From c59a19848dd37ac12bf024ba0cc295d3338116ae Mon Sep 17 00:00:00 2001 From: startx2017 Date: Thu, 14 Dec 2017 19:15:33 -0500 Subject: redirect output messages to stderr --- src/firejail/appimage.c | 3 +-- src/firejail/checkcfg.c | 6 ++---- src/firejail/firejail.h | 1 + src/firejail/fs.c | 3 +-- src/firejail/fs_etc.c | 3 +-- src/firejail/fs_lib.c | 6 ++---- src/firejail/fs_lib2.c | 6 ++---- src/firejail/fs_trace.c | 6 ++---- src/firejail/join.c | 3 +-- src/firejail/main.c | 23 +++++++++-------------- src/firejail/profile.c | 6 ++---- src/firejail/sandbox.c | 29 ++++++++++++----------------- src/firejail/util.c | 10 ++++++++++ src/firejail/x11.c | 9 +++------ src/fnet/arp.c | 4 ++-- src/fnet/fnet.h | 2 ++ src/fnet/interface.c | 4 ++-- src/fnet/main.c | 12 ++++++++++++ 18 files changed, 67 insertions(+), 69 deletions(-) diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 2a045f628..098601b6c 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c @@ -151,8 +151,7 @@ void appimage_clear(void) { for (i = 0; i < 5; i++) { rv = umount2(mntdir, MNT_FORCE); if (rv == 0) { - if (!arg_quiet) - printf("AppImage unmounted\n"); + fmessage("AppImage unmounted\n"); break; } diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index f101a8457..12e6d307a 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c @@ -150,8 +150,7 @@ int checkcfg(int val) { } // follow symlink in private-bin command else if (strncmp(ptr, "follow-symlink-private-bin ", 27) == 0) { - if (!arg_quiet) - fprintf(stderr, "Warning:follow-symlink-private-bin from firejail.config was deprecated\n"); + fwarning("follow-symlink-private-bin from firejail.config was deprecated\n"); } // nonewprivs else if (strncmp(ptr, "force-nonewprivs ", 17) == 0) { @@ -295,8 +294,7 @@ int checkcfg(int val) { goto errout; } else if (strncmp(ptr, "remount-proc-sys ", 17) == 0) { - if (!arg_quiet) - fprintf(stderr, "Warning: remount-proc-sys from firejail.config was deprecated\n"); + fwarning("remount-proc-sys from firejail.config was deprecated\n"); } else if (strncmp(ptr, "overlayfs ", 10) == 0) { if (strcmp(ptr + 10, "yes") == 0) diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index f7bebe1b6..3df6af7b6 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -484,6 +484,7 @@ uint32_t arp_assign(const char *dev, Bridge *br); // util.c void fwarning(char* fmt, ...); +void fmessage(char* fmt, ...); void drop_privs(int nogroups); int mkpath_as_root(const char* path); void extract_command_name(int index, char **argv); diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 4d99b70bd..29bac878a 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c @@ -959,8 +959,7 @@ void fs_overlayfs(void) { // issue #263 end code //*************************** } - if (!arg_quiet) - printf("OverlayFS configured in %s directory\n", basedir); + fmessage("OverlayFS configured in %s directory\n", basedir); // mount-bind dev directory if (arg_debug) diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c index 1fa1b83c3..dfaa1fdcf 100644 --- a/src/firejail/fs_etc.c +++ b/src/firejail/fs_etc.c @@ -176,6 +176,5 @@ void fs_private_dir_list(const char *private_dir, const char *private_run_dir, c errExit("mount bind"); fs_logger2("mount", private_dir); - if (!arg_quiet) - fprintf(stderr, "Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); + fmessage("Private %s installed in %0.2f ms\n", private_dir, timetrace_end()); } diff --git a/src/firejail/fs_lib.c b/src/firejail/fs_lib.c index d5cad2440..ad86d1fd8 100644 --- a/src/firejail/fs_lib.c +++ b/src/firejail/fs_lib.c @@ -369,14 +369,12 @@ void fs_private_lib(void) { } fclose(fp); } - if (!arg_quiet) - fprintf(stderr, "Program libraries installed in %0.2f ms\n", timetrace_end()); + fmessage("Program libraries installed in %0.2f ms\n", timetrace_end()); // install the reset of the system libraries fslib_install_system(); - if (!arg_quiet) - fprintf(stderr, "Installed %d libraries and %d