aboutsummaryrefslogtreecommitdiffstats
path: root/src/firemon
diff options
context:
space:
mode:
Diffstat (limited to 'src/firemon')
-rw-r--r--src/firemon/Makefile.in11
-rw-r--r--src/firemon/arp.c10
-rw-r--r--src/firemon/caps.c8
-rw-r--r--src/firemon/cgroup.c9
-rw-r--r--src/firemon/cpu.c9
-rw-r--r--src/firemon/firemon.c137
-rw-r--r--src/firemon/firemon.h17
-rw-r--r--src/firemon/interface.c17
-rw-r--r--src/firemon/list.c3
-rw-r--r--src/firemon/netstats.c7
-rw-r--r--src/firemon/procevent.c9
-rw-r--r--src/firemon/route.c10
-rw-r--r--src/firemon/seccomp.c8
-rw-r--r--src/firemon/top.c3
-rw-r--r--src/firemon/tree.c5
-rw-r--r--src/firemon/x11.c11
16 files changed, 143 insertions, 131 deletions
diff --git a/src/firemon/Makefile.in b/src/firemon/Makefile.in
index 21888d354..efc48b212 100644
--- a/src/firemon/Makefile.in
+++ b/src/firemon/Makefile.in
@@ -4,21 +4,26 @@ PREFIX=@prefix@
4VERSION=@PACKAGE_VERSION@ 4VERSION=@PACKAGE_VERSION@
5NAME=@PACKAGE_NAME@ 5NAME=@PACKAGE_NAME@
6HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@ 6HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
7HAVE_GCOV=@HAVE_GCOV@
8EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
7 9
8H_FILE_LIST = $(sort $(wildcard *.[h])) 10H_FILE_LIST = $(sort $(wildcard *.[h]))
9C_FILE_LIST = $(sort $(wildcard *.c)) 11C_FILE_LIST = $(sort $(wildcard *.c))
10OBJS = $(C_FILE_LIST:.c=.o) 12OBJS = $(C_FILE_LIST:.c=.o)
11BINOBJS = $(foreach file, $(OBJS), $file) 13BINOBJS = $(foreach file, $(OBJS), $file)
12CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security 14CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
13LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now 15LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now
16HAVE_GCOV=@HAVE_GCOV@
17EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
18
14 19
15%.o : %.c $(H_FILE_LIST) 20%.o : %.c $(H_FILE_LIST)
16 $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ 21 $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@
17 22
18firemon: $(OBJS) ../lib/common.o ../lib/pid.o 23firemon: $(OBJS) ../lib/common.o ../lib/pid.o
19 $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) 24 $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/common.o ../lib/pid.o $(LIBS) $(EXTRA_LDFLAGS)
20 25
21clean:; rm -f *.o firemon 26clean:; rm -f *.o firemon *.gcov *.gcda *.gcno
22 27
23distclean: clean 28distclean: clean
24 rm -fr Makefile 29 rm -fr Makefile
diff --git a/src/firemon/arp.c b/src/firemon/arp.c
index 7cb8ff4c3..014f6a904 100644
--- a/src/firemon/arp.c
+++ b/src/firemon/arp.c
@@ -72,17 +72,15 @@ static void print_arp(const char *fname) {
72 72
73} 73}
74 74
75void arp(pid_t pid) { 75void arp(pid_t pid, int print_procs) {
76 if (getuid() == 0)
77 firemon_drop_privs();
78
79 pid_read(pid); 76 pid_read(pid);
80 77
81 // print processes 78 // print processes
82 int i; 79 int i;
83 for (i = 0; i < max_pids; i++) { 80 for (i = 0; i < max_pids; i++) {
84 if (pids[i].level == 1) { 81 if (pids[i].level == 1) {
85 pid_print_list(i, 0); 82 if (print_procs || pid == 0)
83 pid_print_list(i, 0);
86 int child = find_child(i); 84 int child = find_child(i);
87 if (child != -1) { 85 if (child != -1) {
