diff options
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | src/profstats/main.c | 24 |
2 files changed, 24 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in index 1044f1ade..abc86c2c3 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -138,6 +138,8 @@ endif | |||
138 | install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config | 138 | install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config |
139 | install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config etc/ids.config | 139 | install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config etc/ids.config |
140 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 140 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
141 | # program used track profile statistics during development - no manpage, this is not a user program | ||
142 | install -m 755 -t $(DESTDIR)$(sysconfdir)/firejail src/profstats/profstats | ||
141 | ifeq ($(BUSYBOX_WORKAROUND),yes) | 143 | ifeq ($(BUSYBOX_WORKAROUND),yes) |
142 | ./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc | 144 | ./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc |
143 | endif | 145 | endif |
diff --git a/src/profstats/main.c b/src/profstats/main.c index 10e44bd65..72c0710fe 100644 --- a/src/profstats/main.c +++ b/src/profstats/main.c | |||
@@ -67,11 +67,11 @@ static int arg_dbus_system_none = 0; | |||
67 | static int arg_dbus_user_none = 0; | 67 | static int arg_dbus_user_none = 0; |
68 | static int arg_whitelisthome = 0; | 68 | static int arg_whitelisthome = 0; |
69 | static int arg_noroot = 0; | 69 | static int arg_noroot = 0; |
70 | 70 | static int arg_print_blacklist = 0; | |
71 | static int arg_print_whitelist = 0; | ||
71 | 72 | ||
72 | static char *profile = NULL; | 73 | static char *profile = NULL; |
73 | 74 | ||
74 | |||
75 | static void usage(void) { | 75 | static void usage(void) { |
76 | printf("proftool - print profile statistics\n"); | 76 | printf("proftool - print profile statistics\n"); |
77 | printf("Usage: proftool [options] file[s]\n"); | 77 | printf("Usage: proftool [options] file[s]\n"); |
@@ -87,6 +87,8 @@ static void usage(void) { | |||
87 | printf(" --private-dev - print profiles without private-dev\n"); | 87 | printf(" --private-dev - print profiles without private-dev\n"); |
88 | printf(" --private-etc - print profiles without private-etc\n"); | 88 | printf(" --private-etc - print profiles without private-etc\n"); |
89 | printf(" --private-tmp - print profiles without private-tmp\n"); | 89 | printf(" --private-tmp - print profiles without private-tmp\n"); |
90 | printf(" --print-blacklist - print all blacklists for a profile\n"); | ||
91 | printf(" --print-whitelist - print all whitelists for a profile\n"); | ||
90 | printf(" --seccomp - print profiles without seccomp\n"); | 92 | printf(" --seccomp - print profiles without seccomp\n"); |
91 | printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n"); | 93 | printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n"); |
92 | printf(" --whitelist-home - print profiles whitelisting home directory\n"); | 94 | printf(" --whitelist-home - print profiles whitelisting home directory\n"); |
@@ -125,6 +127,17 @@ void process_file(const char *fname) { | |||
125 | if (*ptr == '\n' || *ptr == '#') | 127 | if (*ptr == '\n' || *ptr == '#') |
126 | continue; | 128 | continue; |
127 | 129 | ||
130 | if (arg_print_blacklist) { | ||
131 | if (strncmp(ptr, "blacklist", 9) == 0 || | ||
132 | strncmp(ptr, "noblacklist", 11) == 0) | ||
133 | printf("%s: %s\n", fname, ptr); | ||
134 | } | ||
135 | else if (arg_print_whitelist) { | ||
136 | if (strncmp(ptr, "whitelist", 9) == 0 || | ||
137 | strncmp(ptr, "nowhitelist", 11) == 0) | ||
138 | printf("%s: %s\n", fname, ptr); | ||
139 | } | ||
140 | |||
128 | if (strncmp(ptr, "seccomp", 7) == 0) | 141 | if (strncmp(ptr, "seccomp", 7) == 0) |
129 | cnt_seccomp++; | 142 | cnt_seccomp++; |
130 | else if (strncmp(ptr, "caps", 4) == 0) | 143 | else if (strncmp(ptr, "caps", 4) == 0) |
@@ -227,6 +240,10 @@ int main(int argc, char **argv) { | |||
227 | arg_privatetmp = 1; | 240 | arg_privatetmp = 1; |
228 | else if (strcmp(argv[i], "--private-etc") == 0) | 241 | else if (strcmp(argv[i], "--private-etc") == 0) |
229 | arg_privateetc = 1; | 242 | arg_privateetc = 1; |
243 | else if (strcmp(argv[i], "--print-blacklist") == 0) | ||
244 | arg_print_blacklist = 1; | ||
245 | else if (strcmp(argv[i], "--print-whitelist") == 0) | ||
246 | arg_print_whitelist = 1; | ||
230 | else if (strcmp(argv[i], "--whitelist-home") == 0) | 247 | else if (strcmp(argv[i], "--whitelist-home") == 0) |
231 | arg_whitelisthome = 1; | 248 | arg_whitelisthome = 1; |
232 | else if (strcmp(argv[i], "--whitelist-var") == 0) | 249 | else if (strcmp(argv[i], "--whitelist-var") == 0) |
@@ -347,6 +364,9 @@ int main(int argc, char **argv) { | |||
347 | assert(level == 0); | 364 | assert(level == 0); |
348 | } | 365 | } |
349 | 366 | ||
367 | if (arg_print_blacklist || arg_print_whitelist) | ||
368 | return 0; | ||
369 | |||
350 | printf("\n"); | 370 | printf("\n"); |
351 | printf("Stats:\n"); | 371 | printf("Stats:\n"); |
352 | printf(" profiles\t\t\t%d\n", cnt_profiles); | 372 | printf(" profiles\t\t\t%d\n", cnt_profiles); |