directories\n", lib_cnt, dir_cnt); + fmessage("Installed %d libraries and %d directories\n", lib_cnt, dir_cnt); // bring in firejail directory for --trace options fslib_copy_dir(LIBDIR "/firejail"); diff --git a/src/firejail/fs_lib2.c b/src/firejail/fs_lib2.c index 4e49730f4..e2780afca 100644 --- a/src/firejail/fs_lib2.c +++ b/src/firejail/fs_lib2.c @@ -118,8 +118,7 @@ void fslib_install_stdc(void) { if (stat("/usr/lib/locale", &s) == 0) fslib_copy_dir("/usr/lib/locale"); - if (!arg_quiet) - fprintf(stderr, "Standard C library installed in %0.2f ms\n", timetrace_end()); + fmessage("Standard C library installed in %0.2f ms\n", timetrace_end()); } @@ -303,8 +302,7 @@ void fslib_install_system(void) { free(name); } - if (!arg_quiet) - fprintf(stderr, "%s installed in %0.2f ms\n", ptr->message, timetrace_end()); + fmessage("%s installed in %0.2f ms\n", ptr->message, timetrace_end()); } ptr++; } diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 496c2aa4e..472b69cb2 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c @@ -58,13 +58,11 @@ void fs_trace(void) { } else if (arg_tracelog) { fprintf(fp, "%s/libtracelog.so\n", prefix); - if (!arg_quiet) - printf("Blacklist violations are logged to syslog\n"); + fmessage("Blacklist violations are logged to syslog\n"); } if (arg_seccomp_postexec) { fprintf(fp, "%s/libpostexecseccomp.so\n", prefix); - if (!arg_quiet) - printf("Post-exec seccomp protector enabled\n"); + fmessage("Post-exec seccomp protector enabled\n"); } SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); diff --git a/src/firejail/join.c b/src/firejail/join.c index 4ce690737..e255161da 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c @@ -222,8 +222,7 @@ void join(pid_t pid, int argc, char **argv, int index) { pid_t child; if (find_child(pid, &child) == 0) { pid = child; - if (!arg_quiet) - printf("Switching to pid %u, the first child process inside the sandbox\n", (unsigned) pid); + fmessage("Switching to pid %u, the first child process inside the sandbox\n", (unsigned) pid); } } free(comm); diff --git a/src/firejail/main.c b/src/firejail/main.c index df758e11e..d0d80e62c 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -152,8 +152,8 @@ static void clear_atexit(void) { static void myexit(int rv) { logmsg("exiting..."); - if (!arg_command && !arg_quiet) - printf("\nParent is shutting down, bye...\n"); + if (!arg_command) + fmessage("\nParent is shutting down, bye...\n"); // delete sandbox files in shared memory @@ -166,10 +166,7 @@ static void myexit(int rv) { static void my_handler(int s){ EUID_ROOT(); - if (!arg_quiet) { - printf("\nParent received signal %d, shutting down the child process...\n", s); - fflush(0); - } + fmessage("\nParent received signal %d, shutting down the child process...\n", s); logsignal(s); kill(child, SIGTERM); myexit(1); @@ -1129,7 +1126,7 @@ int main(int argc, char **argv) { if (!arg_quiet) { arg_debug = 1; if (option_force) - printf("Entering sandbox-in-sandbox mode\n"); + fmessage("Entering sandbox-in-sandbox mode\n"); } } else if (strcmp(argv[i], "--debug-check-filename") == 0) @@ -1510,8 +1507,7 @@ int main(int argc, char **argv) { free(ppath); } else if (strncmp(argv[i], "--profile-path=", 15) == 0) { - if (!arg_quiet) - fprintf(stderr, "Warning: --profile-path has been deprecated\n"); + fwarning("--profile-path has been deprecated\n"); } else if (strcmp(argv[i], "--noprofile") == 0) { if (custom_profile) { @@ -1613,8 +1609,7 @@ int main(int argc, char **argv) { arg_machineid = 1; } else if (strcmp(argv[i], "--allow-private-blacklist") == 0) { - if (!arg_quiet) - fprintf(stderr, "Warning: --allow-private-blacklist was deprecated\n"); + fwarning("--allow-private-blacklist was deprecated\n"); } else if (strcmp(argv[i], "--private") == 0) { arg_private = 1; @@ -2434,8 +2429,8 @@ int main(int argc, char **argv) { exit(1); } - if (custom_profile && !arg_quiet) - printf("\n** Note: you can use --noprofile to disable %s.profile **\n\n", profile_name); + if (custom_profile) + fmessage("\n** Note: you can use --noprofile to disable %s.profile **\n\n", profile_name); } } @@ -2518,7 +2513,7 @@ int main(int argc, char **argv) { EUID_USER(); if (!arg_command && !arg_quiet) { - printf("Parent pid %u, child pid %u\n", sandbox_pid, child); + fmessage("Parent pid %u, child pid %u\n", sandbox_pid, child); // print the path of the new log directory if (getuid() == 0) // only for root printf("The new log directory is /proc/%d/root/var/log\n", child); diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 7d97842df..17a45bf0e 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -250,8 +250,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { return 0; } else if (strcmp(ptr, "allow-private-blacklist") == 0) { - if (!arg_quiet) - fprintf(stderr, "Warning: --allow-private-blacklist was deprecated\n"); + fmessage("--allow-private-blacklist was deprecated\n"); return 0; } else if (strcmp(ptr, "netfilter") == 0) { @@ -1274,8 +1273,7 @@ void profile_read(const char *fname) { continue; } if (!msg_printed) { - if (!arg_quiet) - fprintf(stderr, "Reading profile %s\n", fname); + fmessage("Reading profile %s\n", fname); msg_printed = 1; } diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 8754f05bb..23cdc07d1 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -53,10 +53,7 @@ int enforce_seccomp = 0; static int monitored_pid = 0; static void sandbox_handler(int sig){ - if (!arg_quiet) { - printf("\nChild received signal %d, shutting down the sandbox...\n", sig); - fflush(0); - } + fmessage("\nChild received signal %d, shutting down the sandbox...\n", sig); // broadcast sigterm to all processes in the group kill(-1, SIGTERM); @@ -298,13 +295,13 @@ static void print_time(void) { usleep(1000); unsigned long long onems = getticks() - end_timestamp; if (onems) { - printf("Child process initialized in %.02f ms\n", + fmessage("Child process initialized in %.02f ms\n", (float) (end_timestamp - start_timestamp) / (float) onems); return; } } - printf("Child process initialized\n"); + fmessage("Child process initialized\n"); } @@ -503,8 +500,7 @@ static void enforce_filters(void) { // drop all supplementary groups; /etc/group file inside chroot // is controlled by a regular usr arg_nogroups = 1; - if (!arg_quiet) - printf("Dropping all Linux capabilities and enforcing default seccomp filter\n"); + fmessage("Dropping all Linux capabilities and enforcing default seccomp filter\n"); } int sandbox(void* sandbox_arg) { @@ -642,28 +638,27 @@ int sandbox(void* sandbox_arg) { // print network configuration if (!arg_quiet) { if (any_bridge_configured() || any_interface_configured() || cfg.defaultgw || cfg.dns1) { - printf("\n"); + fmessage("\n"); if (any_bridge_configured() || any_interface_configured()) { -// net_ifprint(); if (arg_scan) sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 3, PATH_FNET, "printif", "scan"); else - sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, PATH_FNET, "printif", "scan"); + sbox_run(SBOX_ROOT | SBOX_CAPS_NETWORK | SBOX_SECCOMP, 2, PATH_FNET, "printif"); } if (cfg.defaultgw != 0) { if (gw_cfg_failed) - printf("Default gateway configuration failed\n"); + fmessage("Default gateway configuration failed\n"); else - printf("Default gateway %d.%d.%d.%d\n", PRINT_IP(cfg.defaultgw)); + fmessage("Default gateway %d.%d.%d.