4 files changed, 109 insertions, 116 deletions
diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c
index 0a6a0bbf0..49e58528c 100644
--- a/src/firecfg/desktop_files.c
+++ b/src/firecfg/desktop_files.c
@@ -136,15 +136,9 @@ void fix_desktop_files(char *homedir) {
        // source
        DIR *dir = opendir("/usr/share/applications");
-        if (!dir) {
+        if (!dir || chdir("/usr/share/applications")) {
                perror("opendir");
-                fprintf(stderr, "Warning: cannot open /usr/share/applications directory, desktop files fixing skipped...\n");
+                fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n");
-                free(user_apps_dir);
-                return;
-        }
-        if (chdir("/usr/share/applications")) {
-                perror("chdir");
-                fprintf(stderr, "Warning: cannot chdir to /usr/share/applications, desktop files fixing skipped...\n");
                free(user_apps_dir);
                return;
        }
diff --git a/src/firecfg/main.c b/src/firecfg/main.c
index ab0fd53e3..e636dc385 100644
--- a/src/firecfg/main.c
+++ b/src/firecfg/main.c
@@ -21,38 +21,41 @@
 #include "firecfg.h"
 int arg_debug = 0;
+static char *usage_str =
+        "Firecfg is the desktop configuration utility for Firejail software. The utility\n"
+        "creates several symbolic links to firejail executable. This allows the user to\n"
+        "sandbox applications automatically, just by clicking on a regular desktop\n"
+        "menus and icons.\n\n"
+        "The symbolic links are placed in /usr/local/bin. For more information, see\n"
+        "DESKTOP INTEGRATION section in man 1 firejail.\n\n"
+        "Usage: firecfg [OPTIONS]\n\n"
+        "   --clean - remove all firejail symbolic links.\n\n"
+        "   --debug - print debug messages.\n\n"
+        "   --fix - fix .desktop files.\n\n"
+        "   --fix-sound - create ~/.config/pulse/client.conf file.\n\n"
+        "   --help, -? - this help screen.\n\n"
+        "   --list - list all firejail symbolic links.\n\n"
+        "   --version - print program version and exit.\n\n"
+        "Example:\n\n"
+        "   $ sudo firecfg\n"
+        "   /usr/local/bin/firefox created\n"
+        "   /usr/local/bin/vlc created\n"
+        "   [...]\n"
+        "   $ firecfg --list\n"
+        "   /usr/local/bin/firefox\n"
+        "   /usr/local/bin/vlc\n"
+        "   [...]\n"
+        "   $ sudo firecfg --clean\n"
+        "   /usr/local/bin/firefox removed\n"
+        "   /usr/local/bin/vlc removed\n"
+        "   [...]\n"
+        "\n"
+        "License GPL version 2 or later\n"
+        "Homepage: http://firejail.wordpress.com\n\n";
 static void usage(void) {
        printf("firecfg - version %s\n\n", VERSION);
-        printf("Firecfg is the desktop configuration utility for Firejail software. The utility\n");
+        puts(usage_str);
-        printf("creates several symbolic links to firejail executable. This allows the user to\n");
-        printf("sandbox applications automatically, just by clicking on a regular desktop\n");
-        printf("menus and icons.\n\n");
-        printf("The symbolic links are placed in /usr/local/bin. For more information, see\n");
-        printf("DESKTOP INTEGRATION section in man 1 firejail.\n\n");
-        printf("Usage: firecfg [OPTIONS]\n\n");
-        printf("   --clean - remove all firejail symbolic links.\n\n");
-        printf("   --debug - print debug messages.\n\n");
-        printf("   --fix - fix .desktop files.\n\n");
-        printf("   --fix-sound - create ~/.config/pulse/client.conf file.\n\n");
-        printf("   --help, -? - this help screen.\n\n");
-        printf("   --list - list all firejail symbolic links.\n\n");
-        printf("   --version - print program version and exit.\n\n");
-        printf("Example:\n\n");
-        printf("   $ sudo firecfg\n");
-        printf("   /usr/local/bin/firefox created\n");
-        printf("   /usr/local/bin/vlc created\n");
-        printf("   [...]\n");
-        printf("   $ firecfg --list\n");
