From 8b8bf79547543d8f96bab69838eff34fbf01680c Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Mon, 30 Jun 2025 09:27:12 -0300 Subject: [PATCH 1/4] procevent.c: improve misc formatting --- src/firemon/procevent.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index d3d12c43b..7c3ca7bd0 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c @@ -312,6 +312,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my if (proc_ev->event_data.fork.child_pid != proc_ev->event_data.fork.child_tgid) continue; // this is a thread, not a process + pid = proc_ev->event_data.fork.parent_tgid; #ifdef DEBUG_PRCTL printf("%s: %d, event fork, pid %d\n", __FUNCTION__, __LINE__, pid); @@ -326,6 +327,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my sprintf(lineptr, " fork"); nodisplay = 1; break; + case PROC_EVENT_EXEC: pid = proc_ev->event_data.exec.process_tgid; #ifdef DEBUG_PRCTL @@ -350,8 +352,6 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my sprintf(lineptr, " exit"); break; - - case PROC_EVENT_UID: pid = proc_ev->event_data.id.process_tgid; #ifdef DEBUG_PRCTL @@ -362,10 +362,11 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my sprintf(lineptr, "\n"); continue; } - else + else { sprintf(lineptr, " uid (%d:%d)", - proc_ev->event_data.id.r.ruid, - proc_ev->event_data.id.e.euid); + proc_ev->event_data.id.r.ruid, + proc_ev->event_data.id.e.euid); + } nodisplay = 1; break; @@ -379,15 +380,14 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my sprintf(lineptr, "\n"); continue; } - else + else { sprintf(lineptr, " gid (%d:%d)", - proc_ev->event_data.id.r.rgid, - proc_ev->event_data.id.e.egid); + proc_ev->event_data.id.r.rgid, + proc_ev->event_data.id.e.egid); + } nodisplay = 1; break; - - case PROC_EVENT_SID: pid = proc_ev->event_data.sid.process_tgid; #ifdef DEBUG_PRCTL @@ -421,8 +421,9 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my sprintf(lineptr, "\n"); continue; } - else + else { sprintf(lineptr, " comm %s", proc_ev->event_data.comm.comm); + } nodisplay = 1; break; @@ -469,7 +470,6 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my lineptr += strlen(lineptr); } - int sandbox_closed = 0; // exit sandbox flag int cmd_dup = 0; char *cmd = pids[pid].option.event.cmd; From 0c884029fc4e1084c4b2d7b9ed6241884bf41739 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Mon, 30 Jun 2025 09:28:39 -0300 Subject: [PATCH 2/4] procevent.c: reposition some debug message calls Move them from the middle of the finalization code to before it. --- src/firemon/procevent.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 7c3ca7bd0..91835cb11 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c @@ -70,10 +70,10 @@ static int pid_is_firejail(pid_t pid) { if (asprintf(&fname, "/proc/%d/cmdline", pid) == -1) errExit("asprintf"); if ((fd = open(fname, O_RDONLY)) < 0) { - free(fname); #ifdef DEBUG_PRCTL printf("%s: %d, comm %s, rv %d\n", __FUNCTION__, __LINE__, buf, rv); #endif + free(fname); goto doexit; } free(fname); @@ -83,10 +83,10 @@ static int pid_is_firejail(pid_t pid) { unsigned char buffer[BUFLEN]; ssize_t len; if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { - close(fd); #ifdef DEBUG_PRCTL printf("%s: %d, comm %s, rv %d\n", __FUNCTION__, __LINE__, buf, rv); #endif + close(fd); goto doexit; } buffer[len] = '\0'; @@ -136,10 +136,10 @@ static int pid_is_firejail(pid_t pid) { int j = 0; while (exclude_args[j] != NULL) { if (strcmp(start, exclude_args[j]) == 0) { - rv = 0; #ifdef DEBUG_PRCTL printf("start=#%s#, ptr=#%s#, flip