diff options
Diffstat (limited to 'src/firejail/cpu.c')
-rw-r--r-- | src/firejail/cpu.c | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/src/firejail/cpu.c b/src/firejail/cpu.c index 23906ae48..1802ad5e1 100644 --- a/src/firejail/cpu.c +++ b/src/firejail/cpu.c | |||
@@ -139,3 +139,81 @@ void set_cpu_affinity(void) { | |||
139 | printf("CPU affinity not set\n"); | 139 | printf("CPU affinity not set\n"); |
140 | } | 140 | } |
141 | } | 141 | } |
142 | |||
143 | static void print_cpu(int pid) { | ||
144 | char *file; | ||
145 | if (asprintf(&file, "/proc/%d/status", pid) == -1) { | ||
146 | errExit("asprintf"); | ||
147 | exit(1); | ||
148 | } | ||
149 | |||
150 | EUID_ROOT(); // grsecurity | ||
151 | FILE *fp = fopen(file, "r"); | ||
152 | EUID_USER(); // grsecurity | ||
153 | if (!fp) { | ||
154 | printf(" Error: cannot open %s\n", file); | ||
155 | free(file); | ||
156 | return; | ||
157 | } | ||
158 | |||
159 | #define MAXBUF 4096 | ||
160 | char buf[MAXBUF]; | ||
161 | while (fgets(buf, MAXBUF, fp)) { | ||
162 | if (strncmp(buf, "Cpus_allowed_list:", 18) == 0) { | ||
163 | printf(" %s", buf); | ||
164 | fflush(0); | ||
165 | free(file); | ||
166 | fclose(fp); | ||
167 | return; | ||
168 | } | ||
169 | } | ||
170 | fclose(fp); | ||
171 | free(file); | ||
172 | } | ||
173 | |||
174 | void cpu_print_filter_name(const char *name) { | ||
175 | EUID_ASSERT(); | ||
176 | if (!name || strlen(name) == 0) { | ||
177 | fprintf(stderr, "Error: invalid sandbox name\n"); | ||
178 | exit(1); | ||
179 | } | ||
180 | pid_t pid; | ||
181 | if (name2pid(name, &pid)) { | ||
182 | fprintf(stderr, "Error: cannot find sandbox %s\n", name); | ||
183 | exit(1); | ||
184 | } | ||
185 | |||
186 | cpu_print_filter(pid); | ||
187 | } | ||
188 | |||
189 | void cpu_print_filter(pid_t pid) { | ||
190 | EUID_ASSERT(); | ||
191 | |||
192 | // if the pid is that of a firejail process, use the pid of the first child process | ||
193 | EUID_ROOT(); // grsecurity | ||
194 | char *comm = pid_proc_comm(pid); | ||
195 | EUID_USER(); // grsecurity | ||
196 | if (comm) { | ||
197 | if (strcmp(comm, "firejail") == 0) { | ||
198 | pid_t child; | ||
199 | if (find_child(pid, &child) == 0) { | ||
200 | pid = child; | ||
201 | } | ||
202 | } | ||
203 | free(comm); | ||
204 | } | ||
205 | |||
206 | // check privileges for non-root users | ||
207 | uid_t uid = getuid(); | ||
208 | if (uid != 0) { | ||
209 | uid_t sandbox_uid = pid_get_uid(pid); | ||
210 | if (uid != sandbox_uid) { | ||
211 | fprintf(stderr, "Error: permission denied.\n"); | ||
212 | exit(1); | ||
213 | } | ||
214 | } | ||
215 | |||
216 | print_cpu(pid); | ||
217 | exit(0); | ||
218 | } | ||
219 | |||