88 char *fname; 86 char *fname;
@@ -90,10 +88,10 @@ void arp(pid_t pid) {
90 errExit("asprintf"); 88 errExit("asprintf");
91 print_arp(fname); 89 print_arp(fname);
92 free(fname); 90 free(fname);
93 printf("\n");
94 } 91 }
95 } 92 }
96 } 93 }
94 printf("\n");
97} 95}
98 96
99 97
diff --git a/src/firemon/caps.c b/src/firemon/caps.c
index 5cd9b5d0d..81877ab87 100644
--- a/src/firemon/caps.c
+++ b/src/firemon/caps.c
@@ -48,17 +48,15 @@ static void print_caps(int pid) {
48 free(file); 48 free(file);
49} 49}
50 50
51void caps(pid_t pid) { 51void caps(pid_t pid, int print_procs) {
52 if (getuid() == 0)
53 firemon_drop_privs();
54
55 pid_read(pid); // include all processes 52 pid_read(pid); // include all processes
56 53
57 // print processes 54 // print processes
58 int i; 55 int i;
59 for (i = 0; i < max_pids; i++) { 56 for (i = 0; i < max_pids; i++) {
60 if (pids[i].level == 1) { 57 if (pids[i].level == 1) {
61 pid_print_list(i, 0); 58 if (print_procs || pid == 0)
59 pid_print_list(i, 0);
62 int child = find_child(i); 60 int child = find_child(i);
63 if (child != -1) 61 if (child != -1)
64 print_caps(child); 62 print_caps(child);
diff --git a/src/firemon/cgroup.c b/src/firemon/cgroup.c
index 0b93390ae..e20e1d449 100644
--- a/src/firemon/cgroup.c
+++ b/src/firemon/cgroup.c
@@ -44,21 +44,20 @@ static void print_cgroup(int pid) {
44 free(file); 44 free(file);
45} 45}
46 46
47void cgroup(pid_t pid) { 47void cgroup(pid_t pid, int print_procs) {
48 if (getuid() == 0)
49 firemon_drop_privs();
50
51 pid_read(pid); 48 pid_read(pid);
52 49
53 // print processes 50 // print processes
54 int i; 51 int i;
55 for (i = 0; i < max_pids; i++) { 52 for (i = 0; i < max_pids; i++) {
56 if (pids[i].level == 1) { 53 if (pids[i].level == 1) {
57 pid_print_list(i, 0); 54 if (print_procs || pid == 0)
55 pid_print_list(i, 0);
58 int child = find_child(i); 56 int child = find_child(i);
59 if (child != -1) 57 if (child != -1)
60 print_cgroup(child); 58 print_cgroup(child);
61 } 59 }
62 } 60 }
61 printf("\n");
63} 62}
64 63
diff --git a/src/firemon/cpu.c b/src/firemon/cpu.c
index 06658f58c..47c935686 100644
--- a/src/firemon/cpu.c
+++ b/src/firemon/cpu.c
@@ -48,21 +48,20 @@ static void print_cpu(int pid) {
48 free(file); 48 free(file);
49} 49}
50 50
51void cpu(pid_t pid) { 51void cpu(pid_t pid, int print_procs) {
52 if (getuid() == 0)
53 firemon_drop_privs();
54
55 pid_read(pid); 52 pid_read(pid);
56 53
57 // print processes 54 // print processes
58 int i; 55 int i;
59 for (i = 0; i < max_pids; i++) { 56 for (i = 0; i < max_pids; i++) {
60 if (pids[i].level == 1) { 57 if (pids[i].level == 1) {
61 pid_print_list(i, 0); 58 if (print_procs || pid == 0)
59 pid_print_list(i, 0);
62 int child = find_child(i); 60 int child = find_child(i);
63 if (child != -1) 61 if (child != -1)
64 print_cpu(child); 62 print_cpu(child);
65 } 63 }
66 } 64 }
65 printf("\n");
67} 66}
68 67
diff --git a/src/firemon/firemon.c b/src/firemon/firemon.c
index 3140c5f70..b63e37444 100644
--- a/src/firemon/firemon.c
+++ b/src/firemon/firemon.c
@@ -25,7 +25,6 @@
25#include <grp.h> 25#include <grp.h>
26#include <sys/stat.h> 26#include <sys/stat.h>
27 27
28
