aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/firejail/checkcfg.c1
-rw-r--r--src/fnettrace/main.c40
-rw-r--r--src/profstats/main.c8
3 files changed, 46 insertions, 3 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 9548ecb5b..e2fab1265 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -61,6 +61,7 @@ int checkcfg(int val) {
61 cfg_val[CFG_ALLOW_TRAY] = 0; 61 cfg_val[CFG_ALLOW_TRAY] = 0;
62 cfg_val[CFG_CHROOT] = 0; 62 cfg_val[CFG_CHROOT] = 0;
63 cfg_val[CFG_SECCOMP_LOG] = 0; 63 cfg_val[CFG_SECCOMP_LOG] = 0;
64 cfg_val[CFG_PRIVATE_LIB] = 0;
64 65
65 // open configuration file 66 // open configuration file
66 const char *fname = SYSCONFDIR "/firejail.config"; 67 const char *fname = SYSCONFDIR "/firejail.config";
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c
index 634d408a3..f5e9bea65 100644
--- a/src/fnettrace/main.c
+++ b/src/fnettrace/main.c
@@ -222,8 +222,27 @@ static unsigned adjust_bandwidth(unsigned bw) {
222} 222}
223 223
224static inline const char *common_port(uint16_t port) { 224static inline const char *common_port(uint16_t port) {
225 if (port > 123) 225 if (port > 194) {
226 if (port >= 6660 && port <= 6669)
227 return "(IRC)";
228 else if (port == 6679)
229 return "(IRC)";
230 else if (port == 6771)
231 return "(BitTorrent)";
232 else if (port >= 6881 && port <= 6999)
233 return "(BitTorrent)";
234 else if (port == 9001)
235 return "(Tor)";
236 else if (port == 9030)
237 return "(Tor)";
238 else if (port == 9050)
239 return "(Tor)";
240 else if (port == 9051)
241 return "(Tor)";
242 else if (port == 9150)
243 return "(Tor)";
226 return NULL; 244 return NULL;
245 }
227 246
228 if (port == 20 || port == 21) 247 if (port == 20 || port == 21)
229 return "(FTP)"; 248 return "(FTP)";
@@ -245,8 +264,16 @@ static inline const char *common_port(uint16_t port) {
245 return "(POP2)"; 264 return "(POP2)";
246 else if (port == 110) 265 else if (port == 110)
247 return "(POP3)"; 266 return "(POP3)";
267 else if (port == 113)
268 return "(IRC)";
248 else if (port == 123) 269 else if (port == 123)
249 return "(NTP)"; 270 return "(NTP)";
271 else if (port == 161)
272 return "(SNMP)";
273 else if (port == 162)
274 return "(SNMP)";
275 else if (port == 194)
276 return "(IRC)";
250 277
251 return NULL; 278 return NULL;
252} 279}
@@ -321,12 +348,19 @@ static void hnode_print(unsigned bw) {
321 protocol = "(TLS)"; 348 protocol = "(TLS)";
322 else if (ptr->port_src == 53) 349 else if (ptr->port_src == 53)
323 protocol = "(DNS)"; 350 protocol = "(DNS)";
324 else if (ptr->port_src == 853) 351 else if (ptr->port_src == 853) {
325 protocol = "(DoT)"; 352 if (ptr->protocol == 0x06)
353 protocol = "(DoT)";
354 else if (ptr->protocol == 0x11)
355 protocol = "(DoQ)";
356 else
357 protocol = NULL;
358 }
326 else if ((protocol = common_port(ptr->port_src)) != NULL) 359 else if ((protocol = common_port(ptr->port_src)) != NULL)
327 ; 360 ;
328 else if (ptr->protocol == 0x11) 361 else if (ptr->protocol == 0x11)
329 protocol = "(UDP)"; 362 protocol = "(UDP)";
363
330 if (protocol == NULL) 364 if (protocol == NULL)
331 protocol = ""; 365 protocol = "";
332 366
diff --git a/src/profstats/main.c b/src/profstats/main.c
index 595a94c11..9deb72f7e 100644
--- a/src/profstats/main.c
+++ b/src/profstats/main.c
@@ -38,6 +38,7 @@ static int cnt_privatebin = 0;
38static int cnt_privatedev = 0; 38static int cnt_privatedev = 0;
39static int cnt_privatetmp = 0; 39static int cnt_privatetmp = 0;
40static int cnt_privateetc = 0; 40static int cnt_privateetc = 0;
41static int cnt_privatelib = 0;
41static int cnt_whitelistvar = 0; // include whitelist-var-common.inc 42static int cnt_whitelistvar = 0; // include whitelist-var-common.inc
