aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README.md5
-rw-r--r--etc/firejail.config4
-rw-r--r--src/profstats/main.c8
3 files changed, 13 insertions, 4 deletions
diff --git a/README.md b/README.md
index a6c69c336..22fd03b9f 100644
--- a/README.md
+++ b/README.md
@@ -205,6 +205,7 @@ Stats:
205 private-bin 689 205 private-bin 689
206 private-dev 1041 206 private-dev 1041
207 private-etc 539 207 private-etc 539
208 private-lib 70
208 private-tmp 915 209 private-tmp 915
209 whitelist home directory 573 210 whitelist home directory 573
210 whitelist var 855 (include whitelist-var-common.inc) 211 whitelist var 855 (include whitelist-var-common.inc)
@@ -213,8 +214,8 @@ Stats:
213 whitelist usr/share 628 (include whitelist-usr-share-common.inc 214 whitelist usr/share 628 (include whitelist-usr-share-common.inc
214 net none 403 215 net none 403
215 dbus-user none 673 216 dbus-user none 673
216 dbus-user filter 122 217 dbus-user filter 123
217 dbus-system none 832 218 dbus-system none 833
218 dbus-system filter 12 219 dbus-system filter 12
219``` 220```
220 221
diff --git a/etc/firejail.config b/etc/firejail.config
index 7f40eb5ed..9d37b4d8a 100644
--- a/etc/firejail.config
+++ b/etc/firejail.config
@@ -93,8 +93,8 @@
93# Enable or disable private-home feature, default enabled 93# Enable or disable private-home feature, default enabled
94# private-home yes 94# private-home yes
95 95
96# Enable or disable private-lib feature, default enabled 96# Enable or disable private-lib feature, default disabled
97# private-lib yes 97# private-lib no
98 98
99# Enable or disable private-opt feature, default enabled. 99# Enable or disable private-opt feature, default enabled.
100# private-opt yes 100# private-opt yes
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 595a94c11..9deb72f7e 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -38,6 +38,7 @@ static int cnt_privatebin = 0;
38static int cnt_privatedev = 0; 38static int cnt_privatedev = 0;
39static int cnt_privatetmp = 0; 39static int cnt_privatetmp = 0;
40static int cnt_privateetc = 0; 40static int cnt_privateetc = 0;
41static int cnt_privatelib = 0;
41static int cnt_whitelistvar = 0; // include whitelist-var-common.inc 42static int cnt_whitelistvar = 0; // include whitelist-var-common.inc
42static int cnt_whitelistrunuser = 0; // include whitelist-runuser-common.inc 43static int cnt_whitelistrunuser = 0; // include whitelist-runuser-common.inc
43static int cnt_whitelistusrshare = 0; // include whitelist-usr-share-common.inc 44static int cnt_whitelistusrshare = 0; // include whitelist-usr-share-common.inc
@@ -56,6 +57,7 @@ static int arg_privatebin = 0;
56static int arg_privatedev = 0; 57static int arg_privatedev = 0;
57static int arg_privatetmp = 0; 58static int arg_privatetmp = 0;
58static int arg_privateetc = 0; 59static int arg_privateetc = 0;
60static int arg_privatelib = 0;
59static int arg_whitelistvar = 0; 61static int arg_whitelistvar = 0;
60static int arg_whitelistrunuser = 0; 62static int arg_whitelistrunuser = 0;
61static int arg_whitelistusrshare = 0; 63static int arg_whitelistusrshare = 0;
@@ -181,6 +183,8 @@ static void process_file(char *fname) {
181 cnt_privatetmp++; 183 cnt_privatetmp++;
182 else if (strncmp(ptr, "private-etc", 11) == 0) 184 else if (strncmp(ptr, "private-etc", 11) == 0)
183 cnt_privateetc++; 185 cnt_privateetc++;
186 else if (strncmp(ptr, "private-lib", 11) == 0)
187 cnt_privatelib++;
184 else if (strncmp(ptr, "dbus-system none", 16) == 0) 188 else if (strncmp(ptr, "dbus-system none", 16) == 0)
185 cnt_dbus_system_none++; 189 cnt_dbus_system_none++;
186 else if (strncmp(ptr, "dbus-system", 11) == 0) 190 else if (strncmp(ptr, "dbus-system", 11) == 0)
@@ -297,6 +301,7 @@ int main(int argc, char **argv) {
297 int privatetmp = cnt_privatetmp; 301 int privatetmp = cnt_privatetmp;
298 int privatedev = cnt_privatedev; 302 int privatedev = cnt_privatedev;
299 int privateetc = cnt_privateetc; 303 int privateetc = cnt_privateetc;
304 int privatelib = cnt_privatelib;
300 int dotlocal = cnt_dotlocal; 305 int dotlocal = cnt_dotlocal;
301 int globalsdotlocal = cnt_globalsdotlocal; 306 int globalsdotlocal = cnt_globalsdotlocal;
302 int whitelisthome = cnt_whitelisthome; 307 int whitelisthome = cnt_whitelisthome;
@@ -360,6 +365,8 @@ int main(int argc, char **argv) {
360 printf("No private-tmp found in %s\n", argv[i]); 365 printf("No private-tmp found in %s\n", argv[i]);
361 if (arg_privateetc && privateetc == cnt_privateetc) 366 if (arg_privateetc && privateetc == cnt_privateetc)
362 printf("No private-etc found in %s\n", argv[i]); 367 printf("No private-etc found in %s\n", argv[i]);
368 if (arg_privatelib && privatelib == cnt_privatelib)
369 printf("No private-lib found in %s\n", argv[i]);
363 if (arg_whitelisthome && whitelisthome == cnt_whitelisthome) 370 if (arg_whitelisthome && whitelisthome == cnt_whitelisthome)
364 printf("Home directory not whitelisted in %s\n", argv[i]); 371 printf("Home directory not whitelisted in %s\n", argv[i]);
365 if (arg_whitelistvar && whitelistvar == cnt_whitelistvar) 372 if (arg_whitelistvar && whitelistvar == cnt_whitelistvar)
@@ -394,6 +401,7 @@ int main(int argc, char **argv) {
394 printf(" private-bin\t\t\t%d\n", cnt_privatebin); 401 printf(" private-bin\t\t\t%d\n", cnt_privatebin);
395 printf(" private-dev\t\t\t%d\n", cnt_privatedev); 402 printf(" private-dev\t\t\t%d\n", cnt_privatedev);
396 printf(" private-etc\t\t\t%d\n", cnt_privateetc); 403 printf(" private-etc\t\t\t%d\n", cnt_privateetc);
404 printf(" private-lib\t\t\t%d\n", cnt_privatelib);
397 printf(" private-tmp\t\t\t%d\n", cnt_privatetmp); 405 printf(" private-tmp\t\t\t%d\n", cnt_privatetmp);
398 printf(" whitelist home directory\t%d\n", cnt_whitelisthome); 406 printf(" whitelist home directory\t%d\n", cnt_whitelisthome);
399 printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar); 407 printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar);
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-17 07:40:12 +0000