-        printf("   /usr/local/bin/firefox\n");
-        printf("   /usr/local/bin/vlc\n");
-        printf("   [...]\n");
-        printf("   $ sudo firecfg --clean\n");
-        printf("   /usr/local/bin/firefox removed\n");
-        printf("   /usr/local/bin/vlc removed\n");
-        printf("   [...]\n");
-        printf("\n");
-        printf("License GPL version 2 or later\n");
-        printf("Homepage: http://firejail.wordpress.com\n\n");
 }
diff --git a/src/firemon/usage.c b/src/firemon/usage.c
index 617f4dacd..37bd4e874 100644
--- a/src/firemon/usage.c
+++ b/src/firemon/usage.c
@@ -19,62 +19,65 @@
 */
 #include "firemon.h"
-void usage(void) {
+static char *help_str =
-        printf("firemon - version %s\n", VERSION);
+        "Usage: firemon [OPTIONS] [PID]\n\n"
-        printf("Usage: firemon [OPTIONS] [PID]\n\n");
+        "Monitor processes started in a Firejail sandbox. Without any PID specified,\n"
-        printf("Monitor processes started in a Firejail sandbox. Without any PID specified,\n");
+        "all processes started by Firejail are monitored. Descendants of these processes\n"
-        printf("all processes started by Firejail are monitored. Descendants of these processes\n");
+        "are also being monitored. On Grsecurity systems only root user\n"
-        printf("are also being monitored. On Grsecurity systems only root user\n");
+        "can run this program.\n\n"
-        printf("can run this program.\n\n");
+        "Options:\n"
-        printf("Options:\n");
+        "\t--apparmor - print AppArmor confinement status for each sandbox.\n\n"
-        printf("\t--apparmor - print AppArmor confinement status for each sandbox.\n\n");
+        "\t--arp - print ARP table for each sandbox.\n\n"
-        printf("\t--arp - print ARP table for each sandbox.\n\n");
+        "\t--caps - print capabilities configuration for each sandbox.\n\n"
-        printf("\t--caps - print capabilities configuration for each sandbox.\n\n");
+        "\t--cgroup - print control group information for each sandbox.\n\n"
-        printf("\t--cgroup - print control group information for each sandbox.\n\n");
+        "\t--cpu - print CPU affinity for each sandbox.\n\n"
-        printf("\t--cpu - print CPU affinity for each sandbox.\n\n");
+        "\t--help, -? - this help screen.\n\n"
-        printf("\t--help, -? - this help screen.\n\n");
+        "\t--interface - print network interface information for each sandbox.\n\n"
-        printf("\t--interface - print network interface information for each sandbox.\n\n");
+        "\t--list - list all sandboxes.\n\n"
-        printf("\t--list - list all sandboxes.\n\n");
+        "\t--name=name - print information only about named sandbox.\n\n"
-        printf("\t--name=name - print information only about named sandbox.\n\n");
+        "\t--netstats - monitor network statistics for sandboxes creating a new\n"
-        printf("\t--netstats - monitor network statistics for sandboxes creating a new\n");
+        "\t\tnetwork namespace.\n\n"
-        printf("\t\tnetwork namespace.\n\n");
+        "\t--nowrap - enable line wrapping in terminals.\n\n"
-        printf("\t--nowrap - enable line wrapping in terminals.\n\n");
+        "\t--route - print route table for each sandbox.\n\n"
-        printf("\t--route - print route table for each sandbox.\n\n");
+        "\t--seccomp - print seccomp configuration for each sandbox.\n\n"
-        printf("\t--seccomp - print seccomp configuration for each sandbox.\n\n");
+        "\t--tree - print a tree of all sandboxed processes.\n\n"
-        printf("\t--tree - print a tree of all sandboxed processes.\n\n");
+        "\t--top - monitor the most CPU-intensive sandboxes.\n\n"
-        printf("\t--top - monitor the most CPU-intensive sandboxes.\n\n");
+        "\t--version - print program version and exit.\n\n"
-        printf("\t--version - print program version and exit.\n\n");
+        "Without any options, firemon monitors all fork, exec, id change, and exit\n"
+        "events in the sandbox. Monitoring a specific PID is also supported.\n\n"
