From 20e643e967f67e08889f05a197d378faa3665343 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 17 Aug 2016 12:51:18 -0400 Subject: firemon fixes --- README.md | 12 ------------ src/include/common.h | 1 + src/lib/common.c | 5 +++-- src/lib/pid.c | 4 +--- 4 files changed, 5 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index ddb614620..13aeb51b0 100644 --- a/README.md +++ b/README.md @@ -57,19 +57,7 @@ TESTING: file TESTING: tar netblue@debian:~/work/github/firejail/test/sysutils$ TESTING ERROR 3.1 [...] -cd test/apps-x11; ./apps-x11.sh | grep TESTING -TESTING: xterm x11 -netblue@debian:~/work/github/firejail/test/apps-x11$ TESTING ERROR 5.1 -TESTING: firefox x11 -netblue@debian:~/work/github/firejail/test/apps-x11$ TESTING ERROR 5.1 -TESTING: chromium x11 -TESTING: transmission-gtk x11 -netblue@debian:~/work/github/firejail/test/apps-x11$ TESTING ERROR 5.1 -TESTING: icedove x11 -netblue@debian:~/work/github/firejail/test/apps-x11$ TESTING ERROR 5.1 -[...] ````` -"firemon --seccomp" and "firemon --caps" are misbehaving at the moment. ## Deprecated --user diff --git a/src/include/common.h b/src/include/common.h index cd4b9c874..762a0262a 100644 --- a/src/include/common.h +++ b/src/include/common.h @@ -113,4 +113,5 @@ int join_namespace(pid_t pid, char *type); int name2pid(const char *name, pid_t *pid); char *pid_proc_comm(const pid_t pid); char *pid_proc_cmdline(const pid_t pid); +int pid_proc_cmdline_x11(const pid_t pid); #endif diff --git a/src/lib/common.c b/src/lib/common.c index 885f31881..fe5c62536 100644 --- a/src/lib/common.c +++ b/src/lib/common.c @@ -242,7 +242,7 @@ int pid_proc_cmdline_x11(const pid_t pid) { if (i >= len) break; char *arg = buffer + i; - + // detect the last command line option if (strcmp(arg, "--") == 0) break; @@ -250,8 +250,9 @@ int pid_proc_cmdline_x11(const pid_t pid) { break; // check x11 - if (strcmp(arg, "--x11") == 0 || strncmp(arg, "--x11=", 6) == 0) + if (strncmp(arg, "--x11", 5) == 0) return 1; + i += strlen(arg); } return 0; } diff --git a/src/lib/pid.c b/src/lib/pid.c index 4540247a0..bbb123b81 100644 --- a/src/lib/pid.c +++ b/src/lib/pid.c @@ -341,10 +341,8 @@ void pid_read(pid_t mon_pid) { } if ((strncmp(ptr, "firejail", 8) == 0) && (mon_pid == 0 || mon_pid == pid)) { - if (pid_proc_cmdline_x11(pid)) { - printf("--x11 detected for pid %d\n", pid); + if (pid_proc_cmdline_x11(pid)) pids[pid].level = -1; - } else pids[pid].level = 1; } -- cgit v1.2.3-70-g09d2