diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-12-03 09:42:54 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-12-03 09:42:54 -0500 |
| commit | 82c4f4ed6e1ba3c5fe87ca260fa6b545cab8a76b (patch) | |
| tree | 2e1d621febeb282a908bc409f0e7cdcea1f653f9 /src | |
| parent | --tracelog (diff) | |
| download | firejail-82c4f4ed6e1ba3c5fe87ca260fa6b545cab8a76b.tar.gz firejail-82c4f4ed6e1ba3c5fe87ca260fa6b545cab8a76b.tar.zst firejail-82c4f4ed6e1ba3c5fe87ca260fa6b545cab8a76b.zip | |
--tracelog
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/fs_home.c | 2 | ||||
| -rw-r--r-- | src/firejail/usage.c | 2 | ||||
| -rw-r--r-- | src/libtrace/libtrace.c | 12 | ||||
| -rw-r--r-- | src/man/firejail.txt | 3 |
4 files changed, 18 insertions, 1 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index f9e8d62f9..d43302c9b 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
| @@ -237,7 +237,7 @@ void fs_private(void) { | |||
| 237 | if (arg_debug) | 237 | if (arg_debug) |
| 238 | printf("Mounting a new /root directory\n"); | 238 | printf("Mounting a new /root directory\n"); |
| 239 | if (mount("tmpfs", "/root", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=700,gid=0") < 0) | 239 | if (mount("tmpfs", "/root", "tmpfs", MS_NOSUID | MS_NODEV | MS_STRICTATIME | MS_REC, "mode=700,gid=0") < 0) |
| 240 | errExit("mounting home directory"); | 240 | errExit("mounting root directory"); |
| 241 | fs_logger("mount tmpfs on /root"); | 241 | fs_logger("mount tmpfs on /root"); |
| 242 | 242 | ||
| 243 | if (u != 0) { | 243 | if (u != 0) { |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 70b9cf24e..a64bafeb4 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
| @@ -263,6 +263,8 @@ void usage(void) { | |||
| 263 | printf("\t--tmpfs=dirname - mount a tmpfs filesystem on directory dirname.\n\n"); | 263 | printf("\t--tmpfs=dirname - mount a tmpfs filesystem on directory dirname.\n\n"); |
| 264 | printf("\t--top - monitor the most CPU-intensive sandboxes.\n\n"); | 264 | printf("\t--top - monitor the most CPU-intensive sandboxes.\n\n"); |
| 265 | printf("\t--trace - trace open, access and connect system calls.\n\n"); | 265 | printf("\t--trace - trace open, access and connect system calls.\n\n"); |
| 266 | printf("\t--tracelog - add a log message in syslog for every access to blacklisted\n"); | ||
| 267 | printf("\t\tfiles or directories.\n\n"); | ||
| 266 | printf("\t--tree - print a tree of all sandboxed processes.\n\n"); | 268 | printf("\t--tree - print a tree of all sandboxed processes.\n\n"); |
| 267 | printf("\t--version - print program version and exit.\n\n"); | 269 | printf("\t--version - print program version and exit.\n\n"); |
| 268 | printf("\t--whitelist=dirname_or_filename - whitelist directory or file.\n\n"); | 270 | printf("\t--whitelist=dirname_or_filename - whitelist directory or file.\n\n"); |
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c index 3db931de1..3ca3ec698 100644 --- a/src/libtrace/libtrace.c +++ b/src/libtrace/libtrace.c | |||
| @@ -29,6 +29,7 @@ | |||
| 29 | #include <arpa/inet.h> | 29 | #include <arpa/inet.h> |
| 30 | #include <sys/un.h> | 30 | #include <sys/un.h> |
| 31 | #include <sys/stat.h> | 31 | #include <sys/stat.h> |
| 32 | #include <dirent.h> | ||
| 32 | 33 | ||
| 33 | // break recursivity on fopen call | 34 | // break recursivity on fopen call |
| 34 | typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode); | 35 | typedef FILE *(*orig_fopen_t)(const char *pathname, const char *mode); |
| @@ -431,6 +432,17 @@ int stat64(const char *pathname, struct stat64 *buf) { | |||
| 431 | } | 432 | } |
| 432 | #endif /* __GLIBC__ */ | 433 | #endif /* __GLIBC__ */ |
| 433 | 434 | ||
| 435 | // opendir | ||
| 436 | typedef DIR *(*orig_opendir_t)(const char *pathname); | ||
| 437 | static orig_opendir_t orig_opendir = NULL; | ||
| 438 | DIR *opendir(const char *pathname) { | ||
| 439 | if (!orig_opendir) | ||
| 440 | orig_opendir = (orig_opendir_t)dlsym(RTLD_NEXT, "opendir"); | ||
| 441 | |||
| 442 | DIR *rv = orig_opendir(pathname); | ||
| 443 | printf("%u:%s:opendir %s:%p\n", pid(), name(), pathname, rv); | ||
| 444 | return rv; | ||
| 445 | } | ||
| 434 | 446 | ||
| 435 | // access | 447 | // access |
| 436 | typedef int (*orig_access_t)(const char *pathname, int mode); | 448 | typedef int (*orig_access_t)(const char *pathname, int mode); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index fc52d4b79..28f75d023 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -1296,6 +1296,9 @@ Child process initialized | |||
| 1296 | .br | 1296 | .br |
| 1297 | parent is shutting down, bye... | 1297 | parent is shutting down, bye... |
| 1298 | .TP | 1298 | .TP |
| 1299 | \fB\-\-tracelog | ||
| 1300 | Add a log message in syslog for every access to blacklisted files or directories. | ||
| 1301 | .TP | ||
| 1299 | \fB\-\-tree | 1302 | \fB\-\-tree |
| 1300 | Print a tree of all sandboxed processes, see MONITORING section for more details. | 1303 | Print a tree of all sandboxed processes, see MONITORING section for more details. |
| 1301 | .br | 1304 | .br |