github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-21 06:45:29 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 1

added sandbox name support in firemon

Browse source
This commit is contained in:
netblue30 2018-03-21 08:56:54 -04:00
parent e27481169f
commit 57ffc35a8e
5 changed files with 60 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

1
RELNOTES
View file

@ -23,6 +23,7 @@ firejail (0.9.53) baseline; urgency=low
* whitelist support for overlay and chroot sandboxes * whitelist support for overlay and chroot sandboxes
* private-dev support for overlay and chroot sandboxes * private-dev support for overlay and chroot sandboxes
* private-tmp support for overlay and chroot sandboxes * private-tmp support for overlay and chroot sandboxes
* added sandbox name support in firemon
* new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
* new profiles: discord-canary, pycharm-community, pycharm-professional, * new profiles: discord-canary, pycharm-community, pycharm-professional,
* new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code, * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code,

2
src/firejail/firejail.h
View file

@ -31,7 +31,7 @@
#define RUN_FIREJAIL_BASEDIR "/run" #define RUN_FIREJAIL_BASEDIR "/run"
#define RUN_FIREJAIL_DIR "/run/firejail" #define RUN_FIREJAIL_DIR "/run/firejail"
#define RUN_FIREJAIL_APPIMAGE_DIR "/run/firejail/appimage" #define RUN_FIREJAIL_APPIMAGE_DIR "/run/firejail/appimage"
#define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" #define RUN_FIREJAIL_NAME_DIR "/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place
#define RUN_FIREJAIL_X11_DIR "/run/firejail/x11" #define RUN_FIREJAIL_X11_DIR "/run/firejail/x11"
#define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network" #define RUN_FIREJAIL_NETWORK_DIR "/run/firejail/network"
#define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth" #define RUN_FIREJAIL_BANDWIDTH_DIR "/run/firejail/bandwidth"

35
src/lib/pid.c
View file

@ -21,6 +21,7 @@
#include "../include/pid.h" #include "../include/pid.h"
#include <string.h> #include <string.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h>
#include <pwd.h> #include <pwd.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
#include <dirent.h> #include <dirent.h>
@ -165,6 +166,10 @@ doexit:
return rv; return rv;
} }
// todo: RUN_FIREJAIL_NAME_DIR is borrowed from src/firejail/firejail.h
// move it in a common place
#define RUN_FIREJAIL_NAME_DIR "/run/firejail/name"
static void print_elem(unsigned index, int nowrap) { static void print_elem(unsigned index, int nowrap) {
// get terminal size // get terminal size
struct winsize sz; struct winsize sz;
@ -184,14 +189,40 @@ static void print_elem(unsigned index, int nowrap) {
char *cmd = pid_proc_cmdline(index); char *cmd = pid_proc_cmdline(index);
char *user = pid_get_user_name(uid); char *user = pid_get_user_name(uid);
char *allocated = user; char *allocated = user;
// extract sandbox name - pid == index
char *sandbox_name = "";
char *fname;
if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_NAME_DIR, index) == -1)
errExit("asprintf");
struct stat s;
if (stat(fname, &s) == 0) {
FILE *fp = fopen(fname, "r");
if (fp) {
sandbox_name = malloc(s.st_size + 1);
if (!sandbox_name)
errExit("malloc");
char *rv = fgets(sandbox_name, s.st_size + 1, fp);
if (!rv)
*sandbox_name = '\0';
else {
char *ptr = strchr(sandbox_name, '\n');
if (ptr)
*ptr = '\0';
}
fclose(fp);
}
}
free(fname);
if (user ==NULL) if (user ==NULL)
user = ""; user = "";
if (cmd) { if (cmd) {
if (col < 4 || nowrap) if (col < 4 || nowrap)
printf("%s%u:%s:%s\n", indent, index, user, cmd); printf("%s%u:%s:%s:%s\n", indent, index, user, sandbox_name, cmd);
else { else {
char *out; char *out;
if (asprintf(&out, "%s%u:%s:%s\n", indent, index, user, cmd) == -1) if (asprintf(&out, "%s%u:%s:%s:%s\n", indent, index, user, sandbox_name, cmd) == -1)
errExit("asprintf"); errExit("asprintf");
int len = strlen(out); int len = strlen(out);
if (len > col) { if (len > col) {

