diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/Makefile.in | 2 | ||||
-rw-r--r-- | src/lib/common.c | 21 | ||||
-rw-r--r-- | src/lib/libnetlink.c | 16 | ||||
-rw-r--r-- | src/lib/pid.c | 32 |
4 files changed, 34 insertions, 37 deletions
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 5549aca11..06ba3fee9 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in | |||
@@ -10,7 +10,7 @@ C_FILE_LIST = $(sort $(wildcard *.c)) | |||
10 | OBJS = $(C_FILE_LIST:.c=.o) | 10 | OBJS = $(C_FILE_LIST:.c=.o) |
11 | BINOBJS = $(foreach file, $(OBJS), $file) | 11 | BINOBJS = $(foreach file, $(OBJS), $file) |
12 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security | 12 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security |
13 | LDFLAGS:=-pic -Wl,-z,relro -Wl,-z,now | 13 | LDFLAGS:=-pic -Wl,-z,relro -Wl,-z,now |
14 | 14 | ||
15 | all: $(OBJS) | 15 | all: $(OBJS) |
16 | 16 | ||
diff --git a/src/lib/common.c b/src/lib/common.c index 6f2cebf12..98cb48abf 100644 --- a/src/lib/common.c +++ b/src/lib/common.c | |||
@@ -37,7 +37,7 @@ int join_namespace(pid_t pid, char *type) { | |||
37 | char *path; | 37 | char *path; |
38 | if (asprintf(&path, "/proc/%u/ns/%s", pid, type) == -1) | 38 | if (asprintf(&path, "/proc/%u/ns/%s", pid, type) == -1) |
39 | errExit("asprintf"); | 39 | errExit("asprintf"); |
40 | 40 | ||
41 | int fd = open(path, O_RDONLY); | 41 | int fd = open(path, O_RDONLY); |
42 | if (fd < 0) | 42 | if (fd < 0) |
43 | goto errout; | 43 | goto errout; |
@@ -55,14 +55,14 @@ errout: | |||
55 | free(path); | 55 | free(path); |
56 | fprintf(stderr, "Error: cannot join namespace %s\\n", type); | 56 | fprintf(stderr, "Error: cannot join namespace %s\\n", type); |
57 | return -1; | 57 | return -1; |
58 | 58 | ||
59 | } | 59 | } |
60 | 60 | ||
61 | // return 1 if error | 61 | // return 1 if error |
62 | // this function requires root access - todo: fix it! | 62 | // this function requires root access - todo: fix it! |
63 | int name2pid(const char *name, pid_t *pid) { | 63 | int name2pid(const char *name, pid_t *pid) { |
64 | pid_t parent = getpid(); | 64 | pid_t parent = getpid(); |
65 | 65 | ||
66 | DIR *dir; | 66 | DIR *dir; |
67 | if (!(dir = opendir("/proc"))) { | 67 | if (!(dir = opendir("/proc"))) { |
68 | // sleep 2 seconds and try again | 68 | // sleep 2 seconds and try again |
@@ -72,7 +72,7 @@ int name2pid(const char *name, pid_t *pid) { | |||
72 | exit(1); | 72 | exit(1); |
73 | } | 73 | } |
74 | } | 74 | } |
75 | 75 | ||
76 | struct dirent *entry; | 76 | struct dirent *entry; |
77 | char *end; | 77 | char *end; |
78 | while ((entry = readdir(dir))) { | 78 | while ((entry = readdir(dir))) { |
@@ -91,7 +91,7 @@ int name2pid(const char *name, pid_t *pid) { | |||
91 | } | 91 | } |
92 | free(comm); | 92 | free(comm); |
93 | } | 93 | } |
94 | 94 | ||
95 | // look for the sandbox name in /run/firejail/name/<PID> | 95 | // look for the sandbox name in /run/firejail/name/<PID> |
96 | // todo: use RUN_FIREJAIL_NAME_DIR define from src/firejail/firejail.h | 96 | // todo: use RUN_FIREJAIL_NAME_DIR define from src/firejail/firejail.h |
97 | char *fname; | 97 | char *fname; |
@@ -249,10 +249,10 @@ int pid_proc_cmdline_x11_xpra_xephyr(const pid_t pid) { | |||
249 | break; | 249 | break; |
250 | if (strncmp(arg, "--", 2) != 0) | 250 | if (strncmp(arg, "--", 2) != 0) |
