diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_trace.c | 19 | ||||
-rw-r--r-- | src/firejail/main.c | 5 |
3 files changed, 25 insertions, 0 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 14cad4190..4a59522bf 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -260,6 +260,7 @@ extern int arg_caps_keep; // keep list | |||
260 | extern char *arg_caps_list; // optional caps list | 260 | extern char *arg_caps_list; // optional caps list |
261 | 261 | ||
262 | extern int arg_trace; // syscall tracing support | 262 | extern int arg_trace; // syscall tracing support |
263 | extern char *arg_tracefile; // syscall tracing file | ||
263 | extern int arg_tracelog; // blacklist tracing support | 264 | extern int arg_tracelog; // blacklist tracing support |
264 | extern int arg_rlimit_cpu; // rlimit cpu | 265 | extern int arg_rlimit_cpu; // rlimit cpu |
265 | extern int arg_rlimit_nofile; // rlimit nofile | 266 | extern int arg_rlimit_nofile; // rlimit nofile |
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 26dd5cb27..eac73a074 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
@@ -41,6 +41,25 @@ void fs_trace_preload(void) { | |||
41 | fclose(fp); | 41 | fclose(fp); |
42 | fs_logger("touch /etc/ld.so.preload"); | 42 | fs_logger("touch /etc/ld.so.preload"); |
43 | } | 43 | } |
44 | if (arg_tracefile) { | ||
45 | if (arg_debug) | ||
46 | printf("Creating an empty trace log file: %s\n", arg_tracefile); | ||
47 | // create a bind mounted trace logfile that the sandbox can see | ||
48 | FILE *fp = fopen(arg_tracefile, "w"); | ||
49 | if (!fp) | ||
50 | errExit("fopen"); | ||
51 | SET_PERMS_STREAM(fp, firejail_uid, firejail_gid, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | ||
52 | fclose(fp); | ||
53 | fp = fopen(RUN_TRACE_FILE, "w"); | ||
54 | if (!fp) | ||
55 | errExit("fopen"); | ||
56 | fclose(fp); | ||
57 | fs_logger2("touch ", arg_tracefile); | ||
58 | if (mount(arg_tracefile, RUN_TRACE_FILE, NULL, MS_BIND|MS_REC, NULL) < 0) | ||
59 | errExit("mount bind " RUN_TRACE_FILE); | ||
60 | if (arg_debug) | ||
61 | printf("Bind mount %s to %s\n", arg_tracefile, RUN_TRACE_FILE); | ||
62 | } | ||
44 | } | 63 | } |
45 | 64 | ||
46 | void fs_trace(void) { | 65 | void fs_trace(void) { |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 9f44c6281..4c6d20626 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -80,6 +80,7 @@ int arg_caps_keep = 0; // keep list | |||
80 | char *arg_caps_list = NULL; // optional caps list | 80 | char *arg_caps_list = NULL; // optional caps list |
81 | 81 | ||
82 | int arg_trace = 0; // syscall tracing support | 82 | int arg_trace = 0; // syscall tracing support |
83 | char *arg_tracefile = NULL; // syscall tracing file | ||
83 | int arg_tracelog = 0; // blacklist tracing support | 84 | int arg_tracelog = 0; // blacklist tracing support |
84 | int arg_rlimit_cpu = 0; // rlimit max cpu time | 85 | int arg_rlimit_cpu = 0; // rlimit max cpu time |
85 | int arg_rlimit_nofile = 0; // rlimit nofile | 86 | int arg_rlimit_nofile = 0; // rlimit nofile |
@@ -1296,6 +1297,10 @@ int main(int argc, char **argv) { | |||
1296 | } | 1297 | } |
1297 | else if (strcmp(argv[i], "--trace") == 0) | 1298 | else if (strcmp(argv[i], "--trace") == 0) |
1298 | arg_trace = 1; | 1299 | arg_trace = 1; |
1300 | else if (strncmp(argv[i], "--trace=", 8) == 0) { | ||
1301 | arg_trace = 1; | ||
1302 | arg_tracefile = argv[i] + 8; | ||
1303 | } | ||
1299 | else if (strcmp(argv[i], "--tracelog") == 0) | 1304 | else if (strcmp(argv[i], "--tracelog") == 0) |
1300 | arg_tracelog = 1; | 1305 | arg_tracelog = 1; |
1301 | else if (strncmp(argv[i], "--rlimit-cpu=", 13) == 0) { | 1306 | else if (strncmp(argv[i], "--rlimit-cpu=", 13) == 0) { |