added sandbox name support in firemon

2026-05-21 06:45:29 -06:00 · 2018-03-21 08:56:54 -04:00 · 2018-03-21 08:56:54 -04:00 · 57ffc35a8e
commit 57ffc35a8e
parent e27481169f
5 changed files with 60 additions and 29 deletions
--- a/1
+++ b/1
@ -23,6 +23,7 @@ firejail (0.9.53) baseline; urgency=low
  * whitelist support for overlay and chroot sandboxes
  * private-dev support for overlay and chroot sandboxes
  * private-tmp support for overlay and chroot sandboxes
+  * added sandbox name support in firemon
  * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed,
  * new profiles: discord-canary, pycharm-community, pycharm-professional,
  * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, VS Code,
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@ -31,7 +31,7 @@
 #define RUN_FIREJAIL_BASEDIR	"/run"
 #define RUN_FIREJAIL_DIR	"/run/firejail"
 #define RUN_FIREJAIL_APPIMAGE_DIR	"/run/firejail/appimage"
-#define RUN_FIREJAIL_NAME_DIR	"/run/firejail/name"
+#define RUN_FIREJAIL_NAME_DIR	"/run/firejail/name" // also used in src/lib/pid.c - todo: move it in a common place
 #define RUN_FIREJAIL_X11_DIR	"/run/firejail/x11"
 #define RUN_FIREJAIL_NETWORK_DIR	"/run/firejail/network"
 #define RUN_FIREJAIL_BANDWIDTH_DIR	"/run/firejail/bandwidth"
--- a/src/lib/pid.c
+++ b/src/lib/pid.c
@ -21,6 +21,7 @@
 #include "../include/pid.h"
 #include <string.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 #include <pwd.h>
 #include <sys/ioctl.h>
 #include <dirent.h>
@ -165,6 +166,10 @@ doexit:
 	return rv;
 }

+// todo: RUN_FIREJAIL_NAME_DIR is borrowed from src/firejail/firejail.h
+// move it in a common place
+#define RUN_FIREJAIL_NAME_DIR	"/run/firejail/name"
+
 static void print_elem(unsigned index, int nowrap) {
 	// get terminal size
 	struct winsize sz;
@ -184,14 +189,40 @@ static void print_elem(unsigned index, int nowrap) {
 	char *cmd = pid_proc_cmdline(index);
 	char *user = pid_get_user_name(uid);
 	char *allocated = user;
+
+	// extract sandbox name - pid == index
+	char *sandbox_name = "";
+	char *fname;
+	if (asprintf(&fname, "%s/%d", RUN_FIREJAIL_NAME_DIR, index) == -1)
+		errExit("asprintf");
+	struct stat s;
+	if (stat(fname, &s) == 0) {
+		FILE *fp = fopen(fname, "r");
+		if (fp) {
+			sandbox_name = malloc(s.st_size + 1);
+			if (!sandbox_name)
+				errExit("malloc");
+			char *rv = fgets(sandbox_name, s.st_size + 1, fp);
+			if (!rv)
+				*sandbox_name = '\0';
+			else {
+				char *ptr = strchr(sandbox_name, '\n');
+				if (ptr)
+					*ptr = '\0';
+			}
+			fclose(fp);
+		}
+	}
+	free(fname);
+
 	if (user ==NULL)
 		user = "";
 	if (cmd) {
 		if (col < 4 || nowrap)
-			printf("%s%u:%s:%s\n", indent, index, user, cmd);
+			printf("%s%u:%s:%s:%s\n", indent, index, user, sandbox_name, cmd);
 		else {
 			char *out;
-			if (asprintf(&out, "%s%u:%s:%s\n", indent, index, user, cmd) == -1)
+			if (asprintf(&out, "%s%u:%s:%s:%s\n", indent, index, user, sandbox_name, cmd) == -1)
 				errExit("asprintf");
 			int len = strlen(out);
 			if (len > col) {
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@ -254,7 +254,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-caps.print=3272