rv %d\n", start, ptr, rv); #endif + rv = 0; break; } j++; @@ -150,11 +150,11 @@ printf("start=#%s#, ptr=#%s#, flip rv %d\n", start, ptr, rv); } doexit: - fclose(fp); - free(file); #ifdef DEBUG_PRCTL printf("%s: %d, return %d\n", __FUNCTION__, __LINE__, rv); #endif + fclose(fp); + free(file); return rv; } From eb6fc9403799adc6e10735a22de55fdcae399804 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Mon, 30 Jun 2025 06:15:42 -0300 Subject: [PATCH 3/4] procevent.c: add debug_prctl macro See the next commit. See also commit e06c3e99d ("common.h: use __func__ instead of __FUNCTION__", 2023-06-17) / PR #5871. --- src/firemon/procevent.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 91835cb11..89f8058d5 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c @@ -36,6 +36,13 @@ //#define DEBUG_PRCTL +#ifdef DEBUG_PRCTL +#define debug_prctl(fmt, ...) \ + printf("%s: %d, " fmt, __func__, __LINE__, __VA_ARGS__) +#else +#define debug_prctl(...) ((void)0) +#endif + static int pid_is_firejail(pid_t pid) { #ifdef DEBUG_PRCTL printf("%s: %d, pid %d\n", __FUNCTION__, __LINE__, pid); From 1069127f5fe6a49db17147c328e0976e32656b75 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sun, 29 Jun 2025 18:47:06 -0300 Subject: [PATCH 4/4] procevent.c: replace printf with debug_prctl Replace almost all debug `printf` calls with `debug_prctl` to reduce the amount of duplication and `ifdefs`. Note: There is one debug `printf` call that uses a different message format, so it is left as is. Command used to search and replace: $ perl -0 -pi -e 's/#ifdef DEBUG_PRCTL\n(\s+)printf\("%s: %d, ([^\n]+)", __FUNCTION__, __LINE__([^\n]+)\n#endif/${1}debug_prctl("$2"$3/g; \ s/(debug_prctl\("event[^\n]+)/\t\t\t\t$1\n/g' \ src/firemon/procevent.c Relates to #6792. --- src/firemon/procevent.c | 75 +++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 48 deletions(-) diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index 89f8058d5..2bb0ba7a9 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c @@ -44,9 +44,7 @@ #endif static int pid_is_firejail(pid_t pid) { -#ifdef DEBUG_PRCTL - printf("%s: %d, pid %d\n", __FUNCTION__, __LINE__, pid); -#endif + debug_prctl("pid %d\n", pid); uid_t rv = 0; // open /proc/self/comm @@ -67,9 +65,7 @@ static int pid_is_firejail(pid_t pid) { rv = 1; } -#ifdef DEBUG_PRCTL - printf("%s: %d, comm %s, rv %d\n", __FUNCTION__, __LINE__, buf, rv); -#endif + debug_prctl("comm %s, rv %d\n", buf, rv); if (rv) { // open /proc/pid/cmdline file char *fname; @@ -77,9 +73,7 @@ static int pid_is_firejail(pid_t pid) { if (asprintf(&fname, "/proc/%d/cmdline", pid) == -1) errExit("asprintf"); if ((fd = open(fname, O_RDONLY)) < 0) { -#ifdef DEBUG_PRCTL - printf("%s: %d, comm %s, rv %d\n", __FUNCTION__, __LINE__, buf, rv); -#endif + debug_prctl("comm %s, rv %d\n", buf, rv); free(fname); goto doexit; } @@ -90,9 +84,7 @@ static int pid_is_firejail(pid_t pid) { unsigned char buffer[BUFLEN]; ssize_t len; if ((len = read(fd, buffer, sizeof(buffer) - 1)) <= 0) { -#ifdef DEBUG_PRCTL - printf("%s: %d, comm %s, rv %d\n", __FUNCTION__, __LINE__, buf, rv); -#endif + debug_prctl("comm %s, rv %d\n", buf, rv); close(fd); goto doexit; } @@ -157,9 +149,7 @@ printf("start=#%s#, ptr=#%s#, flip rv %d\n", start, ptr, rv); } doexit: -#ifdef DEBUG_PRCTL - printf("%s: %d, return %d\n", __FUNCTION__, __LINE__, rv); -#endif + debug_prctl("return %d\n", rv); fclose(fp); free(file); return rv; @@ -313,17 +303,15 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my int nodisplay = 