diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/include/common.h | 1 | ||||
-rw-r--r-- | src/lib/common.c | 60 | ||||
-rw-r--r-- | src/lib/pid.c | 16 |
3 files changed, 66 insertions, 11 deletions
diff --git a/src/include/common.h b/src/include/common.h index cd4b9c874..762a0262a 100644 --- a/src/include/common.h +++ b/src/include/common.h | |||
@@ -113,4 +113,5 @@ int join_namespace(pid_t pid, char *type); | |||
113 | int name2pid(const char *name, pid_t *pid); | 113 | int name2pid(const char *name, pid_t *pid); |
114 | char *pid_proc_comm(const pid_t pid); | 114 | char *pid_proc_comm(const pid_t pid); |
115 | char *pid_proc_cmdline(const pid_t pid); | 115 | char *pid_proc_cmdline(const pid_t pid); |
116 | int pid_proc_cmdline_x11(const pid_t pid); | ||
116 | #endif | 117 | #endif |
diff --git a/src/lib/common.c b/src/lib/common.c index 8ea926df1..fe5c62536 100644 --- a/src/lib/common.c +++ b/src/lib/common.c | |||
@@ -199,3 +199,63 @@ char *pid_proc_cmdline(const pid_t pid) { | |||
199 | } | 199 | } |
200 | return rv; | 200 | return rv; |
201 | } | 201 | } |
202 | |||
203 | // return 1 if firejail --x11 on command line | ||
204 | int pid_proc_cmdline_x11(const pid_t pid) { | ||
205 | // if comm is not firejail return 0 | ||
206 | char *comm = pid_proc_comm(pid); | ||
207 | if (strcmp(comm, "firejail") != 0) { | ||
208 | free(comm); | ||
209 | return 0; | ||
210 | } | ||
211 | free(comm); | ||
212 | |||
213 | // open /proc/pid/cmdline file | ||
214 | char *fname; | ||
215 | int fd; | ||
216 | if (asprintf(&fname, "/proc/%d/cmdline", pid) == -1) | ||
217 | return 0; | ||
218 | if ((fd = open(fname, O_RDONLY)) < 0) { | ||
219 | free(fname); | ||
220 | return 0; | ||
221 | } | ||
222 | free(fname); | ||
223 | |||
224 | // read file | ||
225 | unsigned char buffer[BUFLEN]; | ||
226 | ssize_t len; | ||
227 | if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { | ||
228 | close(fd); | ||
229 | return 0; | ||
230 | } | ||
231 | buffer[len] = '\0'; | ||
232 | close(fd); | ||
233 | |||
234 | // skip the first argument | ||
235 | int i; | ||
236 | for (i = 0; buffer[i] != '\0'; i++); | ||
237 | |||
238 | // parse remaining command line options | ||
239 | while (1) { | ||
240 | // extract argument | ||
241 | i++; | ||
242 | if (i >= len) | ||
243 | break; | ||
244 | char *arg = buffer + i; | ||
245 | |||
246 | // detect the last command line option | ||
247 | if (strcmp(arg, "--") == 0) | ||
248 | break; | ||
249 | if (strncmp(arg, "--", 2) != 0) | ||
250 | break; | ||
251 | |||
252 | // check x11 | ||
253 | if (strncmp(arg, "--x11", 5) == 0) | ||
254 | return 1; | ||
255 | i += strlen(arg); | ||
256 | } | ||
257 | return 0; | ||
258 | } | ||
259 | |||
260 | |||
261 | |||
diff --git a/src/lib/pid.c b/src/lib/pid.c index d1ade389e..bbb123b81 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c | |||
@@ -340,18 +340,12 @@ void pid_read(pid_t mon_pid) { | |||
340 | exit(1); | 340 | exit(1); |
341 | } | 341 | } |
342 | 342 | ||
343 | if (mon_pid == 0 && strncmp(ptr, "firejail", 8) == 0) { | 343 | if ((strncmp(ptr, "firejail", 8) == 0) && (mon_pid == 0 || mon_pid == pid)) { |
344 | pids[pid].level = 1; | 344 | if (pid_proc_cmdline_x11(pid)) |
345 | pids[pid].level = -1; | ||
346 | else | ||
347 | pids[pid].level = 1; | ||
345 | } | 348 | } |
346 | else if (mon_pid == pid && strncmp(ptr, "firejail", 8) == 0) { | ||
347 | pids[pid].level = 1; | ||
348 | } | ||
349 | // else if (mon_pid == 0 && strncmp(ptr, "lxc-execute", 11) == 0) { | ||
350 | // pids[pid].level = 1; | ||
351 | // } | ||
352 | // else if (mon_pid == pid && strncmp(ptr, "lxc-execute", 11) == 0) { | ||
353 | // pids[pid].level = 1; | ||
354 | // } | ||
355 | else | 349 | else |
356 | pids[pid].level = -1; | 350 | pids[pid].level = -1; |
357 | } | 351 | } |