251 | break; | 251 | break; |
252 | 252 | ||
253 | if (strcmp(arg, "--x11=xorg") == 0) | 253 | if (strcmp(arg, "--x11=xorg") == 0) |
254 | return 0; | 254 | return 0; |
255 | 255 | ||
256 | // check x11 xpra or xephyr | 256 | // check x11 xpra or xephyr |
257 | if (strncmp(arg, "--x11", 5) == 0) | 257 | if (strncmp(arg, "--x11", 5) == 0) |
258 | return 1; | 258 | return 1; |
@@ -267,7 +267,7 @@ int pid_hidepid(void) { | |||
267 | FILE *fp = fopen("/proc/mounts", "r"); | 267 | FILE *fp = fopen("/proc/mounts", "r"); |
268 | if (!fp) | 268 | if (!fp) |
269 | return 1; | 269 | return 1; |
270 | 270 | ||
271 | char buf[BUFLEN]; | 271 | char buf[BUFLEN]; |
272 | while (fgets(buf, BUFLEN, fp)) { | 272 | while (fgets(buf, BUFLEN, fp)) { |
273 | if (strstr(buf, "proc /proc proc")) { | 273 | if (strstr(buf, "proc /proc proc")) { |
@@ -278,10 +278,7 @@ int pid_hidepid(void) { | |||
278 | return 0; | 278 | return 0; |
279 | } | 279 | } |
280 | } | 280 | } |
281 | 281 | ||
282 | fclose(fp); | 282 | fclose(fp); |
283 | return 0; | 283 | return 0; |
284 | } | 284 | } |
285 | |||
286 | |||
287 | |||
diff --git a/src/lib/libnetlink.c b/src/lib/libnetlink.c index 417ef2c5f..d2975bd57 100644 --- a/src/lib/libnetlink.c +++ b/src/lib/libnetlink.c | |||
@@ -1,16 +1,16 @@ | |||
1 | /* file extracted from iproute2 software package | 1 | /* file extracted from iproute2 software package |
2 | * | 2 | * |
3 | * Original source code: | 3 | * Original source code: |
4 | * | 4 | * |
5 | * Information: | 5 | * Information: |
6 | * http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 | 6 | * http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 |
7 | * | 7 | * |
8 | * Download: | 8 | * Download: |
9 | * http://www.kernel.org/pub/linux/utils/net/iproute2/ | 9 | * http://www.kernel.org/pub/linux/utils/net/iproute2/ |
10 | * | 10 | * |
11 | * Repository: | 11 | * Repository: |
12 | * git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git | 12 | * git://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git |
13 | * | 13 | * |
14 | * License: GPL v2 | 14 | * License: GPL v2 |
15 | * | 15 | * |
16 | * Original copyright header | 16 | * Original copyright header |
@@ -166,7 +166,7 @@ int rtnl_send_check(struct rtnl_handle *rth, const void *buf, int len) | |||
166 | struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); | 166 | struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); |
167 | if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) | 167 | if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) |
168 | fprintf(stderr, "ERROR truncated\n"); | 168 | fprintf(stderr, "ERROR truncated\n"); |
169 | else | 169 | else |
170 | errno = -err->error; | 170 | errno = -err->error; |
171 | return -1; | 171 | return -1; |
172 | } | 172 | } |
@@ -600,7 +600,7 @@ if (type == IFLA_LINK) { | |||
600 | for (i = 0; i < alen; i++) | 600 | for (i = 0; i < alen; i++) |
601 | printf("%02x, ", *((unsigned char *)data + i)); | 601 | printf("%02x, ", *((unsigned char *)data + i)); |
602 | printf("\n"); | 602 | printf("\n"); |
603 | } | 603 | } |
604 | else if (type == IFLA_IFNAME) { | 604 | else if (type == IFLA_IFNAME) { |
605 | printf("IFLA_IFNAME\n"); | 605 | printf("IFLA_IFNAME\n"); |
606 | printf("\tdata - #%s#\n", data); | 606 | printf("\tdata - #%s#\n", data); |
