From 8884df7f98e872d995c2d2bc76d4ffc3430e3629 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 15 Oct 2015 08:18:58 -0400 Subject: --quiet --- src/firejail/firejail.h | 1 + src/firejail/main.c | 12 ++++++++---- src/firejail/profile.c | 3 ++- src/firejail/sandbox.c | 37 +++++++++++++++++++------------------ src/firejail/usage.c | 1 + src/man/firejail.txt | 3 +++ 6 files changed, 34 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 4b2ecf0d9..8260886a4 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -176,6 +176,7 @@ extern int arg_private_bin; // private bin directory extern int arg_scan; // arp-scan all interfaces extern int arg_whitelist; // whitelist commad extern int arg_nosound; // disable sound +extern int arg_quiet; // no output for scripting extern int parent_to_child_fds[2]; extern int child_to_parent_fds[2]; diff --git a/src/firejail/main.c b/src/firejail/main.c index 14ba21db5..3d3d43878 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -86,6 +86,7 @@ int arg_private_bin = 0; // private bin directory int arg_scan = 0; // arp-scan all interfaces int arg_whitelist = 0; // whitelist commad int arg_nosound = 0; // disable sound +int arg_quiet = 0; // no output for scripting int parent_to_child_fds[2]; int child_to_parent_fds[2]; @@ -97,7 +98,7 @@ pid_t sandbox_pid; static void myexit(int rv) { logmsg("exiting..."); - if (!arg_command) + if (!arg_command && !arg_quiet) printf("\nparent is shutting down, bye...\n"); // delete sandbox files in shared memory @@ -108,7 +109,8 @@ static void myexit(int rv) { } static void my_handler(int s){ - printf("\nSignal %d caught, shutting down the child process\n", s); + if (!arg_quiet) + printf("\nSignal %d caught, shutting down the child process\n", s); logsignal(s); kill(child, SIGKILL); myexit(1); @@ -444,6 +446,8 @@ int main(int argc, char **argv) { if (strcmp(argv[i], "--debug") == 0) arg_debug = 1; + else if (strcmp(argv[i], "--quiet") == 0) + arg_quiet = 1; //************************************* // filtering @@ -1198,7 +1202,7 @@ int main(int argc, char **argv) { custom_profile = profile_find(profile_name, "/etc/firejail"); } - if (custom_profile) + if (custom_profile && !arg_quiet) printf("\n** Note: you can use --noprofile to disable %s.profile **\n\n", profile_name); } } @@ -1248,7 +1252,7 @@ int main(int argc, char **argv) { if (child == -1) errExit("clone"); - if (!arg_command) { + if (!arg_command && !arg_quiet) { printf("Parent pid %u, child pid %u\n", sandbox_pid, child); // print the path of the new log directory if (getuid() == 0) // only for root diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 5b18cc179..2e3790b3c 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -413,7 +413,8 @@ void profile_read(const char *fname, const char *skip1, const char *skip2) { exit(1); } - fprintf(stderr, "Reading profile %s\n", fname); + if (!arg_quiet) + fprintf(stderr, "Reading profile %s\n", fname); // read the file line by line char buf[MAX_READ + 1]; diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 50fe50380..6eab5fc4e 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -205,7 +205,8 @@ int sandbox(void* sandbox_arg) { // drop all supplementary groups; /etc/group file inside chroot // is controlled by a regular usr arg_nogroups = 1; - printf("Dropping all Linux capabilities and enforcing default seccomp filter\n"); + if (!arg_quiet) + printf("Dropping all Linux capabilities and enforcing default seccomp filter\n"); } //**************************** @@ -348,22 +349,22 @@ int sandbox(void* sandbox_arg) { fs_resolvconf(); // print network configuration - if (any_bridge_configured() || any_interface_configured() || cfg.defaultgw || cfg.dns1) { - printf("\n"); - if (any_bridge_configured() || any_interface_configured()) - net_ifprint(); - if (cfg.defaultgw != 0) - printf("Default gateway %d.%d.%d.%d\n", PRINT_IP(cfg.defaultgw)); - if (cfg.dns1 != 0) - printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns1)); - if (cfg.dns2 != 0) - printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns2)); - if (cfg.dns3 != 0) - printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns3)); - printf("\n"); + if (!arg_quiet) { + if (any_bridge_configured() || any_interface_configured() || cfg.defaultgw || cfg.dns1) { + printf("\n"); + if (any_bridge_configured() || any_interface_configured()) + net_ifprint(); + if (cfg.defaultgw != 0) + printf("Default gateway %d.%d.%d.%d\n", PRINT_IP(cfg.defaultgw)); + if (cfg.dns1 != 0) + printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns1)); + if (cfg.dns2 != 0) + printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns2)); + if (cfg.dns3 != 0) + printf("DNS server %d.%d.%d.%d\n", PRINT_IP(cfg.dns3)); + printf("\n"); + } } - - //**************************** // start executable @@ -483,7 +484,7 @@ int sandbox(void* sandbox_arg) { } } - if (!arg_command) + if (!arg_command && !arg_quiet) printf("Child process initialized\n"); execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]); } @@ -532,7 +533,7 @@ int sandbox(void* sandbox_arg) { } } - if (!arg_command) + if (!arg_command && !arg_quiet) printf("Child process initialized\n"); execvp(sh, arg); } diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 24969823f..096d44765 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -191,6 +191,7 @@ void usage(void) { printf("\t\tAll modifications are discarded when the sandbox is closed.\n\n"); printf("\t--profile=filename - use a custom profile.\n\n"); + printf("\t--quiet - turn off Firejail's output.\n\n"); printf("\t--read-only=dirname_or_filename - set directory or file read-only.\n\n"); printf("\t--rlimit-fsize=number - set the maximum file size that can be created\n"); printf("\t\tby a process.\n\n"); diff --git a/src/man/firejail.txt b/src/man/firejail.txt index cacd6abca..9d3595d16 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -823,6 +823,9 @@ Example: .br $ firejail \-\-profile=myprofile .TP +\fB\-\-quiet +Turn off Firejail's output. +.TP \fB\-\-read-only=dirname_or_filename Set directory or file read-only. .br -- cgit v1.2.3-54-g00ecf