%d\n", PRINT_IP(cfg.defaultgw)); } if (cfg.dns1 != 0) - printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns1)); + fmessage("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns1)); if (cfg.dns2 != 0) - printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns2)); + fmessage("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns2)); if (cfg.dns3 != 0) - printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns3)); - printf("\n"); + fmessage("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns3)); + fmessage("\n"); } } diff --git a/src/firejail/util.c b/src/firejail/util.c index 0d703a1b6..6758a14e1 100644 --- a/src/firejail/util.c +++ b/src/firejail/util.c @@ -126,6 +126,16 @@ void fwarning(char* fmt, ...) { va_end(args); } +void fmessage(char* fmt, ...) { // TODO: this function is duplicated in src/fnet/interface.c + if (arg_quiet) + return; + + va_list args; + va_start(args,fmt); + vfprintf(stderr, fmt, args); + va_end(args); + fflush(0); +} void logsignal(int s) { if (!arg_debug) diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 18617e75f..8604e8bc8 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c @@ -360,8 +360,7 @@ void x11_start_xvfb(int argc, char **argv) { if (jail < 0) errExit("fork"); if (jail == 0) { - if (!arg_quiet) - printf("\n*** Attaching to Xvfb display %d ***\n\n", display); + fmessage("\n*** Attaching to Xvfb display %d ***\n\n", display); // running without privileges - see drop_privs call above assert(getenv("LD_PRELOAD") == NULL); @@ -776,8 +775,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { dup2(fd_null,2); } - if (!arg_quiet) - printf("\n*** Attaching to xpra display %d ***\n\n", display); + fmessage("\n*** Attaching to xpra display %d ***\n\n", display); // running without privileges - see drop_privs call above assert(getenv("LD_PRELOAD") == NULL); @@ -816,8 +814,7 @@ void x11_start_xpra_old(int argc, char **argv, int display, char *display_str) { exit(1); } - if (!arg_quiet) - printf("Xpra server pid %d, xpra client pid %d, jail %d\n", server, client, jail); + fmessage("Xpra server pid %d, xpra client pid %d, jail %d\n", server, client, jail); sleep(1); // adding a delay in order to let the server start diff --git a/src/fnet/arp.c b/src/fnet/arp.c index 4736f3509..00525229e 100644 --- a/src/fnet/arp.c +++ b/src/fnet/arp.c @@ -192,10 +192,10 @@ void arp_scan(const char *dev, uint32_t ifip, uint32_t ifmask) { // printing if (header_printed == 0) { - printf(" Network scan:\n"); + fmessage(" Network scan:\n"); header_printed = 1; } - printf(" %02x:%02x:%02x:%02x:%02x:%02x\t%d.%d.%d.%d\n", + fmessage(" %02x:%02x:%02x:%02x:%02x:%02x\t%d.%d.%d.%d\n", PRINT_MAC(hdr.sender_mac), PRINT_IP(ip)); } } diff --git a/src/fnet/fnet.h b/src/fnet/fnet.h index b4b7e6a37..78d6eb1c6 100644 --- a/src/fnet/fnet.h +++ b/src/fnet/fnet.h @@ -24,10 +24,12 @@ #include #include #include +#include #include "../include/common.h" // main.c extern int arg_quiet; +extern void fmessage(char* fmt, ...); // TODO: this function is duplicated in src/firejail/util.c // veth.c int net_create_veth(const char *dev, const char *nsdev, unsigned pid); diff --git a/src/fnet/interface.c b/src/fnet/interface.c index 8c1fd6ca4..d05c0d50d 100644 --- a/src/fnet/interface.c +++ b/src/fnet/interface.c @@ -172,7 +172,7 @@ void net_ifprint(int scan) { if (getifaddrs(&ifaddr) == -1) errExit("getifaddrs"); - printf("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n", + fmessage("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n", "Interface", "MAC", "IP", "Mask", "Status"); // walk through the linked list for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { @@ -208,7 +208,7 @@ void net_ifprint(int scan) { sprintf(macstr, "%02x:%02x:%02x:%02x:%02x:%02x", PRINT_MAC(mac)); // print - printf("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n", + fmessage("%-17.17s%-19.19s%-17.17s%-17.17s%-6.6s\n", ifa->ifa_name, macstr, ipstr, maskstr, status); // network scanning diff --git a/src/fnet/main.c b/src/fnet/main.c index f44760b5c..f746f9c7d 100644 --- a/src/fnet/main.c +++ b/src/fnet/main.c @@ -20,6 +20,18 @@ #include "fnet.h" int arg_quiet = 0; +void fmessage(char* fmt, ...) { // TODO: this function is duplicated in src/firejail/util.c + if (arg_quiet) + return; + + va_list args; + va_start(args,fmt); + vfprintf(stderr, fmt, args); + va_end(args); + fflush(0); +} + + static void usage(void) { printf("Usage:\n"); printf("\tfnet create veth dev1 dev2 bridge child\n"); -- cgit v1.2.3-54-g00ecf