github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 22:01:33 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

install profstats in /etc/firejail directory - undocumented, used only for development

Browse source
This commit is contained in:
netblue30 2021-11-30 08:23:01 -05:00
parent 65b37a25d2
commit 8f93df99f1
2 changed files with 24 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Makefile.in
View file

@ -138,6 +138,8 @@ endif
install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config
install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config etc/ids.config
sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
# program used track profile statistics during development - no manpage, this is not a user program
install -m 755 -t $(DESTDIR)$(sysconfdir)/firejail src/profstats/profstats
ifeq ($(BUSYBOX_WORKAROUND),yes)
./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc
endif

24
src/profstats/main.c
View file

@ -67,11 +67,11 @@ static int arg_dbus_system_none = 0;
static int arg_dbus_user_none = 0;
static int arg_whitelisthome = 0;
static int arg_noroot = 0;
static int arg_print_blacklist = 0;
static int arg_print_whitelist = 0;
static char *profile = NULL;
static void usage(void) {
printf("proftool - print profile statistics\n");
printf("Usage: proftool [options] file[s]\n");
@ -87,6 +87,8 @@ static void usage(void) {
printf(" --private-dev - print profiles without private-dev\n");
printf(" --private-etc - print profiles without private-etc\n");
printf(" --private-tmp - print profiles without private-tmp\n");
printf(" --print-blacklist - print all blacklists for a profile\n");
printf(" --print-whitelist - print all whitelists for a profile\n");
printf(" --seccomp - print profiles without seccomp\n");
printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");
printf(" --whitelist-home - print profiles whitelisting home directory\n");
@ -125,6 +127,17 @@ void process_file(const char *fname) {
if (*ptr == '\n' || *ptr == '#')
continue;
if (arg_print_blacklist) {
if (strncmp(ptr, "blacklist", 9) == 0 ||
strncmp(ptr, "noblacklist", 11) == 0)
printf("%s: %s\n", fname, ptr);
}
else if (arg_print_whitelist) {
if (strncmp(ptr, "whitelist", 9) == 0 ||
strncmp(ptr, "nowhitelist", 11) == 0)
printf("%s: %s\n", fname, ptr);
}
if (strncmp(ptr, "seccomp", 7) == 0)
cnt_seccomp++;
else if (strncmp(ptr, "caps", 4) == 0)
@ -227,6 +240,10 @@ int main(int argc, char **argv) {
arg_privatetmp = 1;
else if (strcmp(argv[i], "--private-etc") == 0)
arg_privateetc = 1;
else if (strcmp(argv[i], "--print-blacklist") == 0)
arg_print_blacklist = 1;
else if (strcmp(argv[i], "--print-whitelist") == 0)
arg_print_whitelist = 1;
else if (strcmp(argv[i], "--whitelist-home") == 0)
arg_whitelisthome = 1;
else if (strcmp(argv[i], "--whitelist-var") == 0)
@ -347,6 +364,9 @@ int main(int argc, char **argv) {
assert(level == 0);
}
if (arg_print_blacklist || arg_print_whitelist)
return 0;
printf("\n");
printf("Stats:\n");
printf(" profiles\t\t\t%d\n", cnt_profiles);