diff options
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/libtrace/libtrace.c | 32 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
3 files changed, 20 insertions, 15 deletions
@@ -3,6 +3,7 @@ firejail (0.9.39) baseline; urgency=low | |||
3 | * default seccomp filter update | 3 | * default seccomp filter update |
4 | * disable STUN/WebRTC in default netfilter configuration | 4 | * disable STUN/WebRTC in default netfilter configuration |
5 | * added --nice optoin | 5 | * added --nice optoin |
6 | * new profiles: lxterminal | ||
6 | * bugfixes | 7 | * bugfixes |
7 | -- netblue30 <netblue30@yahoo.com> Tue, 8 Feb 2016 10:00:00 -0500 | 8 | -- netblue30 <netblue30@yahoo.com> Tue, 8 Feb 2016 10:00:00 -0500 |
8 | 9 | ||
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c index edd409af5..a3d1571f7 100644 --- a/src/libtrace/libtrace.c +++ b/src/libtrace/libtrace.c | |||
@@ -229,26 +229,26 @@ static char *translate(XTable *table, int val) { | |||
229 | return NULL; | 229 | return NULL; |
230 | } | 230 | } |
231 | 231 | ||
232 | static void print_sockaddr(const char *call, const struct sockaddr *addr, int rv) { | 232 | static void print_sockaddr(int sockfd, const char *call, const struct sockaddr *addr, int rv) { |
233 | if (addr->sa_family == AF_INET) { | 233 | if (addr->sa_family == AF_INET) { |
234 | struct sockaddr_in *a = (struct sockaddr_in *) addr; | 234 | struct sockaddr_in *a = (struct sockaddr_in *) addr; |
235 | printf("%u:%s:%s %s port %u:%d\n", pid(), name(), call, inet_ntoa(a->sin_addr), ntohs(a->sin_port), rv); | 235 | printf("%u:%s:%s %d %s port %u:%d\n", pid(), name(), call, sockfd, inet_ntoa(a->sin_addr), ntohs(a->sin_port), rv); |
236 | } | 236 | } |
237 | else if (addr->sa_family == AF_INET6) { | 237 | else if (addr->sa_family == AF_INET6) { |
238 | struct sockaddr_in6 *a = (struct sockaddr_in6 *) addr; | 238 | struct sockaddr_in6 *a = (struct sockaddr_in6 *) addr; |
239 | char str[INET6_ADDRSTRLEN]; | 239 | char str[INET6_ADDRSTRLEN]; |
240 | inet_ntop(AF_INET6, &(a->sin6_addr), str, INET6_ADDRSTRLEN); | 240 | inet_ntop(AF_INET6, &(a->sin6_addr), str, INET6_ADDRSTRLEN); |
241 | printf("%u:%s:%s %s:%d\n", pid(), name(), call, str, rv); | 241 | printf("%u:%s:%s %d %s:%d\n", pid(), name(), call, sockfd, str, rv); |
242 | } | 242 | } |
243 | else if (addr->sa_family == AF_UNIX) { | 243 | else if (addr->sa_family == AF_UNIX) { |
244 | struct sockaddr_un *a = (struct sockaddr_un *) addr; | 244 | struct sockaddr_un *a = (struct sockaddr_un *) addr; |
245 | if (a->sun_path[0]) | 245 | if (a->sun_path[0]) |
246 | printf("%u:%s:%s %s:%d\n", pid(), name(), call, a->sun_path, rv); | 246 | printf("%u:%s:%s %d %s:%d\n", pid(), name(), call, sockfd, a->sun_path, rv); |
247 | else | 247 | else |
248 | printf("%u:%s:%s @%s:%d\n", pid(), name(), call, a->sun_path + 1, rv); | 248 | printf("%u:%s:%s %d @%s:%d\n", pid(), name(), call, sockfd, a->sun_path + 1, rv); |
249 | } | 249 | } |
250 | else { | 250 | else { |
251 | printf("%u:%s:%s family %d:%d\n", pid(), name(), call, addr->sa_family, rv); | 251 | printf("%u:%s:%s %d family %d:%d\n", pid(), name(), call, sockfd, addr->sa_family, rv); |