0; switch (proc_ev->what) { case PROC_EVENT_FORK: -#ifdef DEBUG_PRCTL - printf("%s: %d, event fork\n", __FUNCTION__, __LINE__); -#endif + debug_prctl("event fork\n"); + if (proc_ev->event_data.fork.child_pid != proc_ev->event_data.fork.child_tgid) continue; // this is a thread, not a process pid = proc_ev->event_data.fork.parent_tgid; -#ifdef DEBUG_PRCTL - printf("%s: %d, event fork, pid %d\n", __FUNCTION__, __LINE__, pid); -#endif + debug_prctl("event fork, pid %d\n", pid); + if (pids[pid].level > 0) { child = proc_ev->event_data.fork.child_tgid; child %= max_pids; @@ -337,9 +325,8 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my case PROC_EVENT_EXEC: pid = proc_ev->event_data.exec.process_tgid; -#ifdef DEBUG_PRCTL - printf("%s: %d, event exec, pid %d\n", __FUNCTION__, __LINE__, pid); -#endif + debug_prctl("event exec, pid %d\n", pid); + if (pids[pid].level == -1) { pids[pid].level = 0; // start tracking } @@ -352,18 +339,16 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my continue; // this is a thread, not a process pid = proc_ev->event_data.exit.process_tgid; -#ifdef DEBUG_PRCTL - printf("%s: %d, event exit, pid %d\n", __FUNCTION__, __LINE__, pid); -#endif + debug_prctl("event exit, pid %d\n", pid); + remove_pid = 1; sprintf(lineptr, " exit"); break; case PROC_EVENT_UID: pid = proc_ev->event_data.id.process_tgid; -#ifdef DEBUG_PRCTL - printf("%s: %d, event uid, pid %d\n", __FUNCTION__, __LINE__, pid); -#endif + debug_prctl("event uid, pid %d\n", pid); + if (pids[pid].level == 1 || pids[pids[pid].parent].level == 1) { sprintf(lineptr, "\n"); @@ -379,9 +364,8 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my case PROC_EVENT_GID: pid = proc_ev->event_data.id.process_tgid; -#ifdef DEBUG_PRCTL - printf("%s: %d, event gid, pid %d\n", __FUNCTION__, __LINE__, pid); -#endif + debug_prctl("event gid, pid %d\n", pid); + if (pids[pid].level == 1 || pids[pids[pid].parent].level == 1) { sprintf(lineptr, "\n"); @@ -397,9 +381,8 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my case PROC_EVENT_SID: pid = proc_ev->event_data.sid.process_tgid; -#ifdef DEBUG_PRCTL - printf("%s: %d, event sid, pid %d\n", __FUNCTION__, __LINE__, pid); -#endif + debug_prctl("event sid, pid %d\n", pid); + sprintf(lineptr, " sid "); break; @@ -407,18 +390,16 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my #ifdef PROC_EVENT_COREDUMP case PROC_EVENT_COREDUMP: pid = proc_ev->event_data.coredump.process_tgid; -#ifdef DEBUG_PRCTL - printf("%s: %d, event coredump, pid %d\n", __FUNCTION__, __LINE__, pid); -#endif + debug_prctl("event coredump, pid %d\n", pid); + sprintf(lineptr, " coredump "); break; #endif /* PROC_EVENT_COREDUMP */ case PROC_EVENT_COMM: pid = proc_ev->event_data.comm.process_tgid; -#ifdef DEBUG_PRCTL - printf("%s: %d, event comm, pid %d\n", __FUNCTION__, __LINE__, pid); -#endif + debug_prctl("event comm, pid %d\n", pid); + if (proc_ev->event_data.comm.process_pid != proc_ev->event_data.comm.process_tgid) continue; // this is a thread, not a process @@ -436,16 +417,14 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my case PROC_EVENT_PTRACE: pid = proc_ev->event_data.ptrace.process_tgid; -#ifdef DEBUG_PRCTL - printf("%s: %d, event ptrace, pid %d\n", __FUNCTION__, __LINE__, pid); -#endif + debug_prctl("event ptrace, pid %d\n", pid); + sprintf(lineptr, " ptrace "); break; default: -#ifdef DEBUG_PRCTL - printf("%s: %d, event unknown\n", __FUNCTION__, __LINE__); -#endif + debug_prctl("event unknown\n"); + sprintf(lineptr, "\n"); continue; }