29static int arg_route = 0; 28static int arg_route = 0;
30static int arg_arp = 0; 29static int arg_arp = 0;
31static int arg_tree = 0; 30static int arg_tree = 0;
@@ -35,6 +34,9 @@ static int arg_caps = 0;
35static int arg_cpu = 0; 34static int arg_cpu = 0;
36static int arg_cgroup = 0; 35static int arg_cgroup = 0;
37static int arg_x11 = 0; 36static int arg_x11 = 0;
37static int arg_top = 0;
38static int arg_list = 0;
39static int arg_netstats = 0;
38int arg_nowrap = 0; 40int arg_nowrap = 0;
39 41
40static struct termios tlocal; // startup terminal setting 42static struct termios tlocal; // startup terminal setting
@@ -62,17 +64,6 @@ int find_child(int id) {
62 return -1; 64 return -1;
63} 65}
64 66
65// drop privileges
66void firemon_drop_privs(void) {
67 // drop privileges
68 if (setgroups(0, NULL) < 0)
69 errExit("setgroups");
70 if (setgid(getgid()) < 0)
71 errExit("setgid/getgid");
72 if (setuid(getuid()) < 0)
73 errExit("setuid/getuid");
74}
75
76// sleep and wait for a key to be pressed 67// sleep and wait for a key to be pressed
77void firemon_sleep(int st) { 68void firemon_sleep(int st) {
78 if (terminal_set == 0) { 69 if (terminal_set == 0) {
@@ -129,53 +120,44 @@ int main(int argc, char **argv) {
129 } 120 }
130 121
131 // options without a pid argument 122 // options without a pid argument
132 else if (strcmp(argv[i], "--top") == 0) { 123 else if (strcmp(argv[i], "--top") == 0)
133 top(); // never to return 124 arg_top = 1;
134 } 125 else if (strcmp(argv[i], "--list") == 0)
135 else if (strcmp(argv[i], "--list") == 0) { 126 arg_list = 1;
136 list(); 127 else if (strcmp(argv[i], "--tree") == 0)
137 return 0; 128 arg_tree = 1;
138 }
139 else if (strcmp(argv[i], "--netstats") == 0) { 129 else if (strcmp(argv[i], "--netstats") == 0) {
140 struct stat s; 130 struct stat s;
141 if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) { 131 if (getuid() != 0 && stat("/proc/sys/kernel/grsecurity", &s) == 0) {
142 fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n"); 132 fprintf(stderr, "Error: this feature is not available on Grsecurity systems\n");
143 exit(1); 133 exit(1);
144 } 134 }
145 135 arg_netstats = 1;
146 netstats();
147 return 0;
148 } 136 }
149 137
150 138
151 // cumulative options with or without a pid argument 139 // cumulative options with or without a pid argument
152 else if (strcmp(argv[i], "--x11") == 0) { 140 else if (strcmp(argv[i], "--x11") == 0)
153 arg_x11 = 1; 141 arg_x11 = 1;
154 } 142 else if (strcmp(argv[i], "--cgroup") == 0)
155 else if (strcmp(argv[i], "--cgroup") == 0) {
156 arg_cgroup = 1; 143 arg_cgroup = 1;
157 } 144 else if (strcmp(argv[i], "--cpu") == 0)
158 else if (strcmp(argv[i], "--cpu") == 0) {
159 arg_cpu = 1; 145 arg_cpu = 1;
160 } 146 else if (strcmp(argv[i], "--seccomp") == 0)
161 else if (strcmp(argv[i], "--seccomp") == 0) {
162 arg_seccomp = 1; 147 arg_seccomp = 1;
163 } 148 else if (strcmp(argv[i], "--caps") == 0)
164 else if (strcmp(argv[i], "--caps") == 0) {
165 arg_caps = 1; 149 arg_caps = 1;
166 }
167 else if (strcmp(argv[i], "--tree") == 0) {
168 arg_tree = 1;
169 }
170 else if (strcmp(argv[i], "--interface") == 0) { 150 else if (strcmp(argv[i], "--interface") == 0) {