-        printf("Without any options, firemon monitors all fork, exec, id change, and exit events\n");
+        "Option --list prints a list of all sandboxes. The format for each entry is as\n"
-        printf("in the sandbox. Monitoring a specific PID is also supported.\n\n");
+        "follows:\n\n"
+        "\tPID:USER:Command\n\n"
-        printf("Option --list prints a list of all sandboxes. The format for each entry is as\n");
+        "Option --tree prints the tree of processes running in the sandbox. The format\n"
-        printf("follows:\n\n");
+        "for each process entry is as follows:\n\n"
-        printf("\tPID:USER:Command\n\n");
+        "\tPID:USER:Command\n\n"
-        printf("Option --tree prints the tree of processes running in the sandbox. The format\n");
+        "Option --top is similar to the UNIX top command, however it applies only to\n"
-        printf("for each process entry is as follows:\n\n");
+        "sandboxes. Listed below are the available fields (columns) in alphabetical\n"
-        printf("\tPID:USER:Command\n\n");
+        "order:\n\n"
+        "\tCommand - command used to start the sandbox.\n"
+        "\tCPU%% - CPU usage, the sandbox share of the elapsed CPU time since the\n"
+        "\t       last screen update\n"
+        "\tPID - Unique process ID for the task controlling the sandbox.\n"
+        "\tPrcs - number of processes running in sandbox, including the\n"
+        "\t       controlling process.\n"
+        "\tRES - Resident Memory Size (KiB), sandbox non-swapped physical memory.\n"
+        "\t      It is a sum of the RES values for all processes running in the\n"
+        "\t      sandbox.\n"
+        "\tSHR - Shared Memory Size (KiB), it reflects memory shared with other\n"
+        "\t      processes. It is a sum of the SHR values for all processes\n"
+        "\t      running in the sandbox, including the controlling process.\n"
+        "\tUptime - sandbox running time in hours:minutes:seconds format.\n"
+        "\tUser - The owner of the sandbox.\n"
+        "\n"
+        "License GPL version 2 or later\n"
+        "Homepage: http://firejail.wordpress.com\n"
+        "\n";
-        printf("Option --top is similar to the UNIX top command, however it applies only to\n");
+void usage(void) {
-        printf("sandboxes. Listed below are the available fields (columns) in alphabetical\n");
+        printf("firemon - version %s\n", VERSION);
-        printf("order:\n\n");
+        puts(help_str);
-        printf("\tCommand - command used to start the sandbox.\n");
-        printf("\tCPU%% - CPU usage, the sandbox share of the elapsed CPU time since the\n");
-        printf("\t       last screen update\n");
-        printf("\tPID - Unique process ID for the task controlling the sandbox.\n");
-        printf("\tPrcs - number of processes running in sandbox, including the controlling\n");
-        printf("\t       process.\n");
-        printf("\tRES - Resident Memory Size (KiB), sandbox non-swapped physical memory.\n");
-        printf("\t      It is a sum of the RES values for all processes running in the\n");
-        printf("\t      sandbox.\n");
-        printf("\tSHR - Shared Memory Size (KiB), it reflects memory shared with other\n");
-        printf("\t      processes. It is a sum of the SHR values for all processes running\n");
-        printf("\t      in the sandbox, including the controlling process.\n");
-        printf("\tUptime - sandbox running time in hours:minutes:seconds format.\n");
-        printf("\tUser - The owner of the sandbox.\n");
-        printf("\n");
-        printf("License GPL version 2 or later\n");
-        printf("Homepage: http://firejail.wordpress.com\n");
-        printf("\n");
 }
diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c
index 828b30d40..ba58ba3c9 100644
--- a/src/fnetfilter/main.c
+++ b/src/fnetfilter/main.c
@@ -50,19 +50,20 @@ static void usage(void) {
        printf("\tfnetfilter netfilter-command destination-file\n");
 }
+static void err_exit_cannot_open_file(const char *fname) {
