From 873b9d161f4d87a87af78d5074016a5749588513 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Sun, 6 Dec 2015 13:11:00 -0500 Subject: traclog added to various profiles --- src/firejail/fs_trace.c | 5 ++++- src/firejail/profile.c | 4 ++++ src/man/firejail-profile.txt | 4 +++- 3 files changed, 11 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index f555a6693..55a1b9c7a 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c @@ -59,8 +59,11 @@ void fs_trace(void) { errExit("fopen"); if (arg_trace) fprintf(fp, "%s/firejail/libtrace.so\n", LIBDIR); - else if (arg_tracelog) + else if (arg_tracelog) { fprintf(fp, "%s/firejail/libtracelog.so\n", LIBDIR); + if (!arg_quiet) + printf("Blacklist violations are logged to syslog\n"); + } else assert(0); diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 50fdeda7e..366a56e13 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -120,6 +120,10 @@ int profile_check_line(char *ptr, int lineno) { arg_shell_none = 1; return 0; } + else if (strcmp(ptr, "tracelog") == 0) { + arg_tracelog = 1; + return 0; + } else if (strcmp(ptr, "private") == 0) { arg_private = 1; return 0; diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 90aca5130..600b82d3d 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -158,7 +158,9 @@ All modifications are discarded when the sandbox is closed. Build a new user home in a temporary filesystem, and mount-bind file_or_directory. The modifications to file_or_directory are persistent, everything else is discarded when the sandbox is closed. - +.TP +\f\ tracelog +Blacklist violations logged to syslog. .SH Filters \fBcaps\fR and \fBseccomp\fR enable Linux capabilities and seccomp filters. Examples: -- cgit v1.2.3-54-g00ecf