2 files changed, 24 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in
index 1044f1ade..abc86c2c3 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -138,6 +138,8 @@ endif
        install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config
        install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config etc/ids.config
        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
+        # program used track profile statistics during development - no manpage, this is not a user program
+        install -m 755 -t $(DESTDIR)$(sysconfdir)/firejail src/profstats/profstats
 ifeq ($(BUSYBOX_WORKAROUND),yes)
        ./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc
 endif
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 10e44bd65..72c0710fe 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -67,11 +67,11 @@ static int arg_dbus_system_none = 0;
 static int arg_dbus_user_none = 0;
 static int arg_whitelisthome = 0;
 static int arg_noroot = 0;
+static int arg_print_blacklist = 0;
+static int arg_print_whitelist = 0;
 static char *profile = NULL;
 static void usage(void) {
        printf("proftool - print profile statistics\n");
        printf("Usage: proftool [options] file[s]\n");
@@ -87,6 +87,8 @@ static void usage(void) {
        printf("   --private-dev - print profiles without private-dev\n");
        printf("   --private-etc - print profiles without private-etc\n");
        printf("   --private-tmp - print profiles without private-tmp\n");
+        printf("   --print-blacklist - print all blacklists for a profile\n");
+        printf("   --print-whitelist - print all whitelists for a profile\n");
        printf("   --seccomp - print profiles without seccomp\n");
        printf("   --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");
        printf("   --whitelist-home - print profiles whitelisting home directory\n");
@@ -125,6 +127,17 @@ void process_file(const char *fname) {
                if (*ptr == '\n' || *ptr == '#')
                        continue;
+                if (arg_print_blacklist) {
+                        if (strncmp(ptr, "blacklist", 9) == 0 ||
+                            strncmp(ptr, "noblacklist", 11) == 0)
+                                printf("%s: %s\n", fname, ptr);
+                }
+                else if (arg_print_whitelist) {
+                        if (strncmp(ptr, "whitelist", 9) == 0 ||
+                            strncmp(ptr, "nowhitelist", 11) == 0)
+                                printf("%s: %s\n", fname, ptr);
+                }
                if (strncmp(ptr, "seccomp", 7) == 0)
                        cnt_seccomp++;
                else if (strncmp(ptr, "caps", 4) == 0)
@@ -227,6 +240,10 @@ int main(int argc, char **argv) {
                        arg_privatetmp = 1;
                else if (strcmp(argv[i], "--private-etc") == 0)
                        arg_privateetc = 1;
+                else if (strcmp(argv[i], "--print-blacklist") == 0)
+                        arg_print_blacklist = 1;
+                else if (strcmp(argv[i], "--print-whitelist") == 0)
+                        arg_print_whitelist = 1;
                else if (strcmp(argv[i], "--whitelist-home") == 0)
                        arg_whitelisthome = 1;
                else if (strcmp(argv[i], "--whitelist-var") == 0)
@@ -347,6 +364,9 @@ int main(int argc, char **argv) {
                assert(level == 0);
        }
+        if (arg_print_blacklist || arg_print_whitelist)
+                return 0;
        printf("\n");
        printf("Stats:\n");
        printf("    profiles\t\t\t%d\n", cnt_profiles);

diff --git a/Makefile.in b/Makefile.in index 1044f1ade..abc86c2c3 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -138,6 +138,8 @@ endif
138	install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config	138	install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config
139	install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/.profile etc/profile-m-z/.profile etc/inc/.inc etc/net/.net etc/firejail.config etc/ids.config	139	install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/.profile etc/profile-m-z/.profile etc/inc/.inc etc/net/.net etc/firejail.config etc/ids.config