+        fprintf(stderr, "Error fnetfilter: cannot open %s\n", fname);
+        exit(1);
+}
 static void copy(const char *src, const char *dest) {
        FILE *fp1 = fopen(src, "r");
-        if (!fp1) {
+        if (!fp1)
-                fprintf(stderr, "Error fnetfilter: cannot open %s\n", src);
+                err_exit_cannot_open_file(src);
-                exit(1);
-        }
        FILE *fp2 = fopen(dest, "w");
-        if (!fp2) {
+        if (!fp2)
-                fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest);
+                err_exit_cannot_open_file(dest);
-                exit(1);
-        }
        char buf[MAXBUF];
        while (fgets(buf, MAXBUF, fp1))
@@ -106,16 +107,12 @@ for (i = 0; i < argcnt; i++)
        // open the files
        FILE *fp1 = fopen(src, "r");
-        if (!fp1) {
+        if (!fp1)
-                fprintf(stderr, "Error fnetfilter: cannot open %s\n", src);
+                err_exit_cannot_open_file(src);
-                exit(1);
-        }
        FILE *fp2 = fopen(dest, "w");
-        if (!fp2) {
+        if (!fp2)
-                fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest);
+                err_exit_cannot_open_file(dest);
-                exit(1);
-        }
        int line = 0;
        char buf[MAXBUF];
@@ -186,19 +183,15 @@ printf("\n");
 //printf("destfile %s\n", destfile);
        // destfile is a real filename
        int len = strlen(destfile);
-        if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) {
+        if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len)
-                fprintf(stderr, "Error fnetfilter: invalid destination file in netfilter command\n");
+                err_exit_cannot_open_file(destfile);
-                exit(1);
-        }
        // handle default config (command = NULL, destfile)
        if (command == NULL) {
                // create a default filter file
                FILE *fp = fopen(destfile, "w");
-                if (!fp) {
+                if (!fp)
-                        fprintf(stderr, "Error fnetfilter: cannot open %s\n", destfile);
+                        err_exit_cannot_open_file(destfile);
-                        exit(1);
-                }
                fprintf(fp, "%s\n", default_filter);
                fclose(fp);
        }

diff --git a/src/firecfg/desktop_files.c b/src/firecfg/desktop_files.c index 0a6a0bbf0..49e58528c 100644 --- a/src/firecfg/desktop_files.c +++ b/src/firecfg/desktop_files.c
@@ -136,15 +136,9 @@ void fix_desktop_files(char *homedir) {
136		136
137	// source	137	// source
138	DIR *dir = opendir("/usr/share/applications");	138	DIR *dir = opendir("/usr/share/applications");
139	if (!dir) {	139	if (!dir \|\| chdir("/usr/share/applications")) {
140	perror("opendir");	140	perror("opendir");
141	fprintf(stderr, "Warning: cannot open /usr/share/applications directory, desktop files fixing skipped...\n");	141	fprintf(stderr, "Warning: cannot access /usr/share/applications directory, desktop files fixing skipped...\n");
142	free(user_apps_dir);
143	return;
144	}
145	if (chdir("/usr/share/applications")) {
146	perror("chdir");
147	fprintf(stderr, "Warning: cannot chdir to /usr/share/applications, desktop files fixing skipped...\n");
148	free(user_apps_dir);	142	free(user_apps_dir);
149	return;	143	return;
150	}	144	}


diff --git a/src/firecfg/main.c b/src/firecfg/main.c index ab0fd53e3..e636dc385 100644 --- a/src/firecfg/main.c +++ b/src/firecfg/main.c
@@ -21,38 +21,41 @@
21	#include "firecfg.h"	21	#include "firecfg.h"
22	int arg_debug = 0;	22	int arg_debug = 0;
23		23
		24	static char *usage_str =
		25	"Firecfg is the desktop configuration utility for Firejail software. The utility\n"
		26	"creates several symbolic links to firejail executable. This allows the user to\n"
		27	"sandbox applications automatically, just by clicking on a regular desktop\n"
		28	"menus and icons.\n\n"
		29	"The symbolic links are placed in /usr/local/bin. For more information, see\n"
		30	"DESKTOP INTEGRATION section in man 1 firejail.\n\n"
		31	"Usage: firecfg [OPTIONS]\n\n"