151 if (getuid() != 0) {
152 fprintf(stderr, "Error: you need to be root to run this command\n");
153 exit(1);
154 }
171 arg_interface = 1; 155 arg_interface = 1;
172 } 156 }
173 else if (strcmp(argv[i], "--route") == 0) { 157 else if (strcmp(argv[i], "--route") == 0)
174 arg_route = 1; 158 arg_route = 1;
175 } 159 else if (strcmp(argv[i], "--arp") == 0)
176 else if (strcmp(argv[i], "--arp") == 0) {
177 arg_arp = 1; 160 arg_arp = 1;
178 }
179 161
180 else if (strncmp(argv[i], "--name=", 7) == 0) { 162 else if (strncmp(argv[i], "--name=", 7) == 0) {
181 char *name = argv[i] + 7; 163 char *name = argv[i] + 7;
@@ -212,27 +194,66 @@ int main(int argc, char **argv) {
212 } 194 }
213 } 195 }
214 196
215 if (arg_tree) 197 // allow only root user if /proc is mounted hidepid
198 if (pid_hidepid() && getuid() != 0) {
199 fprintf(stderr, "Error: /proc is mounted hidepid, you would need to be root to run this command\n");
200 exit(1);
201 }
202
203 if (arg_top) {
204 top();
205 return 0;
206 }
207 if (arg_list) {
208 list();
209 return 0;
210 }
211 if (arg_netstats) {
212 netstats();
213 return 0;
214 }
215
216 // cumulative options
217 int print_procs = 1;
218 if (arg_tree) {
216 tree((pid_t) pid); 219 tree((pid_t) pid);
217 if (arg_interface) 220 print_procs = 0;
218 interface((pid_t) pid); 221 }
219 if (arg_route) 222 if (arg_cpu) {
220 route((pid_t) pid); 223 cpu((pid_t) pid, print_procs);
221 if (arg_arp) 224 print_procs = 0;
222 arp((pid_t) pid); 225 }
223 if (arg_seccomp) 226 if (arg_seccomp) {
224 seccomp((pid_t) pid); 227 seccomp((pid_t) pid, print_procs);
225 if (arg_caps) 228 print_procs = 0;
226 caps((pid_t) pid); 229 }
227 if (arg_cpu) 230 if (arg_caps) {
228 cpu((pid_t) pid); 231 caps((pid_t) pid, print_procs);
229 if (arg_cgroup) 232 print_procs = 0;
230 cgroup((pid_t) pid); 233 }
231 if (arg_x11) 234 if (arg_cgroup) {
232 x11((pid_t) pid); 235 cgroup((pid_t) pid, print_procs);
236 print_procs = 0;
237 }
238 if (arg_x11) {
239 x11((pid_t) pid, print_procs);
240 print_procs = 0;
241 }
242 if (arg_interface) {
243 interface((pid_t) pid, print_procs);
244 print_procs = 0;
245 }
246 if (arg_route) {
247 route((pid_t) pid, print_procs);
248 print_procs = 0;
249 }
250 if (arg_arp) {
251 arp((pid_t) pid, print_procs);
252 print_procs = 0;
253 }
233 254
234 if (!arg_route && !arg_arp && !arg_interface && !arg_tree && !arg_caps && !arg_seccomp && !arg_x11) 255 if (print_procs)
235 procevent((pid_t) pid); // never to return 256 procevent((pid_t) pid);
236 257
237 return 0; 258 return 0;
238} 259}
diff --git a/src/firemon/firemon.h b/src/firemon/firemon.h
index 522ece077..c78023888 100644
--- a/src/firemon/firemon.h
+++ b/src/firemon/firemon.h
@@ -38,7 +38,6 @@ static inline void firemon_clrscr(void) {
38// firemon.c 38// firemon.c
39extern int arg_nowrap; 39extern int arg_nowrap;
40int find_child(int id); 40int find_child(int id);
41void firemon_drop_privs(void);
42void firemon_sleep(int st); 41void firemon_sleep(int st);
43 42
44 43
@@ -55,25 +54,25 @@ void top(void);
55void list(void); 54void list(void);
56 55
57// interface.c 56// interface.c
58void interface(pid_t pid); 57void interface(pid_t pid, int print_procs);
