3 files changed, 154 insertions, 2 deletions
diff --git a/src/faudit/faudit.h b/src/faudit/faudit.h
new file mode 100644
index 000000000..9c001c285
--- /dev/null
+++ b/src/faudit/faudit.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2014-2016 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#ifndef FAUDIT_H
+#define FAUDIT_H
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mount.h>
+#include <assert.h>
+#define errExit(msg)    do { char msgout[500]; sprintf(msgout, "Error %s:%s(%d)", msg, __FUNCTION__, __LINE__); perror(msgout); exit(1);} while (0)
+// pid.c
+void pid(void);
+#endif
+\ No newline at end of file
diff --git a/src/faudit/main.c b/src/faudit/main.c
index e4536d20b..d90eb1c0b 100644
--- a/src/faudit/main.c
+++ b/src/faudit/main.c
@@ -1,5 +1,31 @@
-#include <stdio.h>
+/*
+ * Copyright (C) 2014-2016 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "faudit.h"
 int main(int argc, char **argv) {
-        printf("faudit running\n");
+        printf("FAUDIT: Firejail audit started\n");
+        // check pid namespace
+        pid();
+        printf("FAUDIT: Firejail audit ended\n");
+        return 0;
+        
 }
diff --git a/src/faudit/pid.c b/src/faudit/pid.c
new file mode 100644
index 000000000..861324255
--- /dev/null
+++ b/src/faudit/pid.c
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2014-2016 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+#include "faudit.h"
+void pid(void) {
+        char *kern_proc[] = {
+                "kthreadd",
+                "ksoftirqd",
+                "kworker",
+                "rcu_sched",
+                "rcu_bh",
+                NULL    // NULL terminated list
+        };
+        int i;
+        // look at the first 10 processes
+        for (i = 1; i <= 10; i++) { 
+                struct stat s;
+                char *fname;
+                if (asprintf(&fname, "/proc/%d/comm", i) == -1)
+                        errExit("asprintf");
+                if (stat(fname, &s) == -1) {
+                        free(fname);
+                        continue;
+                }
+                
+                // open file
+                /* coverity[toctou] */
+                FILE *fp = fopen(fname, "r");
+                if (!fp) {
+                        fprintf(stderr, "Warning: cannot open %s\n", fname);
+                        free(fname);
+                        continue;
+                }
+                
+                // read file
+                char buf[100];
+                if (fgets(buf, 10, fp) == NULL) {
+                        fprintf(stderr, "Warning: cannot read %s\n", fname);
+                        fclose(fp);
+                        free(fname);
+                        continue;
+                }
+                // clean /n
+                char *ptr;
+                if ((ptr = strchr(buf, '\n')) != NULL)
+                        *ptr = '\0';
+                
+                // check process name against the kernel list
+                int j = 0;
+                while (kern_proc[j] != NULL) {
+                        if (strncmp(buf, kern_proc[j], strlen(kern_proc[j])) == 0) {
+                                fclose(fp);
+                                free(fname);
+                                printf("FAUDIT: Process PID %d, not running in a PID namespace\n", getpid());
+                                return;
+                        }
+                        j++;
+                }
+                
+                fclose(fp);
+                free(fname);
+        }
+        printf("FAUDIT: Process PID %d, running in a PID namespace\n", getpid());
+        
+        // try to guess the type of container/sandbox
+        char *str = getenv("container");
+        if (str)
+                printf("FAUDIT: Container/sandbox: %s\n", str);
+}

diff --git a/src/faudit/faudit.h b/src/faudit/faudit.h new file mode 100644 index 000000000..9c001c285 --- /dev/null +++ b/src/faudit/faudit.h
@@ -0,0 +1,37 @@
		1	/*
		2	* Copyright (C) 2014-2016 Firejail Authors
		3	*
		4	* This file is part of firejail project
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License as published by
		8	* the Free Software Foundation; either version 2 of the License, or
		9	* (at your option) any later version.
		10	*
		11	* This program is distributed in the hope that it will be useful,
		12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	* GNU General Public License for more details.
		15	*
		16	* You should have received a copy of the GNU General Public License along
		17	* with this program; if not, write to the Free Software Foundation, Inc.,
		18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
		19	*/
		20
		21	#ifndef FAUDIT_H
		22	#define FAUDIT_H
		23	#include <stdio.h>
		24	#include <stdlib.h>
		25	#include <string.h>
		26	#include <unistd.h>
		27	#include <sys/types.h>
		28	#include <sys/stat.h>
		29	#include <sys/mount.h>
		30	#include <assert.h>
		31
		32	#define errExit(msg) do { char msgout[500]; sprintf(msgout, "Error %s:%s(%d)", msg, __FUNCTION__, __LINE__); perror(msgout); exit(1);} while (0)
		33
		34	// pid.c
		35	void pid(void);
		36
		37	#endif \ No newline at end of file