		32	" --clean - remove all firejail symbolic links.\n\n"
		33	" --debug - print debug messages.\n\n"
		34	" --fix - fix .desktop files.\n\n"
		35	" --fix-sound - create ~/.config/pulse/client.conf file.\n\n"
		36	" --help, -? - this help screen.\n\n"
		37	" --list - list all firejail symbolic links.\n\n"
		38	" --version - print program version and exit.\n\n"
		39	"Example:\n\n"
		40	" $ sudo firecfg\n"
		41	" /usr/local/bin/firefox created\n"
		42	" /usr/local/bin/vlc created\n"
		43	" [...]\n"
		44	" $ firecfg --list\n"
		45	" /usr/local/bin/firefox\n"
		46	" /usr/local/bin/vlc\n"
		47	" [...]\n"
		48	" $ sudo firecfg --clean\n"
		49	" /usr/local/bin/firefox removed\n"
		50	" /usr/local/bin/vlc removed\n"
		51	" [...]\n"
		52	"\n"
		53	"License GPL version 2 or later\n"
		54	"Homepage: http://firejail.wordpress.com\n\n";
		55
24	static void usage(void) {	56	static void usage(void) {
25	printf("firecfg - version %s\n\n", VERSION);	57	printf("firecfg - version %s\n\n", VERSION);
26	printf("Firecfg is the desktop configuration utility for Firejail software. The utility\n");	58	puts(usage_str);
27	printf("creates several symbolic links to firejail executable. This allows the user to\n");
28	printf("sandbox applications automatically, just by clicking on a regular desktop\n");
29	printf("menus and icons.\n\n");
30	printf("The symbolic links are placed in /usr/local/bin. For more information, see\n");
31	printf("DESKTOP INTEGRATION section in man 1 firejail.\n\n");
32	printf("Usage: firecfg [OPTIONS]\n\n");
33	printf(" --clean - remove all firejail symbolic links.\n\n");
34	printf(" --debug - print debug messages.\n\n");
35	printf(" --fix - fix .desktop files.\n\n");
36	printf(" --fix-sound - create ~/.config/pulse/client.conf file.\n\n");
37	printf(" --help, -? - this help screen.\n\n");
38	printf(" --list - list all firejail symbolic links.\n\n");
39	printf(" --version - print program version and exit.\n\n");
40	printf("Example:\n\n");
41	printf(" $ sudo firecfg\n");
42	printf(" /usr/local/bin/firefox created\n");
43	printf(" /usr/local/bin/vlc created\n");
44	printf(" [...]\n");
45	printf(" $ firecfg --list\n");
46	printf(" /usr/local/bin/firefox\n");
47	printf(" /usr/local/bin/vlc\n");
48	printf(" [...]\n");
49	printf(" $ sudo firecfg --clean\n");
50	printf(" /usr/local/bin/firefox removed\n");
51	printf(" /usr/local/bin/vlc removed\n");
52	printf(" [...]\n");
53	printf("\n");
54	printf("License GPL version 2 or later\n");
55	printf("Homepage: http://firejail.wordpress.com\n\n");
56	}	59	}
57		60
58		61


diff --git a/src/firemon/usage.c b/src/firemon/usage.c index 617f4dacd..37bd4e874 100644 --- a/src/firemon/usage.c +++ b/src/firemon/usage.c
@@ -19,62 +19,65 @@
19	*/	19	*/
20	#include "firemon.h"	20	#include "firemon.h"
21		21
22	void usage(void) {	22	static char *help_str =
23	printf("firemon - version %s\n", VERSION);	23	"Usage: firemon [OPTIONS] [PID]\n\n"
24	printf("Usage: firemon [OPTIONS] [PID]\n\n");	24	"Monitor processes started in a Firejail sandbox. Without any PID specified,\n"
25	printf("Monitor processes started in a Firejail sandbox. Without any PID specified,\n");	25	"all processes started by Firejail are monitored. Descendants of these processes\n"
26	printf("all processes started by Firejail are monitored. Descendants of these processes\n");	26	"are also being monitored. On Grsecurity systems only root user\n"
27	printf("are also being monitored. On Grsecurity systems only root user\n");	27	"can run this program.\n\n"
28	printf("can run this program.\n\n");	28	"Options:\n"
29	printf("Options:\n");	29	"\t--apparmor - print AppArmor confinement status for each sandbox.\n\n"
30	printf("\t--apparmor - print AppArmor confinement status for each sandbox.\n\n");	30	"\t--arp - print ARP table for each sandbox.\n\n"
31	printf("\t--arp - print ARP table for each sandbox.\n\n");	31	"\t--caps - print capabilities configuration for each sandbox.\n\n"
32	printf("\t--caps - print capabilities configuration for each sandbox.\n\n");	32	"\t--cgroup - print control group information for each sandbox.\n\n"