59 58
60// arp.c 59// arp.c
61void arp(pid_t pid); 60void arp(pid_t pid, int print_procs);
62 61
63// route.c 62// route.c
64void route(pid_t pid); 63void route(pid_t pid, int print_procs);
65 64
66// caps.c 65// caps.c
67void caps(pid_t pid); 66void caps(pid_t pid, int print_procs);
68 67
69// seccomp.c 68// seccomp.c
70void seccomp(pid_t pid); 69void seccomp(pid_t pid, int print_procs);
71 70
72// cpu.c 71// cpu.c
73void cpu(pid_t pid); 72void cpu(pid_t pid, int print_procs);
74 73
75// cgroup.c 74// cgroup.c
76void cgroup(pid_t pid); 75void cgroup(pid_t pid, int print_procs);
77 76
78// tree.c 77// tree.c
79void tree(pid_t pid); 78void tree(pid_t pid);
@@ -82,6 +81,6 @@ void tree(pid_t pid);
82void netstats(void); 81void netstats(void);
83 82
84// x11.c 83// x11.c
85void x11(pid_t pid); 84void x11(pid_t pid, int print_procs);
86 85
87#endif 86#endif
diff --git a/src/firemon/interface.c b/src/firemon/interface.c
index 5a89e1491..def9cd5ac 100644
--- a/src/firemon/interface.c
+++ b/src/firemon/interface.c
@@ -145,32 +145,31 @@ static void print_sandbox(pid_t pid) {
145 if (rv) 145 if (rv)
146 return; 146 return;
147 net_ifprint(); 147 net_ifprint();
148 printf("\n"); 148#ifdef HAVE_GCOV
149 exit(0); 149 __gcov_flush();
150#endif
151 _exit(0);
150 } 152 }
151 153
152 // wait for the child to finish 154 // wait for the child to finish
153 waitpid(child, NULL, 0); 155 waitpid(child, NULL, 0);
154} 156}
155 157
156void interface(pid_t pid) { 158void interface(pid_t pid, int print_procs) {
157 if (getuid() != 0) {
158 fprintf(stderr, "Error: you need to be root to run this command\n");
159 exit(1);
160 }
161
162 pid_read(pid); // a pid of 0 will include all processes 159 pid_read(pid); // a pid of 0 will include all processes
163 160
164 // print processes 161 // print processes
165 int i; 162 int i;
166 for (i = 0; i < max_pids; i++) { 163 for (i = 0; i < max_pids; i++) {
167 if (pids[i].level == 1) { 164 if (pids[i].level == 1) {
168 pid_print_list(i, 0); 165 if (print_procs || pid == 0)
166 pid_print_list(i, 0);
169 int child = find_child(i); 167 int child = find_child(i);
170 if (child != -1) { 168 if (child != -1) {
171 print_sandbox(child); 169 print_sandbox(child);
172 } 170 }
173 } 171 }
174 } 172 }
173 printf("\n");
175} 174}
176 175
diff --git a/src/firemon/list.c b/src/firemon/list.c
index 901627c2a..acff13a28 100644
--- a/src/firemon/list.c
+++ b/src/firemon/list.c
@@ -20,9 +20,6 @@
20#include "firemon.h" 20#include "firemon.h"
21 21
22void list(void) { 22void list(void) {
23 if (getuid() == 0)
24 firemon_drop_privs();
25
26 pid_read(0); // include all processes 23 pid_read(0); // include all processes
27 24
28 // print processes 25 // print processes
diff --git a/src/firemon/netstats.c b/src/firemon/netstats.c
index 89e4202bd..3c020d630 100644
--- a/src/firemon/netstats.c
+++ b/src/firemon/netstats.c
@@ -26,6 +26,10 @@
26 26
27#define MAXBUF 4096 27#define MAXBUF 4096
28 28
29// ip -s link: device stats
30// ss -s: socket stats
31
32
29static char *get_header(void) { 33static char *get_header(void) {
30 char *rv; 34 char *rv;
31 if (asprintf(&rv, "%-5.5s %-9.9s %-10.10s %-10.10s %s", 35 if (asprintf(&rv, "%-5.5s %-9.9s %-10.10s %-10.10s %s",
