install profstats in /etc/firejail directory - undocumented, used onl…

…y for development
netblue30 · Nov 30, 2021 · 8f93df9 · 8f93df9
1 parent 65b37a2
commit 8f93df9
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 2 deletions.
diff --git a/Makefile.in b/Makefile.in
@@ -138,6 +138,8 @@ endif
  install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config
  install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config etc/ids.config
  sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
+ # program used track profile statistics during development - no manpage, this is not a user program
+ install -m 755 -t $(DESTDIR)$(sysconfdir)/firejail src/profstats/profstats
 ifeq ($(BUSYBOX_WORKAROUND),yes)
  ./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc
 endif

diff --git a/src/profstats/main.c b/src/profstats/main.c
@@ -67,11 +67,11 @@ static int arg_dbus_system_none = 0;
 static int arg_dbus_user_none = 0;
 static int arg_whitelisthome = 0;
 static int arg_noroot = 0;
-
+static int arg_print_blacklist = 0;
+static int arg_print_whitelist = 0;
 
 static char *profile = NULL;
 
-
 static void usage(void) {
  printf("proftool - print profile statistics\n");
  printf("Usage: proftool [options] file[s]\n");
@@ -87,6 +87,8 @@ static void usage(void) {
  printf(" --private-dev - print profiles without private-dev\n");
  printf(" --private-etc - print profiles without private-etc\n");
  printf(" --private-tmp - print profiles without private-tmp\n");
+ printf(" --print-blacklist - print all blacklists for a profile\n");
+ printf(" --print-whitelist - print all whitelists for a profile\n");
  printf(" --seccomp - print profiles without seccomp\n");
  printf(" --memory-deny-write-execute - profile without \"memory-deny-write-execute\"\n");
  printf(" --whitelist-home - print profiles whitelisting home directory\n");
@@ -125,6 +127,17 @@ void process_file(const char *fname) {
  if (*ptr == '\n' || *ptr == '#')
  continue;
 
+ if (arg_print_blacklist) {
+ if (strncmp(ptr, "blacklist", 9) == 0 ||
+ strncmp(ptr, "noblacklist", 11) == 0)
+ printf("%s: %s\n", fname, ptr);
+ }
+ else if (arg_print_whitelist) {
+ if (strncmp(ptr, "whitelist", 9) == 0 ||
+ strncmp(ptr, "nowhitelist", 11) == 0)
+ printf("%s: %s\n", fname, ptr);
+ }
+
  if (strncmp(ptr, "seccomp", 7) == 0)
  cnt_seccomp++;
  else if (strncmp(ptr, "caps", 4) == 0)
@@ -227,6 +240,10 @@ int main(int argc, char **argv) {
  arg_privatetmp = 1;
  else if (strcmp(argv[i], "--private-etc") == 0)
  arg_privateetc = 1;
+ else if (strcmp(argv[i], "--print-blacklist") == 0)
+ arg_print_blacklist = 1;
+ else if (strcmp(argv[i], "--print-whitelist") == 0)
+ arg_print_whitelist = 1;
  else if (strcmp(argv[i], "--whitelist-home") == 0)
  arg_whitelisthome = 1;
  else if (strcmp(argv[i], "--whitelist-var") == 0)
@@ -347,6 +364,9 @@ int main(int argc, char **argv) {
  assert(level == 0);
  }
 
+ if (arg_print_blacklist || arg_print_whitelist)
+ return 0;
+
  printf("\n");
  printf("Stats:\n");
  printf(" profiles\t\t\t%d\n", cnt_profiles);