@@ -615,8 +615,8 @@ else if (type == IFLA_ADDRESS) { | |||
615 | printf("\n"); | 615 | printf("\n"); |
616 | } | 616 | } |
617 | else if (type == IFLA_BROADCAST) printf("IFLA_BROADCAST or IFLA_INFO_DATA\n"); | 617 | else if (type == IFLA_BROADCAST) printf("IFLA_BROADCAST or IFLA_INFO_DATA\n"); |
618 | 618 | ||
619 | printf("\tdata length: %d\n", alen); | 619 | printf("\tdata length: %d\n", alen); |
620 | #endif | 620 | #endif |
621 | 621 | ||
622 | int len = RTA_LENGTH(alen); | 622 | int len = RTA_LENGTH(alen); |
diff --git a/src/lib/pid.c b/src/lib/pid.c index 7ae5a8d3e..ed1e7b375 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c | |||
@@ -24,7 +24,7 @@ | |||
24 | #include <pwd.h> | 24 | #include <pwd.h> |
25 | #include <sys/ioctl.h> | 25 | #include <sys/ioctl.h> |
26 | #include <dirent.h> | 26 | #include <dirent.h> |
27 | 27 | ||
28 | #define PIDS_BUFLEN 4096 | 28 | #define PIDS_BUFLEN 4096 |
29 | //Process pids[max_pids]; | 29 | //Process pids[max_pids]; |
30 | Process *pids = NULL; | 30 | Process *pids = NULL; |
@@ -36,14 +36,14 @@ void pid_getmem(unsigned pid, unsigned *rss, unsigned *shared) { | |||
36 | char *file; | 36 | char *file; |
37 | if (asprintf(&file, "/proc/%u/statm", pid) == -1) | 37 | if (asprintf(&file, "/proc/%u/statm", pid) == -1) |
38 | errExit("asprintf"); | 38 | errExit("asprintf"); |
39 | 39 | ||
40 | FILE *fp = fopen(file, "r"); | 40 | FILE *fp = fopen(file, "r"); |
41 | if (!fp) { | 41 | if (!fp) { |
42 | free(file); | 42 | free(file); |
43 | return; | 43 | return; |
44 | } | 44 | } |
45 | free(file); | 45 | free(file); |
46 | 46 | ||
47 | unsigned a, b, c; | 47 | unsigned a, b, c; |
48 | if (3 != fscanf(fp, "%u %u %u", &a, &b, &c)) { | 48 | if (3 != fscanf(fp, "%u %u %u", &a, &b, &c)) { |
49 | fclose(fp); | 49 | fclose(fp); |
@@ -67,7 +67,7 @@ void pid_get_cpu_time(unsigned pid, unsigned *utime, unsigned *stime) { | |||
67 | return; | 67 | return; |
68 | } | 68 | } |
69 | free(file); | 69 | free(file); |
70 | 70 | ||
71 | char line[PIDS_BUFLEN]; | 71 | char line[PIDS_BUFLEN]; |
72 | if (fgets(line, PIDS_BUFLEN - 1, fp)) { | 72 | if (fgets(line, PIDS_BUFLEN - 1, fp)) { |
73 | char *ptr = line; | 73 | char *ptr = line; |
@@ -84,7 +84,7 @@ void pid_get_cpu_time(unsigned pid, unsigned *utime, unsigned *stime) { | |||
84 | goto myexit; | 84 | goto myexit; |
85 | } | 85 | } |
86 | 86 | ||
87 | myexit: | 87 | myexit: |
88 | fclose(fp); | 88 | fclose(fp); |
89 | } | 89 | } |
90 | 90 | ||
@@ -100,7 +100,7 @@ unsigned long long pid_get_start_time(unsigned pid) { | |||
100 | return 0; | 100 | return 0; |
101 | } | 101 | } |
102 | free(file); | 102 | free(file); |
103 | 103 | ||
104 | char line[PIDS_BUFLEN]; | 104 | char line[PIDS_BUFLEN]; |
105 | unsigned long long retval = 0; | 105 | unsigned long long retval = 0; |
106 | if (fgets(line, PIDS_BUFLEN - 1, fp)) { | 106 | if (fgets(line, PIDS_BUFLEN - 1, fp)) { |
@@ -117,7 +117,7 @@ unsigned long long pid_get_start_time(unsigned pid) { | |||
117 | if (1 != sscanf(ptr, "%llu", &retval)) | 117 | if (1 != sscanf(ptr, "%llu", &retval)) |
118 | goto myexit; | 118 | goto myexit; |
119 | } | 119 | } |
120 | 120 | ||
121 | myexit: | 121 | myexit: |
122 | fclose(fp); | 122 | fclose(fp); |
123 | return retval; | 123 | return retval; |
@@ -154,12 +154,12 @@ uid_t pid_get_uid(pid_t pid) { | |||