@@ -166,9 +170,6 @@ static void print_proc(int index, int itv, int col) {
166} 170}
167 171
168void netstats(void) { 172void netstats(void) {
169 if (getuid() == 0)
170 firemon_drop_privs();
171
172 pid_read(0); // include all processes 173 pid_read(0); // include all processes
173 174
174 printf("Displaying network statistics only for sandboxes using a new network namespace.\n"); 175 printf("Displaying network statistics only for sandboxes using a new network namespace.\n");
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c
index e2dd5aaa2..1940f4a34 100644
--- a/src/firemon/procevent.c
+++ b/src/firemon/procevent.c
@@ -28,6 +28,8 @@
28#include <arpa/inet.h> 28#include <arpa/inet.h>
29#include <time.h> 29#include <time.h>
30#include <fcntl.h> 30#include <fcntl.h>
31#include <sys/uio.h>
32
31#define PIDS_BUFLEN 4096 33#define PIDS_BUFLEN 4096
32#define SERVER_PORT 889 // 889-899 is left unassigned by IANA 34#define SERVER_PORT 889 // 889-899 is left unassigned by IANA
33 35
@@ -89,7 +91,8 @@ static int pid_is_firejail(pid_t pid) {
89 91
90 // list of firejail arguments that don't trigger sandbox creation 92 // list of firejail arguments that don't trigger sandbox creation
91 // the initial -- is not included 93 // the initial -- is not included
92 char *firejail_args = "ls list tree x11 help version top netstats debug-syscalls debug-errnos debug-protocols"; 94 char *firejail_args = "ls list tree x11 help version top netstats debug-syscalls debug-errnos debug-protocols "
95 "protocol.print debug.caps shutdown bandwidth caps.print cpu.print debug-caps fs.print get overlay-clean ";
93 96
94 int i; 97 int i;
95 char *start; 98 char *start;
@@ -189,6 +192,10 @@ static int procevent_monitor(const int sock, pid_t mypid) {
189 tv.tv_usec = 0; 192 tv.tv_usec = 0;
190 193
191 while (1) { 194 while (1) {
195#ifdef HAVE_GCOV
196 __gcov_flush();
197#endif
198
192#define BUFFSIZE 4096 199#define BUFFSIZE 4096
193 char __attribute__ ((aligned(NLMSG_ALIGNTO)))buf[BUFFSIZE]; 200 char __attribute__ ((aligned(NLMSG_ALIGNTO)))buf[BUFFSIZE];
194 201
diff --git a/src/firemon/route.c b/src/firemon/route.c
index 398965671..fb58b169d 100644
--- a/src/firemon/route.c
+++ b/src/firemon/route.c
@@ -181,17 +181,15 @@ static void print_route(const char *fname) {
181 181
182} 182}
183 183
184void route(pid_t pid) { 184void route(pid_t pid, int print_procs) {
185 if (getuid() == 0)
186 firemon_drop_privs();
187
188 pid_read(pid); 185 pid_read(pid);
189 186
190 // print processes 187 // print processes
191 int i; 188 int i;
192 for (i = 0; i < max_pids; i++) { 189 for (i = 0; i < max_pids; i++) {
193 if (pids[i].level == 1) { 190 if (pids[i].level == 1) {
194 pid_print_list(i, 0); 191 if (print_procs || pid == 0)
192 pid_print_list(i, 0);
195 int child = find_child(i); 193 int child = find_child(i);
196 if (child != -1) { 194 if (child != -1) {
197 char *fname; 195 char *fname;
@@ -204,10 +202,10 @@ void route(pid_t pid) {
204 errExit("asprintf"); 202 errExit("asprintf");
205 print_route(fname); 203 print_route(fname);
206 free(fname); 204 free(fname);
207 printf("\n");
208 } 205 }
209 } 206 }