140	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"	140	sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
		141	# program used track profile statistics during development - no manpage, this is not a user program
		142	install -m 755 -t $(DESTDIR)$(sysconfdir)/firejail src/profstats/profstats
141	ifeq ($(BUSYBOX_WORKAROUND),yes)	143	ifeq ($(BUSYBOX_WORKAROUND),yes)
142	./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc	144	./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc
143	endif	145	endif


diff --git a/src/profstats/main.c b/src/profstats/main.c index 10e44bd65..72c0710fe 100644 --- a/src/profstats/main.c +++ b/src/profstats/main.c
@@ -67,11 +67,11 @@ static int arg_dbus_system_none = 0;
67	static int arg_dbus_user_none = 0;	67	static int arg_dbus_user_none = 0;
68	static int arg_whitelisthome = 0;	68	static int arg_whitelisthome = 0;
69	static int arg_noroot = 0;	69	static int arg_noroot = 0;
70		70	static int arg_print_blacklist = 0;
		71	static int arg_print_whitelist = 0;
71		72
72	static char *profile = NULL;	73	static char *profile = NULL;
73		74
74
75	static void usage(void) {	75	static void usage(void) {
76	printf("proftool - print profile statistics\n");	76	printf("proftool - print profile statistics\n");
77	printf("Usage: proftool [options] file[s]\n");	77	printf("Usage: proftool [options] file[s]\n");
@@ -87,6 +87,8 @@ static void usage(void) {
87	printf(" --private-dev - print profiles without private-dev\n");	87	printf(" --private-dev - print profiles without private-dev\n");
88	printf(" --private-etc - print profiles without private-etc\n");	88	printf(" --private-etc - print profiles without private-etc\n");
89	printf(" --private-tmp - print profiles without private-tmp\n");	89	printf(" --private-tmp - print profiles without private-tmp\n");
		90	printf(" --print-blacklist - print all blacklists for a profile\n");
		91	printf(" --print-whitelist - print all whitelists for a profile\n");
90	printf(" --seccomp - print profiles without seccomp\n");	92	printf(" --seccomp - print profiles without seccomp\n");
91	printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");	93	printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");
92	printf(" --whitelist-home - print profiles whitelisting home directory\n");	94	printf(" --whitelist-home - print profiles whitelisting home directory\n");
@@ -125,6 +127,17 @@ void process_file(const char *fname) {
125	if (ptr == '\n' \|\| ptr == '#')	127	if (ptr == '\n' \|\| ptr == '#')
126	continue;	128	continue;
127		129
		130	if (arg_print_blacklist) {
		131	if (strncmp(ptr, "blacklist", 9) == 0 \|\|
		132	strncmp(ptr, "noblacklist", 11) == 0)
		133	printf("%s: %s\n", fname, ptr);
		134	}
		135	else if (arg_print_whitelist) {
		136	if (strncmp(ptr, "whitelist", 9) == 0 \|\|
		137	strncmp(ptr, "nowhitelist", 11) == 0)
		138	printf("%s: %s\n", fname, ptr);
		139	}
		140
128	if (strncmp(ptr, "seccomp", 7) == 0)	141	if (strncmp(ptr, "seccomp", 7) == 0)
129	cnt_seccomp++;	142	cnt_seccomp++;
130	else if (strncmp(ptr, "caps", 4) == 0)	143	else if (strncmp(ptr, "caps", 4) == 0)
@@ -227,6 +240,10 @@ int main(int argc, char **argv) {
227	arg_privatetmp = 1;	240	arg_privatetmp = 1;
228	else if (strcmp(argv[i], "--private-etc") == 0)	241	else if (strcmp(argv[i], "--private-etc") == 0)
229	arg_privateetc = 1;	242	arg_privateetc = 1;
		243	else if (strcmp(argv[i], "--print-blacklist") == 0)
		244	arg_print_blacklist = 1;
		245	else if (strcmp(argv[i], "--print-whitelist") == 0)
		246	arg_print_whitelist = 1;
230	else if (strcmp(argv[i], "--whitelist-home") == 0)	247	else if (strcmp(argv[i], "--whitelist-home") == 0)
231	arg_whitelisthome = 1;	248	arg_whitelisthome = 1;
232	else if (strcmp(argv[i], "--whitelist-var") == 0)	249	else if (strcmp(argv[i], "--whitelist-var") == 0)
@@ -347,6 +364,9 @@ int main(int argc, char **argv) {
347	assert(level == 0);	364	assert(level == 0);
348	}	365	}
349		366
		367	if (arg_print_blacklist \|\| arg_print_whitelist)
		368	return 0;
		369
350	printf("\n");	370	printf("\n");
351	printf("Stats:\n");	371	printf("Stats:\n");
352	printf(" profiles\t\t\t%d\n", cnt_profiles);	372	printf(" profiles\t\t\t%d\n", cnt_profiles);