@ -309,7 +309,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-cpu.print=3272

@ -453,7 +453,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-dns.print=3272

@ -492,7 +492,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-fs.print=3272

@ -662,7 +662,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-join=3272

@ -749,11 +749,11 @@ Example:
 .br
 $ firejail \-\-list
 .br
-7015:netblue:firejail firefox
+7015:netblue:browser:firejail firefox
 .br
-7056:netblue:firejail \-\-net=eth0 transmission-gtk
+7056:netblue:torrent:firejail \-\-net=eth0 transmission-gtk
 .br
-7064:netblue:firejail \-\-noroot xterm
+7064:netblue::firejail \-\-noroot xterm
 .br
 $
 .TP
@ -1543,7 +1543,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-protocol.print=3272
 .br
@ -1992,7 +1992,7 @@ Example:
 .br
 $ firejail \-\-list
 .br
-3272:netblue:firejail \-\-private firefox
+3272:netblue::firejail \-\-private firefox
 .br
 $ firejail \-\-shutdown=3272
 .TP
@ -2598,12 +2598,12 @@ Limitations: audit feature is not implemented for --x11 commands.
 Option \-\-list prints a list of all sandboxes. The format
 for each process entry is as follows:

-	PID:USER:Command
+	PID:USER:Sandbox Name:Command

 Option \-\-tree prints the tree of processes running in the sandbox. The format
 for each process entry is as follows:

-	PID:USER:Command
+	PID:USER:Sandbox Name:Command

 Option \-\-top is similar to the UNIX top command, however it applies only to
 sandboxes.
@ -2635,6 +2635,9 @@ It is a sum of the RES values for all processes running in the sandbox.
 RX(KB/s)
 Network receive speed.
 .TP
+Sandbox Name
+The name of the sandbox, if any.
+.TP
 SHR
 Shared Memory Size (KiB), it reflects memory shared with other
 processes. It is a sum of the SHR values for all processes running
@ -2646,7 +2649,7 @@ Network transmit speed.
 Uptime
 Sandbox running time in hours:minutes:seconds format.
 .TP
-User
+USER
 The owner of the sandbox.

 .SH SECURITY PROFILES
--- a/src/man/firemon.txt
+++ b/src/man/firemon.txt
@ -50,7 +50,8 @@ Print route table for each sandbox.
 Print seccomp configuration for each sandbox.
 .TP
 \fB\-\-top
-Monitor the most CPU-intensive sandboxes.
+Monitor the most CPU-intensive sandboxes. This command  is similar to
+the regular UNIX top command, however it applies only to sandboxes.
 .TP
 \fB\-\-tree
 Print a tree of all sandboxed processes.
@ -63,19 +64,11 @@ Print program version and exit.
 Print X11 display number.

 .PP
-Option \-\-list prints a list of all sandboxes. The format
-for each entry is as follows:
+The format for each listed sandbox entry is as follows:

-	PID:USER:Command
+	PID:USER:Sandbox Name:Command

-Option \-\-tree prints the tree of processes running in the sandbox. The format
-for each process entry is as follows:
-
-	PID:USER:Command
-
-Option \-\-top is similar to the UNIX top command, however it applies only to
-sandboxes. Listed below are the available fields (columns) in alphabetical
-order:
+Listed below are the available fields (columns) in various firemon commands in alphabetical order:

 .TP
 Command
@ -95,6 +88,9 @@ RES
 Resident Memory Size (KiB), sandbox non-swapped physical memory.
 It is a sum of the RES values for all processes running in the sandbox.
 .TP
+Sandbox Name
+The name of the sandbox, if any.
+.TP
 SHR
 Shared Memory Size (KiB), it reflects memory shared with other
 processes. It is a sum of the SHR values for all processes running
@ -103,7 +99,7 @@ in the sandbox, including the controlling process.
 Uptime
 Sandbox running time in hours:minutes:seconds format.
 .TP
-User
+USER
 The owner of the sandbox.

 .SH LICENSE