mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
firemon rework
This commit is contained in:
netblue30
parent
4f592ed011
commit
741aaa4f59
5 changed files with 74 additions and 59 deletions
|
|
@ -106,10 +106,8 @@ void get_stats(int parent) {
|
|||
}
|
||||
|
||||
// store data
|
||||
pids[parent].rx_delta = rx - pids[parent].rx;
|
||||
pids[parent].rx = rx;
|
||||
pids[parent].tx_delta = tx - pids[parent].tx;
|
||||
pids[parent].tx = tx;
|
||||
pids[parent].option.netstats.rx = rx - pids[parent].option.netstats.rx;
|
||||
pids[parent].option.netstats.tx = tx - pids[parent].option.netstats.tx;
|
||||
|
||||
|
||||
free(fname);
|
||||
|
|
@ -117,10 +115,8 @@ void get_stats(int parent) {
|
|||
return;
|
||||
|
||||
errexit:
|
||||
pids[parent].rx = 0;
|
||||
pids[parent].tx = 0;
|
||||
pids[parent].rx_delta = 0;
|
||||
pids[parent].tx_delta = 0;
|
||||
pids[parent].option.netstats.rx = 0;
|
||||
pids[parent].option.netstats.tx = 0;
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -174,11 +170,11 @@ static void print_proc(int index, int itv, int col) {
|
|||
ptruser = "";
|
||||
|
||||
|
||||
float rx_kbps = ((float) pids[index].rx_delta / 1000) / itv;
|
||||
float rx_kbps = ((float) pids[index].option.netstats.rx / 1000) / itv;
|
||||
char ptrrx[15];
|
||||
sprintf(ptrrx, "%.03f", rx_kbps);
|
||||
|
||||
float tx_kbps = ((float) pids[index].tx_delta / 1000) / itv;
|
||||
float tx_kbps = ((float) pids[index].option.netstats.tx / 1000) / itv;
|
||||
char ptrtx[15];
|
||||
sprintf(ptrtx, "%.03f", tx_kbps);
|
||||
|
||||
|
|
|
|||
|
|
@ -417,18 +417,18 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my
|
|||
sprintf(lineptr, " %u", pid);
|
||||
lineptr += strlen(lineptr);
|
||||
|
||||
char *user = pids[pid].user;
|
||||
char *user = pids[pid].option.event.user;
|
||||
if (!user)
|
||||
user = pid_get_user_name(pids[pid].uid);
|
||||
if (user) {
|
||||
pids[pid].user = user;
|
||||
pids[pid].option.event.user = user;
|
||||
sprintf(lineptr, " (%s)", user);
|
||||
lineptr += strlen(lineptr);
|
||||
}
|
||||
|
||||
|
||||
int sandbox_closed = 0; // exit sandbox flag
|
||||
char *cmd = pids[pid].cmd;
|
||||
char *cmd = pids[pid].option.event.cmd;
|
||||
if (!cmd) {
|
||||
cmd = pid_proc_cmdline(pid);
|
||||
}
|
||||
|
|
@ -465,10 +465,10 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my
|
|||
|
||||
// unflag pid for exit events
|
||||
if (remove_pid) {
|
||||
if (pids[pid].user)
|
||||
free(pids[pid].user);
|
||||
if (pids[pid].cmd)
|
||||
free(pids[pid].cmd);
|
||||
if (pids[pid].option.event.user)
|
||||
free(pids[pid].option.event.user);
|
||||
if (pids[pid].option.event.cmd)
|
||||
free(pids[pid].option.event.cmd);
|
||||
memset(&pids[pid], 0, sizeof(Process));
|
||||
}
|
||||
|
||||
|
|
@ -485,9 +485,9 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my
|
|||
|
||||
// on uid events the uid is changing
|
||||
if (proc_ev->what == PROC_EVENT_UID) {
|
||||
if (pids[pid].user)
|
||||
free(pids[pid].user);
|
||||
pids[pid].user = 0;
|
||||
if (pids[pid].option.event.user)
|
||||
free(pids[pid].option.event.user);
|
||||
pids[pid].option.event.user = 0;
|
||||
pids[pid].uid = pid_get_uid(pid);
|
||||
}
|
||||
|
||||
|
|
@ -505,6 +505,17 @@ void procevent(pid_t pid) {
|
|||
exit(1);
|
||||
}
|
||||
|
||||
// set max_pids to the max value allowed by the kernel
|
||||
FILE *fp = fopen("/proc/sys/kernel/pid_max", "r");
|
||||
if (fp) {
|
||||
int val;
|
||||
if (fscanf(fp, "%d", &val) == 1) {
|
||||
if (val >= max_pids)
|
||||
max_pids = val + 1;
|
||||
}
|
||||
fclose(fp);
|
||||
}
|
||||
|
||||
// monitor using netlink
|
||||
int sock = procevent_netlink_setup();
|
||||
if (sock < 0) {
|
||||
|
|
|
|||
|
|
@ -154,8 +154,8 @@ static char *print_top(unsigned index, unsigned parent, unsigned *utime, unsigne
|
|||
|
||||
// cpu
|
||||
itv *= clocktick;
|
||||
float ud = (float) (*utime - pids[index].utime) / itv * 100;
|
||||
float sd = (float) (*stime - pids[index].stime) / itv * 100;
|
||||
float ud = (float) (*utime - pids[index].option.top.utime) / itv * 100;
|
||||
float sd = (float) (*stime - pids[index].option.top.stime) / itv * 100;
|
||||
float cd = ud + sd;
|
||||
*cpu = cd;
|
||||
char cpu_str[10];
|
||||
|
|
@ -179,6 +179,34 @@ static char *print_top(unsigned index, unsigned parent, unsigned *utime, unsigne
|
|||
return rv;
|
||||
}
|
||||
|
||||
// recursivity!!!