33	printf("\t--cgroup - print control group information for each sandbox.\n\n");	33	"\t--cpu - print CPU affinity for each sandbox.\n\n"
34	printf("\t--cpu - print CPU affinity for each sandbox.\n\n");	34	"\t--help, -? - this help screen.\n\n"
35	printf("\t--help, -? - this help screen.\n\n");	35	"\t--interface - print network interface information for each sandbox.\n\n"
36	printf("\t--interface - print network interface information for each sandbox.\n\n");	36	"\t--list - list all sandboxes.\n\n"
37	printf("\t--list - list all sandboxes.\n\n");	37	"\t--name=name - print information only about named sandbox.\n\n"
38	printf("\t--name=name - print information only about named sandbox.\n\n");	38	"\t--netstats - monitor network statistics for sandboxes creating a new\n"
39	printf("\t--netstats - monitor network statistics for sandboxes creating a new\n");	39	"\t\tnetwork namespace.\n\n"
40	printf("\t\tnetwork namespace.\n\n");	40	"\t--nowrap - enable line wrapping in terminals.\n\n"
41	printf("\t--nowrap - enable line wrapping in terminals.\n\n");	41	"\t--route - print route table for each sandbox.\n\n"
42	printf("\t--route - print route table for each sandbox.\n\n");	42	"\t--seccomp - print seccomp configuration for each sandbox.\n\n"
43	printf("\t--seccomp - print seccomp configuration for each sandbox.\n\n");	43	"\t--tree - print a tree of all sandboxed processes.\n\n"
44	printf("\t--tree - print a tree of all sandboxed processes.\n\n");	44	"\t--top - monitor the most CPU-intensive sandboxes.\n\n"
45	printf("\t--top - monitor the most CPU-intensive sandboxes.\n\n");	45	"\t--version - print program version and exit.\n\n"
46	printf("\t--version - print program version and exit.\n\n");	46
		47	"Without any options, firemon monitors all fork, exec, id change, and exit\n"
		48	"events in the sandbox. Monitoring a specific PID is also supported.\n\n"
47		49
48	printf("Without any options, firemon monitors all fork, exec, id change, and exit events\n");	50	"Option --list prints a list of all sandboxes. The format for each entry is as\n"
49	printf("in the sandbox. Monitoring a specific PID is also supported.\n\n");	51	"follows:\n\n"
		52	"\tPID:USER:Command\n\n"
50		53
51	printf("Option --list prints a list of all sandboxes. The format for each entry is as\n");	54	"Option --tree prints the tree of processes running in the sandbox. The format\n"
52	printf("follows:\n\n");	55	"for each process entry is as follows:\n\n"
53	printf("\tPID:USER:Command\n\n");	56	"\tPID:USER:Command\n\n"
54		57
55	printf("Option --tree prints the tree of processes running in the sandbox. The format\n");	58	"Option --top is similar to the UNIX top command, however it applies only to\n"
56	printf("for each process entry is as follows:\n\n");	59	"sandboxes. Listed below are the available fields (columns) in alphabetical\n"
57	printf("\tPID:USER:Command\n\n");	60	"order:\n\n"
		61	"\tCommand - command used to start the sandbox.\n"
		62	"\tCPU%% - CPU usage, the sandbox share of the elapsed CPU time since the\n"
		63	"\t last screen update\n"
		64	"\tPID - Unique process ID for the task controlling the sandbox.\n"
		65	"\tPrcs - number of processes running in sandbox, including the\n"
		66	"\t controlling process.\n"
		67	"\tRES - Resident Memory Size (KiB), sandbox non-swapped physical memory.\n"
		68	"\t It is a sum of the RES values for all processes running in the\n"
		69	"\t sandbox.\n"
		70	"\tSHR - Shared Memory Size (KiB), it reflects memory shared with other\n"
		71	"\t processes. It is a sum of the SHR values for all processes\n"
		72	"\t running in the sandbox, including the controlling process.\n"
		73	"\tUptime - sandbox running time in hours:minutes:seconds format.\n"
		74	"\tUser - The owner of the sandbox.\n"
		75	"\n"
		76	"License GPL version 2 or later\n"
		77	"Homepage: http://firejail.wordpress.com\n"
		78	"\n";
58		79
59	printf("Option --top is similar to the UNIX top command, however it applies only to\n");	80	void usage(void) {
60	printf("sandboxes. Listed below are the available fields (columns) in alphabetical\n");	81	printf("firemon - version %s\n", VERSION);