252 | } | 252 | } |
253 | } | 253 | } |
254 | 254 | ||
@@ -465,7 +465,7 @@ int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { | |||
465 | orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect"); | 465 | orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect"); |
466 | 466 | ||
467 | int rv = orig_connect(sockfd, addr, addrlen); | 467 | int rv = orig_connect(sockfd, addr, addrlen); |
468 | print_sockaddr("connect", addr, rv); | 468 | print_sockaddr(sockfd, "connect", addr, rv); |
469 | 469 | ||
470 | return rv; | 470 | return rv; |
471 | } | 471 | } |
@@ -500,11 +500,15 @@ int socket(int domain, int type, int protocol) { | |||
500 | else | 500 | else |
501 | ptr += sprintf(ptr, "%s ", str); | 501 | ptr += sprintf(ptr, "%s ", str); |
502 | 502 | ||
503 | str = translate(socket_protocol, protocol); | 503 | if (domain == AF_LOCAL) |
504 | if (str == NULL) | 504 | sprintf(ptr, "0"); |
505 | sprintf(ptr, "%d", protocol); | 505 | else { |
506 | else | 506 | str = translate(socket_protocol, protocol); |
507 | sprintf(ptr, "%s", str); | 507 | if (str == NULL) |
508 | sprintf(ptr, "%d", protocol); | ||
509 | else | ||
510 | sprintf(ptr, "%s", str); | ||
511 | } | ||
508 | 512 | ||
509 | printf("%s:%d\n", buf, rv); | 513 | printf("%s:%d\n", buf, rv); |
510 | return rv; | 514 | return rv; |
@@ -518,7 +522,7 @@ int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { | |||
518 | orig_bind = (orig_bind_t)dlsym(RTLD_NEXT, "bind"); | 522 | orig_bind = (orig_bind_t)dlsym(RTLD_NEXT, "bind"); |
519 | 523 | ||
520 | int rv = orig_bind(sockfd, addr, addrlen); | 524 | int rv = orig_bind(sockfd, addr, addrlen); |
521 | print_sockaddr("bind", addr, rv); | 525 | print_sockaddr(sockfd, "bind", addr, rv); |
522 | 526 | ||
523 | return rv; | 527 | return rv; |
524 | } | 528 | } |
@@ -531,7 +535,7 @@ int accept(int sockfd, struct sockaddr *addr, socklen_t addrlen) { | |||
531 | orig_accept = (orig_accept_t)dlsym(RTLD_NEXT, "accept"); | 535 | orig_accept = (orig_accept_t)dlsym(RTLD_NEXT, "accept"); |
532 | 536 | ||
533 | int rv = orig_accept(sockfd, addr, addrlen); | 537 | int rv = orig_accept(sockfd, addr, addrlen); |
534 | print_sockaddr("accept", addr, rv); | 538 | print_sockaddr(sockfd, "accept", addr, rv); |
535 | 539 | ||
536 | return rv; | 540 | return rv; |
537 | } | 541 | } |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 00f4cb367..d5c3bfe41 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1053,7 +1053,7 @@ $ firejail \-\-profile-path=/home/netblue/myprofiles | |||
1053 | .TP | 1053 | .TP |
1054 | \fB\-\-protocol=protocol,protocol,protocol | 1054 | \fB\-\-protocol=protocol,protocol,protocol |
1055 | Enable protocol filter. The filter is based on seccomp and checks the first argument to socket system call. | 1055 | Enable protocol filter. The filter is based on seccomp and checks the first argument to socket system call. |
1056 | Recognized values: unix, inet, inet6, netlink and packet. | 1056 | Recognized values: unix, inet, inet6, netlink and packet. This option is not supported for i386 architecture. |
1057 | .br | 1057 | .br |
1058 | 1058 | ||
1059 | .br | 1059 | .br |