|
||||
void pid_store_cpu(unsigned index, unsigned parent, unsigned *utime, unsigned *stime) {
|
||||
if (pids[index].level == 1) {
|
||||
*utime = 0;
|
||||
*stime = 0;
|
||||
}
|
||||
|
||||
// Remove unused parameter warning
|
||||
(void)parent;
|
||||
|
||||
unsigned utmp = 0;
|
||||
unsigned stmp = 0;
|
||||
pid_get_cpu_time(index, &utmp, &stmp);
|
||||
*utime += utmp;
|
||||
*stime += stmp;
|
||||
|
||||
unsigned i;
|
||||
for (i = index + 1; i < (unsigned)max_pids; i++) {
|
||||
if (pids[i].parent == (pid_t)index)
|
||||
pid_store_cpu(i, index, utime, stime);
|
||||
}
|
||||
|
||||
if (pids[index].level == 1) {
|
||||
pids[index].option.top.utime = *utime;
|
||||
pids[index].option.top.stime = *stime;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
typedef struct node_t {
|
||||
struct node_t *next;
|
||||
|
|
|
|||
|
|
@ -31,14 +31,23 @@ typedef struct {
|
|||
unsigned char zombie;
|
||||
pid_t parent;
|
||||
uid_t uid;
|
||||
char *user;
|
||||
char *cmd;
|
||||
unsigned utime;
|
||||
unsigned stime;
|
||||
unsigned long long rx; // network rx, bytes
|
||||
unsigned long long tx; // networking tx, bytes
|
||||
unsigned rx_delta;
|
||||
unsigned tx_delta;
|
||||
|
||||
union {
|
||||
struct event_t {
|
||||
char *user;
|
||||
char *cmd;
|
||||
} event;
|
||||
|
||||
struct top_t {
|
||||
unsigned utime;
|
||||
unsigned stime;
|
||||
} top;
|
||||
|
||||
struct netstats_t {
|
||||
unsigned long long rx; // network rx, bytes
|
||||
unsigned long long tx; // networking tx, bytes
|
||||
} netstats;
|
||||
} option;
|
||||
} Process;
|
||||
//extern Process pids[max_pids];
|
||||
extern Process *pids;
|
||||
|
|
@ -52,7 +61,6 @@ char *pid_get_user_name(uid_t uid);
|
|||
// print functions
|
||||
void pid_print_tree(unsigned index, unsigned parent, int nowrap);
|
||||
void pid_print_list(unsigned index, int nowrap);
|
||||
void pid_store_cpu(unsigned index, unsigned parent, unsigned *utime, unsigned *stime);
|
||||
void pid_read(pid_t mon_pid);
|
||||
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -273,34 +273,6 @@ void pid_print_list(unsigned index, int nowrap) {
|
|||
print_elem(index, nowrap);
|
||||
}
|
||||
|
||||
// recursivity!!!
|
||||
void pid_store_cpu(unsigned index, unsigned parent, unsigned *utime, unsigned *stime) {
|
||||
if (pids[index].level == 1) {
|
||||
*utime = 0;
|
||||
*stime = 0;
|
||||
}
|
||||
|
||||
// Remove unused parameter warning
|
||||
(void)parent;
|
||||
|
||||
unsigned utmp = 0;
|
||||
unsigned stmp = 0;
|
||||
pid_get_cpu_time(index, &utmp, &stmp);
|
||||
*utime += utmp;
|
||||
*stime += stmp;
|
||||
|
||||
unsigned i;
|
||||
for (i = index + 1; i < (unsigned)max_pids; i++) {
|
||||
if (pids[i].parent == (pid_t)index)
|
||||
pid_store_cpu(i, index, utime, stime);
|
||||
}
|
||||
|
||||
if (pids[index].level == 1) {
|
||||
pids[index].utime = *utime;
|
||||
pids[index].stime = *stime;
|
||||
}
|
||||
}
|
||||
|
||||
// mon_pid: pid of sandbox to be monitored, 0 if all sandboxes are included
|
||||
void pid_read(pid_t mon_pid) {
|
||||
unsigned old_max_pids = max_pids;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue