diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libtrace/libtrace.c | 32 | ||||
| -rw-r--r-- | src/man/firejail.txt | 2 |
2 files changed, 19 insertions, 15 deletions
diff --git a/src/libtrace/libtrace.c b/src/libtrace/libtrace.c index edd409af5..a3d1571f7 100644 --- a/src/libtrace/libtrace.c +++ b/src/libtrace/libtrace.c | |||
| @@ -229,26 +229,26 @@ static char *translate(XTable *table, int val) { | |||
| 229 | return NULL; | 229 | return NULL; |
| 230 | } | 230 | } |
| 231 | 231 | ||
| 232 | static void print_sockaddr(const char *call, const struct sockaddr *addr, int rv) { | 232 | static void print_sockaddr(int sockfd, const char *call, const struct sockaddr *addr, int rv) { |
| 233 | if (addr->sa_family == AF_INET) { | 233 | if (addr->sa_family == AF_INET) { |
| 234 | struct sockaddr_in *a = (struct sockaddr_in *) addr; | 234 | struct sockaddr_in *a = (struct sockaddr_in *) addr; |
| 235 | printf("%u:%s:%s %s port %u:%d\n", pid(), name(), call, inet_ntoa(a->sin_addr), ntohs(a->sin_port), rv); | 235 | printf("%u:%s:%s %d %s port %u:%d\n", pid(), name(), call, sockfd, inet_ntoa(a->sin_addr), ntohs(a->sin_port), rv); |
| 236 | } | 236 | } |
| 237 | else if (addr->sa_family == AF_INET6) { | 237 | else if (addr->sa_family == AF_INET6) { |
| 238 | struct sockaddr_in6 *a = (struct sockaddr_in6 *) addr; | 238 | struct sockaddr_in6 *a = (struct sockaddr_in6 *) addr; |
| 239 | char str[INET6_ADDRSTRLEN]; | 239 | char str[INET6_ADDRSTRLEN]; |
| 240 | inet_ntop(AF_INET6, &(a->sin6_addr), str, INET6_ADDRSTRLEN); | 240 | inet_ntop(AF_INET6, &(a->sin6_addr), str, INET6_ADDRSTRLEN); |
| 241 | printf("%u:%s:%s %s:%d\n", pid(), name(), call, str, rv); | 241 | printf("%u:%s:%s %d %s:%d\n", pid(), name(), call, sockfd, str, rv); |
| 242 | } | 242 | } |
| 243 | else if (addr->sa_family == AF_UNIX) { | 243 | else if (addr->sa_family == AF_UNIX) { |
| 244 | struct sockaddr_un *a = (struct sockaddr_un *) addr; | 244 | struct sockaddr_un *a = (struct sockaddr_un *) addr; |
| 245 | if (a->sun_path[0]) | 245 | if (a->sun_path[0]) |
| 246 | printf("%u:%s:%s %s:%d\n", pid(), name(), call, a->sun_path, rv); | 246 | printf("%u:%s:%s %d %s:%d\n", pid(), name(), call, sockfd, a->sun_path, rv); |
| 247 | else | 247 | else |
| 248 | printf("%u:%s:%s @%s:%d\n", pid(), name(), call, a->sun_path + 1, rv); | 248 | printf("%u:%s:%s %d @%s:%d\n", pid(), name(), call, sockfd, a->sun_path + 1, rv); |
| 249 | } | 249 | } |
| 250 | else { | 250 | else { |
| 251 | printf("%u:%s:%s family %d:%d\n", pid(), name(), call, addr->sa_family, rv); | 251 | printf("%u:%s:%s %d family %d:%d\n", pid(), name(), call, sockfd, addr->sa_family, rv); |
| 252 | } | 252 | } |
| 253 | } | 253 | } |
| 254 | 254 | ||
| @@ -465,7 +465,7 @@ int connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { | |||
| 465 | orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect"); | 465 | orig_connect = (orig_connect_t)dlsym(RTLD_NEXT, "connect"); |
