoo.com> 2015-12-06 13:11:00 -0500
committer: netblue30 <netblue30@yahoo.com> 2015-12-06 13:11:00 -0500
commit: 873b9d161f4d87a87af78d5074016a5749588513 (patch)
tree: a7c4d7f8d68fa7175facc2b64975ddbd9ae305e5 /src
parent: Merge pull request #186 from avoidr/parole.profile (diff)
download: firejail-873b9d161f4d87a87af78d5074016a5749588513.tar.gz
firejail-873b9d161f4d87a87af78d5074016a5749588513.tar.zst
firejail-873b9d161f4d87a87af78d5074016a5749588513.zip
3 files changed, 11 insertions, 2 deletions
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c
index f555a6693..55a1b9c7a 100644
--- a/src/firejail/fs_trace.c
+++ b/src/firejail/fs_trace.c
@@ -59,8 +59,11 @@ void fs_trace(void) {
                errExit("fopen");
        if (arg_trace)
                fprintf(fp, "%s/firejail/libtrace.so\n", LIBDIR);
-        else if (arg_tracelog)
+        else if (arg_tracelog) {
                fprintf(fp, "%s/firejail/libtracelog.so\n", LIBDIR);
+                if (!arg_quiet)
+                        printf("Blacklist violations are logged to syslog\n");
+        }       
        else
                assert(0);
                
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 50fdeda7e..366a56e13 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -120,6 +120,10 @@ int profile_check_line(char *ptr, int lineno) {
                arg_shell_none = 1;
                return 0;
        }       
+        else if (strcmp(ptr, "tracelog") == 0) {
+                arg_tracelog = 1;
+                return 0;
+        }
        else if (strcmp(ptr, "private") == 0) {
                arg_private = 1;
                return 0;
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 90aca5130..600b82d3d 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -158,7 +158,9 @@ All modifications are discarded when the sandbox is closed.
 Build a new user home in a temporary filesystem, and mount-bind file_or_directory.
 The modifications to file_or_directory are persistent, everything else is discarded
 when the sandbox is closed.
+.TP
+\f\ tracelog
+Blacklist violations logged to syslog.
 .SH Filters
 \fBcaps\fR and \fBseccomp\fR enable Linux capabilities and seccomp filters. Examples:
author	netblue30 <netblue30@yahoo.com>	2015-12-06 13:11:00 -0500
committer	netblue30 <netblue30@yahoo.com>	2015-12-06 13:11:00 -0500
commit	873b9d161f4d87a87af78d5074016a5749588513 (patch)
tree	a7c4d7f8d68fa7175facc2b64975ddbd9ae305e5 /src
parent	Merge pull request #186 from avoidr/parole.profile (diff)
download	firejail-873b9d161f4d87a87af78d5074016a5749588513.tar.gz firejail-873b9d161f4d87a87af78d5074016a5749588513.tar.zst firejail-873b9d161f4d87a87af78d5074016a5749588513.zip

diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index f555a6693..55a1b9c7a 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c
@@ -59,8 +59,11 @@ void fs_trace(void) {
59	errExit("fopen");	59	errExit("fopen");
60	if (arg_trace)	60	if (arg_trace)
61	fprintf(fp, "%s/firejail/libtrace.so\n", LIBDIR);	61	fprintf(fp, "%s/firejail/libtrace.so\n", LIBDIR);
62	else if (arg_tracelog)	62	else if (arg_tracelog) {
63	fprintf(fp, "%s/firejail/libtracelog.so\n", LIBDIR);	63	fprintf(fp, "%s/firejail/libtracelog.so\n", LIBDIR);
		64	if (!arg_quiet)
		65	printf("Blacklist violations are logged to syslog\n");
		66	}
64	else	67	else
65	assert(0);	68	assert(0);
66		69


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 50fdeda7e..366a56e13 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -120,6 +120,10 @@ int profile_check_line(char *ptr, int lineno) {
120	arg_shell_none = 1;	120	arg_shell_none = 1;
121	return 0;	121	return 0;
122	}	122	}
		123	else if (strcmp(ptr, "tracelog") == 0) {
		124	arg_tracelog = 1;
		125	return 0;
		126	}
123	else if (strcmp(ptr, "private") == 0) {	127	else if (strcmp(ptr, "private") == 0) {
124	arg_private = 1;	128	arg_private = 1;
125	return 0;	129	return 0;


diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 90aca5130..600b82d3d 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -158,7 +158,9 @@ All modifications are discarded when the sandbox is closed.
158	Build a new user home in a temporary filesystem, and mount-bind file_or_directory.	158	Build a new user home in a temporary filesystem, and mount-bind file_or_directory.
159	The modifications to file_or_directory are persistent, everything else is discarded	159	The modifications to file_or_directory are persistent, everything else is discarded
160	when the sandbox is closed.	160	when the sandbox is closed.
161		161	.TP
		162	\f\ tracelog
		163	Blacklist violations logged to syslog.
162	.SH Filters	164	.SH Filters
163	\fBcaps\fR and \fBseccomp\fR enable Linux capabilities and seccomp filters. Examples:	165	\fBcaps\fR and \fBseccomp\fR enable Linux capabilities and seccomp filters. Examples:
164		166