210 } 207 }
208 printf("\n");
211} 209}
212 210
213 211
diff --git a/src/firemon/seccomp.c b/src/firemon/seccomp.c
index 71771c72d..abc698bb8 100644
--- a/src/firemon/seccomp.c
+++ b/src/firemon/seccomp.c
@@ -48,17 +48,15 @@ static void print_seccomp(int pid) {
48 free(file); 48 free(file);
49} 49}
50 50
51void seccomp(pid_t pid) { 51void seccomp(pid_t pid, int print_procs) {
52 if (getuid() == 0)
53 firemon_drop_privs();
54
55 pid_read(pid); // include all processes 52 pid_read(pid); // include all processes
56 53
57 // print processes 54 // print processes
58 int i; 55 int i;
59 for (i = 0; i < max_pids; i++) { 56 for (i = 0; i < max_pids; i++) {
60 if (pids[i].level == 1) { 57 if (pids[i].level == 1) {
61 pid_print_list(i, 0); 58 if (print_procs || pid == 0)
59 pid_print_list(i, 0);
62 int child = find_child(i); 60 int child = find_child(i);
63 if (child != -1) 61 if (child != -1)
64 print_seccomp(child); 62 print_seccomp(child);
diff --git a/src/firemon/top.c b/src/firemon/top.c
index a6da6f64e..b804761dd 100644
--- a/src/firemon/top.c
+++ b/src/firemon/top.c
@@ -232,9 +232,6 @@ void head_print(int col, int row) {
232} 232}
233 233
234void top(void) { 234void top(void) {
235 if (getuid() == 0)
236 firemon_drop_privs();
237
238 while (1) { 235 while (1) {
239 // clear linked list 236 // clear linked list
240 head_clear(); 237 head_clear();
diff --git a/src/firemon/tree.c b/src/firemon/tree.c
index b05eb92f9..6d8b37ecb 100644
--- a/src/firemon/tree.c
+++ b/src/firemon/tree.c
@@ -20,10 +20,7 @@
20#include "firemon.h" 20#include "firemon.h"
21 21
22void tree(pid_t pid) { 22void tree(pid_t pid) {
23 if (getuid() == 0) 23 pid_read(pid);
24 firemon_drop_privs();
25
26 pid_read(pid); // include all processes
27 24
28 // print processes 25 // print processes
29 int i; 26 int i;
diff --git a/src/firemon/x11.c b/src/firemon/x11.c
index e30c2d78b..b0efb090a 100644
--- a/src/firemon/x11.c
+++ b/src/firemon/x11.c
@@ -22,17 +22,15 @@
22#include <sys/stat.h> 22#include <sys/stat.h>
23#include <unistd.h> 23#include <unistd.h>
24 24
25void x11(pid_t pid) { 25void x11(pid_t pid, int print_procs) {
26 if (getuid() == 0)
27 firemon_drop_privs();
28
29 pid_read(pid); 26 pid_read(pid);
30 27
31 // print processes 28 // print processes
32 int i; 29 int i;
33 for (i = 0; i < max_pids; i++) { 30 for (i = 0; i < max_pids; i++) {
34 if (pids[i].level == 1) { 31 if (pids[i].level == 1) {
35 pid_print_list(i, 0); 32 if (print_procs || pid == 0)
33 pid_print_list(i, 0);
36 34
37 char *x11file; 35 char *x11file;
38 // todo: use macro from src/firejail/firejail.h for /run/firejail/x11 directory 36 // todo: use macro from src/firejail/firejail.h for /run/firejail/x11 directory
@@ -49,12 +47,13 @@ void x11(pid_t pid) {
49 int display; 47 int display;
50 int rv = fscanf(fp, "%d", &display); 48 int rv = fscanf(fp, "%d", &display);
51 if (rv == 1) 49 if (rv == 1)
52 printf(" DISPLAY :%d\n", display); 50 printf(" DISPLAY :%d\n", display);
53 fclose(fp); 51 fclose(fp);
54 } 52 }
55 53
56 free(x11file); 54 free(x11file);
57 } 55 }
58 } 56 }
57 printf("\n");
59} 58}
60 59
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-12 16:56:48 +0000