diff --git a/src/faudit/main.c b/src/faudit/main.c index e4536d20b..d90eb1c0b 100644 --- a/src/faudit/main.c +++ b/src/faudit/main.c
@@ -1,5 +1,31 @@
1	#include <stdio.h>	1	/*
		2	* Copyright (C) 2014-2016 Firejail Authors
		3	*
		4	* This file is part of firejail project
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License as published by
		8	* the Free Software Foundation; either version 2 of the License, or
		9	* (at your option) any later version.
		10	*
		11	* This program is distributed in the hope that it will be useful,
		12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	* GNU General Public License for more details.
		15	*
		16	* You should have received a copy of the GNU General Public License along
		17	* with this program; if not, write to the Free Software Foundation, Inc.,
		18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
		19	*/
		20	#include "faudit.h"
2		21
3	int main(int argc, char **argv) {	22	int main(int argc, char **argv) {
4	printf("faudit running\n");	23	printf("FAUDIT: Firejail audit started\n");
		24
		25	// check pid namespace
		26	pid();
		27
		28	printf("FAUDIT: Firejail audit ended\n");
		29	return 0;
		30
5	}	31	}


diff --git a/src/faudit/pid.c b/src/faudit/pid.c new file mode 100644 index 000000000..861324255 --- /dev/null +++ b/src/faudit/pid.c
@@ -0,0 +1,89 @@
		1	/*
		2	* Copyright (C) 2014-2016 Firejail Authors
		3	*
		4	* This file is part of firejail project
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License as published by
		8	* the Free Software Foundation; either version 2 of the License, or
		9	* (at your option) any later version.
		10	*
		11	* This program is distributed in the hope that it will be useful,
		12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	* GNU General Public License for more details.
		15	*
		16	* You should have received a copy of the GNU General Public License along
		17	* with this program; if not, write to the Free Software Foundation, Inc.,
		18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
		19	*/
		20	#include "faudit.h"
		21
		22	void pid(void) {
		23	char *kern_proc[] = {
		24	"kthreadd",
		25	"ksoftirqd",
		26	"kworker",
		27	"rcu_sched",
		28	"rcu_bh",
		29	NULL // NULL terminated list
		30	};
		31	int i;
		32
		33	// look at the first 10 processes
		34	for (i = 1; i <= 10; i++) {
		35	struct stat s;
		36	char *fname;
		37	if (asprintf(&fname, "/proc/%d/comm", i) == -1)
		38	errExit("asprintf");
		39	if (stat(fname, &s) == -1) {
		40	free(fname);
		41	continue;
		42	}
		43
		44	// open file
		45	/* coverity[toctou] */
		46	FILE *fp = fopen(fname, "r");
		47	if (!fp) {
		48	fprintf(stderr, "Warning: cannot open %s\n", fname);
		49	free(fname);
		50	continue;
		51	}
		52
		53	// read file
		54	char buf[100];
		55	if (fgets(buf, 10, fp) == NULL) {
		56	fprintf(stderr, "Warning: cannot read %s\n", fname);
		57	fclose(fp);
		58	free(fname);
		59	continue;
		60	}
		61	// clean /n
		62	char *ptr;
		63	if ((ptr = strchr(buf, '\n')) != NULL)
		64	*ptr = '\0';
		65
		66	// check process name against the kernel list
		67	int j = 0;
		68	while (kern_proc[j] != NULL) {
		69	if (strncmp(buf, kern_proc[j], strlen(kern_proc[j])) == 0) {
		70	fclose(fp);
		71	free(fname);
		72	printf("FAUDIT: Process PID %d, not running in a PID namespace\n", getpid());
		73	return;
		74	}
		75	j++;
		76	}
		77
		78	fclose(fp);
		79	free(fname);
		80	}
		81
		82
		83	printf("FAUDIT: Process PID %d, running in a PID namespace\n", getpid());
		84
		85	// try to guess the type of container/sandbox
		86	char *str = getenv("container");
		87	if (str)
		88	printf("FAUDIT: Container/sandbox: %s\n", str);
		89	}