61	printf("order:\n\n");	82	puts(help_str);
62	printf("\tCommand - command used to start the sandbox.\n");
63	printf("\tCPU%% - CPU usage, the sandbox share of the elapsed CPU time since the\n");
64	printf("\t last screen update\n");
65	printf("\tPID - Unique process ID for the task controlling the sandbox.\n");
66	printf("\tPrcs - number of processes running in sandbox, including the controlling\n");
67	printf("\t process.\n");
68	printf("\tRES - Resident Memory Size (KiB), sandbox non-swapped physical memory.\n");
69	printf("\t It is a sum of the RES values for all processes running in the\n");
70	printf("\t sandbox.\n");
71	printf("\tSHR - Shared Memory Size (KiB), it reflects memory shared with other\n");
72	printf("\t processes. It is a sum of the SHR values for all processes running\n");
73	printf("\t in the sandbox, including the controlling process.\n");
74	printf("\tUptime - sandbox running time in hours:minutes:seconds format.\n");
75	printf("\tUser - The owner of the sandbox.\n");
76	printf("\n");
77	printf("License GPL version 2 or later\n");
78	printf("Homepage: http://firejail.wordpress.com\n");
79	printf("\n");
80	}	83	}


diff --git a/src/fnetfilter/main.c b/src/fnetfilter/main.c index 828b30d40..ba58ba3c9 100644 --- a/src/fnetfilter/main.c +++ b/src/fnetfilter/main.c
@@ -50,19 +50,20 @@ static void usage(void) {
50	printf("\tfnetfilter netfilter-command destination-file\n");	50	printf("\tfnetfilter netfilter-command destination-file\n");
51	}	51	}
52		52
		53	static void err_exit_cannot_open_file(const char *fname) {
		54	fprintf(stderr, "Error fnetfilter: cannot open %s\n", fname);
		55	exit(1);
		56	}
		57
53		58
54	static void copy(const char src, const char dest) {	59	static void copy(const char src, const char dest) {
55	FILE *fp1 = fopen(src, "r");	60	FILE *fp1 = fopen(src, "r");
56	if (!fp1) {	61	if (!fp1)
57	fprintf(stderr, "Error fnetfilter: cannot open %s\n", src);	62	err_exit_cannot_open_file(src);
58	exit(1);
59	}
60		63
61	FILE *fp2 = fopen(dest, "w");	64	FILE *fp2 = fopen(dest, "w");
62	if (!fp2) {	65	if (!fp2)
63	fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest);	66	err_exit_cannot_open_file(dest);
64	exit(1);
65	}
66		67
67	char buf[MAXBUF];	68	char buf[MAXBUF];
68	while (fgets(buf, MAXBUF, fp1))	69	while (fgets(buf, MAXBUF, fp1))
@@ -106,16 +107,12 @@ for (i = 0; i < argcnt; i++)
106		107
107	// open the files	108	// open the files
108	FILE *fp1 = fopen(src, "r");	109	FILE *fp1 = fopen(src, "r");
109	if (!fp1) {	110	if (!fp1)
110	fprintf(stderr, "Error fnetfilter: cannot open %s\n", src);	111	err_exit_cannot_open_file(src);
111	exit(1);
112	}
113		112
114	FILE *fp2 = fopen(dest, "w");	113	FILE *fp2 = fopen(dest, "w");
115	if (!fp2) {	114	if (!fp2)
116	fprintf(stderr, "Error fnetfilter: cannot open %s\n", dest);	115	err_exit_cannot_open_file(dest);
117	exit(1);
118	}
119		116
120	int line = 0;	117	int line = 0;
121	char buf[MAXBUF];	118	char buf[MAXBUF];
@@ -186,19 +183,15 @@ printf("\n");
186	//printf("destfile %s\n", destfile);	183	//printf("destfile %s\n", destfile);
187	// destfile is a real filename	184	// destfile is a real filename
188	int len = strlen(destfile);	185	int len = strlen(destfile);
189	if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len) {	186	if (strcspn(destfile, "\\&!?\"'<>%^(){};,*[]") != (size_t)len)
190	fprintf(stderr, "Error fnetfilter: invalid destination file in netfilter command\n");	187	err_exit_cannot_open_file(destfile);
191	exit(1);
192	}
193		188
194	// handle default config (command = NULL, destfile)	189	// handle default config (command = NULL, destfile)
195	if (command == NULL) {	190	if (command == NULL) {
196	// create a default filter file	191	// create a default filter file
197	FILE *fp = fopen(destfile, "w");	192	FILE *fp = fopen(destfile, "w");
198	if (!fp) {	193	if (!fp)
199	fprintf(stderr, "Error fnetfilter: cannot open %s\n", destfile);	194	err_exit_cannot_open_file(destfile);
200	exit(1);
201	}
202	fprintf(fp, "%s\n", default_filter);	195	fprintf(fp, "%s\n", default_filter);
203	fclose(fp);	196	fclose(fp);
204	}	197	}