154 | } | 154 | } |
155 | if (*ptr == '\0') | 155 | if (*ptr == '\0') |
156 | goto doexit; | 156 | goto doexit; |
157 | 157 | ||
158 | rv = atoi(ptr); | 158 | rv = atoi(ptr); |
159 | break; // break regardless! | 159 | break; // break regardless! |
160 | } | 160 | } |
161 | } | 161 | } |
162 | doexit: | 162 | doexit: |
163 | fclose(fp); | 163 | fclose(fp); |
164 | free(file); | 164 | free(file); |
165 | return rv; | 165 | return rv; |
@@ -187,7 +187,7 @@ static void print_elem(unsigned index, int nowrap) { | |||
187 | if (user ==NULL) | 187 | if (user ==NULL) |
188 | user = ""; | 188 | user = ""; |
189 | if (cmd) { | 189 | if (cmd) { |
190 | if (col < 4 || nowrap) | 190 | if (col < 4 || nowrap) |
191 | printf("%s%u:%s:%s\n", indent, index, user, cmd); | 191 | printf("%s%u:%s:%s\n", indent, index, user, cmd); |
192 | else { | 192 | else { |
193 | char *out; | 193 | char *out; |
@@ -201,7 +201,7 @@ static void print_elem(unsigned index, int nowrap) { | |||
201 | printf("%s", out); | 201 | printf("%s", out); |
202 | free(out); | 202 | free(out); |
203 | } | 203 | } |
204 | 204 | ||
205 | free(cmd); | 205 | free(cmd); |
206 | } | 206 | } |
207 | else { | 207 | else { |
@@ -220,7 +220,7 @@ void pid_print_tree(unsigned index, unsigned parent, int nowrap) { | |||
220 | 220 | ||
221 | // Remove unused parameter warning | 221 | // Remove unused parameter warning |
222 | (void)parent; | 222 | (void)parent; |
223 | 223 | ||
224 | unsigned i; | 224 | unsigned i; |
225 | for (i = index + 1; i < (unsigned)max_pids; i++) { | 225 | for (i = index + 1; i < (unsigned)max_pids; i++) { |
226 | if (pids[i].parent == (pid_t)index) | 226 | if (pids[i].parent == (pid_t)index) |
@@ -246,13 +246,13 @@ void pid_store_cpu(unsigned index, unsigned parent, unsigned *utime, unsigned *s | |||
246 | 246 | ||
247 | // Remove unused parameter warning | 247 | // Remove unused parameter warning |
248 | (void)parent; | 248 | (void)parent; |
249 | 249 | ||
250 | unsigned utmp = 0; | 250 | unsigned utmp = 0; |
251 | unsigned stmp = 0; | 251 | unsigned stmp = 0; |
252 | pid_get_cpu_time(index, &utmp, &stmp); | 252 | pid_get_cpu_time(index, &utmp, &stmp); |
253 | *utime += utmp; | 253 | *utime += utmp; |
254 | *stime += stmp; | 254 | *stime += stmp; |
255 | 255 | ||
256 | unsigned i; | 256 | unsigned i; |
257 | for (i = index + 1; i < (unsigned)max_pids; i++) { | 257 | for (i = index + 1; i < (unsigned)max_pids; i++) { |
258 | if (pids[i].parent == (pid_t)index) | 258 | if (pids[i].parent == (pid_t)index) |
@@ -293,7 +293,7 @@ void pid_read(pid_t mon_pid) { | |||
293 | exit(1); | 293 | exit(1); |
294 | } | 294 | } |
295 | } | 295 | } |
296 | 296 | ||
297 | pid_t child = -1; | 297 | pid_t child = -1; |
298 | struct dirent *entry; | 298 | struct dirent *entry; |
299 | char *end; | 299 | char *end; |
@@ -308,7 +308,7 @@ void pid_read(pid_t mon_pid) { | |||
308 | // skip PID 1 just in case we run a sandbox-in-sandbox | 308 | // skip PID 1 just in case we run a sandbox-in-sandbox |
309 | if (pid == 1) | 309 | if (pid == 1) |
310 | continue; | 310 | continue; |
311 | 311 | ||
312 | // open stat file | 312 | // open stat file |
313 | char *file; | 313 | char *file; |
314 | if (asprintf(&file, "/proc/%u/status", pid) == -1) | 314 | if (asprintf(&file, "/proc/%u/status", pid) == -1) |