42static int cnt_whitelistrunuser = 0; // include whitelist-runuser-common.inc 43static int cnt_whitelistrunuser = 0; // include whitelist-runuser-common.inc
43static int cnt_whitelistusrshare = 0; // include whitelist-usr-share-common.inc 44static int cnt_whitelistusrshare = 0; // include whitelist-usr-share-common.inc
@@ -56,6 +57,7 @@ static int arg_privatebin = 0;
56static int arg_privatedev = 0; 57static int arg_privatedev = 0;
57static int arg_privatetmp = 0; 58static int arg_privatetmp = 0;
58static int arg_privateetc = 0; 59static int arg_privateetc = 0;
60static int arg_privatelib = 0;
59static int arg_whitelistvar = 0; 61static int arg_whitelistvar = 0;
60static int arg_whitelistrunuser = 0; 62static int arg_whitelistrunuser = 0;
61static int arg_whitelistusrshare = 0; 63static int arg_whitelistusrshare = 0;
@@ -181,6 +183,8 @@ static void process_file(char *fname) {
181 cnt_privatetmp++; 183 cnt_privatetmp++;
182 else if (strncmp(ptr, "private-etc", 11) == 0) 184 else if (strncmp(ptr, "private-etc", 11) == 0)
183 cnt_privateetc++; 185 cnt_privateetc++;
186 else if (strncmp(ptr, "private-lib", 11) == 0)
187 cnt_privatelib++;
184 else if (strncmp(ptr, "dbus-system none", 16) == 0) 188 else if (strncmp(ptr, "dbus-system none", 16) == 0)
185 cnt_dbus_system_none++; 189 cnt_dbus_system_none++;
186 else if (strncmp(ptr, "dbus-system", 11) == 0) 190 else if (strncmp(ptr, "dbus-system", 11) == 0)
@@ -297,6 +301,7 @@ int main(int argc, char **argv) {
297 int privatetmp = cnt_privatetmp; 301 int privatetmp = cnt_privatetmp;
298 int privatedev = cnt_privatedev; 302 int privatedev = cnt_privatedev;
299 int privateetc = cnt_privateetc; 303 int privateetc = cnt_privateetc;
304 int privatelib = cnt_privatelib;
300 int dotlocal = cnt_dotlocal; 305 int dotlocal = cnt_dotlocal;
301 int globalsdotlocal = cnt_globalsdotlocal; 306 int globalsdotlocal = cnt_globalsdotlocal;
302 int whitelisthome = cnt_whitelisthome; 307 int whitelisthome = cnt_whitelisthome;
@@ -360,6 +365,8 @@ int main(int argc, char **argv) {
360 printf("No private-tmp found in %s\n", argv[i]); 365 printf("No private-tmp found in %s\n", argv[i]);
361 if (arg_privateetc && privateetc == cnt_privateetc) 366 if (arg_privateetc && privateetc == cnt_privateetc)
362 printf("No private-etc found in %s\n", argv[i]); 367 printf("No private-etc found in %s\n", argv[i]);
368 if (arg_privatelib && privatelib == cnt_privatelib)
369 printf("No private-lib found in %s\n", argv[i]);
363 if (arg_whitelisthome && whitelisthome == cnt_whitelisthome) 370 if (arg_whitelisthome && whitelisthome == cnt_whitelisthome)
364 printf("Home directory not whitelisted in %s\n", argv[i]); 371 printf("Home directory not whitelisted in %s\n", argv[i]);
365 if (arg_whitelistvar && whitelistvar == cnt_whitelistvar) 372 if (arg_whitelistvar && whitelistvar == cnt_whitelistvar)
@@ -394,6 +401,7 @@ int main(int argc, char **argv) {
394 printf(" private-bin\t\t\t%d\n", cnt_privatebin); 401 printf(" private-bin\t\t\t%d\n", cnt_privatebin);
395 printf(" private-dev\t\t\t%d\n", cnt_privatedev); 402 printf(" private-dev\t\t\t%d\n", cnt_privatedev);
396 printf(" private-etc\t\t\t%d\n", cnt_privateetc); 403 printf(" private-etc\t\t\t%d\n", cnt_privateetc);
404 printf(" private-lib\t\t\t%d\n", cnt_privatelib);
397 printf(" private-tmp\t\t\t%d\n", cnt_privatetmp); 405 printf(" private-tmp\t\t\t%d\n", cnt_privatetmp);
398 printf(" whitelist home directory\t%d\n", cnt_whitelisthome); 406 printf(" whitelist home directory\t%d\n", cnt_whitelisthome);
399 printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar); 407 printf(" whitelist var\t\t%d (include whitelist-var-common.inc)\n", cnt_whitelistvar);
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-08 21:40:16 +0000