| 466 | 466 | ||
| 467 | int rv = orig_connect(sockfd, addr, addrlen); | 467 | int rv = orig_connect(sockfd, addr, addrlen); |
| 468 | print_sockaddr("connect", addr, rv); | 468 | print_sockaddr(sockfd, "connect", addr, rv); |
| 469 | 469 | ||
| 470 | return rv; | 470 | return rv; |
| 471 | } | 471 | } |
| @@ -500,11 +500,15 @@ int socket(int domain, int type, int protocol) { | |||
| 500 | else | 500 | else |
| 501 | ptr += sprintf(ptr, "%s ", str); | 501 | ptr += sprintf(ptr, "%s ", str); |
| 502 | 502 | ||
| 503 | str = translate(socket_protocol, protocol); | 503 | if (domain == AF_LOCAL) |
| 504 | if (str == NULL) | 504 | sprintf(ptr, "0"); |
| 505 | sprintf(ptr, "%d", protocol); | 505 | else { |
| 506 | else | 506 | str = translate(socket_protocol, protocol); |
| 507 | sprintf(ptr, "%s", str); | 507 | if (str == NULL) |
| 508 | sprintf(ptr, "%d", protocol); | ||
| 509 | else | ||
| 510 | sprintf(ptr, "%s", str); | ||
| 511 | } | ||
| 508 | 512 | ||
| 509 | printf("%s:%d\n", buf, rv); | 513 | printf("%s:%d\n", buf, rv); |
| 510 | return rv; | 514 | return rv; |
| @@ -518,7 +522,7 @@ int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen) { | |||
| 518 | orig_bind = (orig_bind_t)dlsym(RTLD_NEXT, "bind"); | 522 | orig_bind = (orig_bind_t)dlsym(RTLD_NEXT, "bind"); |
| 519 | 523 | ||
| 520 | int rv = orig_bind(sockfd, addr, addrlen); | 524 | int rv = orig_bind(sockfd, addr, addrlen); |
| 521 | print_sockaddr("bind", addr, rv); | 525 | print_sockaddr(sockfd, "bind", addr, rv); |
| 522 | 526 | ||
| 523 | return rv; | 527 | return rv; |
| 524 | } | 528 | } |
| @@ -531,7 +535,7 @@ int accept(int sockfd, struct sockaddr *addr, socklen_t addrlen) { | |||
| 531 | orig_accept = (orig_accept_t)dlsym(RTLD_NEXT, "accept"); | 535 | orig_accept = (orig_accept_t)dlsym(RTLD_NEXT, "accept"); |
| 532 | 536 | ||
| 533 | int rv = orig_accept(sockfd, addr, addrlen); | 537 | int rv = orig_accept(sockfd, addr, addrlen); |
| 534 | print_sockaddr("accept", addr, rv); | 538 | print_sockaddr(sockfd, "accept", addr, rv); |
| 535 | 539 | ||
| 536 | return rv; | 540 | return rv; |
| 537 | } | 541 | } |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 00f4cb367..d5c3bfe41 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -1053,7 +1053,7 @@ $ firejail \-\-profile-path=/home/netblue/myprofiles | |||
| 1053 | .TP | 1053 | .TP |
| 1054 | \fB\-\-protocol=protocol,protocol,protocol | 1054 | \fB\-\-protocol=protocol,protocol,protocol |
| 1055 | Enable protocol filter. The filter is based on seccomp and checks the first argument to socket system call. | 1055 | Enable protocol filter. The filter is based on seccomp and checks the first argument to socket system call. |
| 1056 | Recognized values: unix, inet, inet6, netlink and packet. | 1056 | Recognized values: unix, inet, inet6, netlink and packet. This option is not supported for i386 architecture. |
| 1057 | .br | 1057 | .br |
| 1058 | 1058 | ||
| 1059 | .br | 1059 | .br |