29
src/man/firejail.txt
View file

@ -254,7 +254,7 @@ Example:
.br .br
$ firejail \-\-list $ firejail \-\-list
.br .br
3272:netblue:firejail \-\-private firefox 3272:netblue::firejail \-\-private firefox
.br .br
$ firejail \-\-caps.print=3272 $ firejail \-\-caps.print=3272
@ -309,7 +309,7 @@ Example:
.br .br
$ firejail \-\-list $ firejail \-\-list
.br .br
3272:netblue:firejail \-\-private firefox 3272:netblue::firejail \-\-private firefox
.br .br
$ firejail \-\-cpu.print=3272 $ firejail \-\-cpu.print=3272
@ -453,7 +453,7 @@ Example:
.br .br
$ firejail \-\-list $ firejail \-\-list
.br .br
3272:netblue:firejail \-\-private firefox 3272:netblue::firejail \-\-private firefox
.br .br
$ firejail \-\-dns.print=3272 $ firejail \-\-dns.print=3272
@ -492,7 +492,7 @@ Example:
.br .br
$ firejail \-\-list $ firejail \-\-list
.br .br
3272:netblue:firejail \-\-private firefox 3272:netblue::firejail \-\-private firefox
.br .br
$ firejail \-\-fs.print=3272 $ firejail \-\-fs.print=3272
@ -662,7 +662,7 @@ Example:
.br .br
$ firejail \-\-list $ firejail \-\-list
.br .br
3272:netblue:firejail \-\-private firefox 3272:netblue::firejail \-\-private firefox
.br .br
$ firejail \-\-join=3272 $ firejail \-\-join=3272
@ -749,11 +749,11 @@ Example:
.br .br
$ firejail \-\-list $ firejail \-\-list
.br .br
7015:netblue:firejail firefox 7015:netblue:browser:firejail firefox
.br .br
7056:netblue:firejail \-\-net=eth0 transmission-gtk 7056:netblue:torrent:firejail \-\-net=eth0 transmission-gtk
.br .br
7064:netblue:firejail \-\-noroot xterm 7064:netblue::firejail \-\-noroot xterm
.br .br
$ $
.TP .TP
@ -1543,7 +1543,7 @@ Example:
.br .br
$ firejail \-\-list $ firejail \-\-list
.br .br
3272:netblue:firejail \-\-private firefox 3272:netblue::firejail \-\-private firefox
.br .br
$ firejail \-\-protocol.print=3272 $ firejail \-\-protocol.print=3272
.br .br
@ -1992,7 +1992,7 @@ Example:
.br .br
$ firejail \-\-list $ firejail \-\-list
.br .br
3272:netblue:firejail \-\-private firefox 3272:netblue::firejail \-\-private firefox
.br .br
$ firejail \-\-shutdown=3272 $ firejail \-\-shutdown=3272
.TP .TP
@ -2598,12 +2598,12 @@ Limitations: audit feature is not implemented for --x11 commands.
Option \-\-list prints a list of all sandboxes. The format Option \-\-list prints a list of all sandboxes. The format
for each process entry is as follows: for each process entry is as follows:
PID:USER:Command PID:USER:Sandbox Name:Command
Option \-\-tree prints the tree of processes running in the sandbox. The format Option \-\-tree prints the tree of processes running in the sandbox. The format
for each process entry is as follows: for each process entry is as follows:
PID:USER:Command PID:USER:Sandbox Name:Command
Option \-\-top is similar to the UNIX top command, however it applies only to Option \-\-top is similar to the UNIX top command, however it applies only to
sandboxes. sandboxes.
@ -2635,6 +2635,9 @@ It is a sum of the RES values for all processes running in the sandbox.
RX(KB/s) RX(KB/s)
Network receive speed. Network receive speed.
.TP .TP
Sandbox Name
The name of the sandbox, if any.
.TP
SHR SHR
Shared Memory Size (KiB), it reflects memory shared with other Shared Memory Size (KiB), it reflects memory shared with other
processes. It is a sum of the SHR values for all processes running processes. It is a sum of the SHR values for all processes running
@ -2646,7 +2649,7 @@ Network transmit speed.
Uptime Uptime
Sandbox running time in hours:minutes:seconds format. Sandbox running time in hours:minutes:seconds format.
.TP .TP
User USER
The owner of the sandbox. The owner of the sandbox.
.SH SECURITY PROFILES .SH SECURITY PROFILES

22
src/man/firemon.txt
View file

@ -50,7 +50,8 @@ Print route table for each sandbox.
Print seccomp configuration for each sandbox. Print seccomp configuration for each sandbox.
.TP .TP
\fB\-\-top \fB\-\-top
Monitor the most CPU-intensive sandboxes. Monitor the most CPU-intensive sandboxes. This command is similar to
the regular UNIX top command, however it applies only to sandboxes.
.TP .TP
\fB\-\-tree \fB\-\-tree
Print a tree of all sandboxed processes. Print a tree of all sandboxed processes.
@ -63,19 +64,11 @@ Print program version and exit.
Print X11 display number. Print X11 display number.
.PP .PP
Option \-\-list prints a list of all sandboxes. The format The format for each listed sandbox entry is as follows:
for each entry is as follows:
PID:USER:Command PID:USER:Sandbox Name:Command
Option \-\-tree prints the tree of processes running in the sandbox. The format Listed below are the available fields (columns) in various firemon commands in alphabetical order:
for each process entry is as follows:
PID:USER:Command
Option \-\-top is similar to the UNIX top command, however it applies only to
sandboxes. Listed below are the available fields (columns) in alphabetical
order:
.TP .TP
Command Command
@ -95,6 +88,9 @@ RES
Resident Memory Size (KiB), sandbox non-swapped physical memory. Resident Memory Size (KiB), sandbox non-swapped physical memory.
It is a sum of the RES values for all processes running in the sandbox. It is a sum of the RES values for all processes running in the sandbox.
.TP .TP
Sandbox Name
The name of the sandbox, if any.
.TP
SHR SHR
Shared Memory Size (KiB), it reflects memory shared with other Shared Memory Size (KiB), it reflects memory shared with other
processes. It is a sum of the SHR values for all processes running processes. It is a sum of the SHR values for all processes running
@ -103,7 +99,7 @@ in the sandbox, including the controlling process.
Uptime Uptime
Sandbox running time in hours:minutes:seconds format. Sandbox running time in hours:minutes:seconds format.
.TP .TP
User USER
The owner of the sandbox. The owner of the sandbox.
.SH LICENSE .SH LICENSE