experimental realms / citadel integration

shw-merge
dma 6 years ago
parent 20c648026a
commit 76b194840a

@ -17,8 +17,8 @@ import (
"io/ioutil" "io/ioutil"
"os" "os"
"os/signal" "os/signal"
"strings"
"strconv" "strconv"
"strings"
"sync" "sync"
"syscall" "syscall"
"time" "time"
@ -29,6 +29,8 @@ import (
"github.com/gotk3/gotk3/gdk" "github.com/gotk3/gotk3/gdk"
"github.com/gotk3/gotk3/glib" "github.com/gotk3/gotk3/glib"
"github.com/gotk3/gotk3/gtk" "github.com/gotk3/gotk3/gtk"
"github.com/godbus/dbus"
) )
type promptModes uint type promptModes uint
@ -55,6 +57,7 @@ type appShortcuts struct {
type cbPromptAdd func(guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int, type cbPromptAdd func(guid, path, icon, proto string, pid int, ipaddr, hostname string, port, uid, gid int,
origin, timestamp string, is_socks bool, optstring string, sandbox string, action int) bool origin, timestamp string, is_socks bool, optstring string, sandbox string, action int) bool
type cbPromptRemove func(string) type cbPromptRemove func(string)
var cbPromptAddRequest cbPromptAdd = nil var cbPromptAddRequest cbPromptAdd = nil
var cbPromptRemoveRequest cbPromptRemove = nil var cbPromptRemoveRequest cbPromptRemove = nil
@ -123,7 +126,6 @@ type fwApp struct {
ozProfiles []string ozProfiles []string
} }
/* /*
* App Setup * App Setup
*/ */
@ -414,7 +416,6 @@ func (fa *fwApp) buildAppMenu() {
} }
} }
/* /*
* Windows * Windows
*/ */
@ -573,7 +574,6 @@ func (fa *fwApp) showShortcutsWindow() {
} }
} }
/* /*
* Private Utils * Private Utils
*/ */
@ -592,7 +592,6 @@ func (fa *fwApp) populateWindow() {
fa.rlPermanent.loadRules(true) fa.rlPermanent.loadRules(true)
fa.rlPermanent.reloadRules(tt) fa.rlPermanent.reloadRules(tt)
if fa.boxSession == nil { if fa.boxSession == nil {
fa.boxSession, _ = gtk.ListBoxNew() fa.boxSession, _ = gtk.ListBoxNew()
fa.swRulesSession.Add(fa.boxSession) fa.swRulesSession.Add(fa.boxSession)
@ -605,7 +604,6 @@ func (fa *fwApp) populateWindow() {
fa.rlSession.loadRules(true) fa.rlSession.loadRules(true)
fa.rlSession.reloadRules(tt) fa.rlSession.reloadRules(tt)
if fa.boxProcess == nil { if fa.boxProcess == nil {
fa.boxProcess, _ = gtk.ListBoxNew() fa.boxProcess, _ = gtk.ListBoxNew()
fa.swRulesProcess.Add(fa.boxProcess) fa.swRulesProcess.Add(fa.boxProcess)
@ -630,7 +628,6 @@ func (fa *fwApp) populateWindow() {
fa.rlSystem.loadRules(true) fa.rlSystem.loadRules(true)
fa.rlSystem.reloadRules(tt) fa.rlSystem.reloadRules(tt)
} }
func (fa *fwApp) repopulateWindow() { func (fa *fwApp) repopulateWindow() {
@ -727,7 +724,6 @@ func (fa *fwApp) switchStackItem(dir switcherDirection) {
fa.onStackChanged() fa.onStackChanged()
} }
/* /*
* Handlers * Handlers
*/ */
@ -853,7 +849,6 @@ func (fa *fwApp) onRulesKeyPress(i interface{}, e *gdk.Event) bool {
return true return true
} }
/* /*
* Users, Groups * Users, Groups
*/ */
@ -895,7 +890,6 @@ func (fa *fwApp) cacheGroups() error {
return nil return nil
} }
/* /*
* Exported * Exported
*/ */
@ -924,8 +918,17 @@ func (fa *fwApp) ConnectShortcut(accel, group, title string, w gtk.Window, actio
}) })
} }
func (fa *fwApp) LookupUsername(uid int32) string { func (fa *fwApp) LookupUsername(realm string, uid int32) string {
// TODO: needs to be realm aware // TODO: needs to be realm aware
// TODO: cache ^^
if realm != "" {
user := ""
var db, _ = dbus.SystemBus()
obj := db.Object("com.subgraph.realms", "/")
obj.Call("com.subgraph.realms.Manager.RealmUsernameFromUID", 0, realm, strconv.Itoa(int(uid))).Store(&user)
return user
}
if uid == -1 { if uid == -1 {
return "any" return "any"
} }
@ -938,8 +941,17 @@ func (fa *fwApp) LookupUsername(uid int32) string {
return "unknown" return "unknown"
} }
func (fa *fwApp) LookupGroup(gid int32) string { func (fa *fwApp) LookupGroup(realm string, gid int32) string {
// TODO: needs to be realm aware // TODO: needs to be realm aware
// ^^ cache
if realm != "" {
group := ""
var db, _ = dbus.SystemBus()
obj := db.Object("com.subgraph.realms", "/")
obj.Call("com.subgraph.realms.Manager.RealmGroupnameFromGID", 0, realm, strconv.Itoa(int(gid))).Store(&group)
return group
}
if gid == -1 { if gid == -1 {
return "any" return "any"
} }
@ -952,7 +964,6 @@ func (fa *fwApp) LookupGroup(gid int32) string {
return "unknown" return "unknown"
} }
/* /*
* Global Utils * Global Utils
*/ */
@ -990,7 +1001,6 @@ func readColonFile(r io.Reader, fn func(line []byte)) (v interface{}, err error)
return nil, bs.Err() return nil, bs.Err()
} }
/* /*
* Main * Main
*/ */

@ -226,13 +226,13 @@ func (rr *ruleRow) update() {
tt = tt + " for " tt = tt + " for "
} }
if rr.rule.UID > -1 { if rr.rule.UID > -1 {
tt = tt + rr.rl.app.LookupUsername(rr.rule.UID) tt = tt + rr.rl.app.LookupUsername(rr.rule.Sandbox, rr.rule.UID)
} }
if rr.rule.UID > -1 && rr.rule.GID > -1 { if rr.rule.UID > -1 && rr.rule.GID > -1 {
tt = tt + ":" tt = tt + ":"
} }
if rr.rule.GID > -1 { if rr.rule.GID > -1 {
tt = tt + rr.rl.app.LookupGroup(rr.rule.GID) tt = tt + rr.rl.app.LookupGroup(rr.rule.Sandbox, rr.rule.GID)
} }
rr.gtkLabelTarget.SetText(tt) rr.gtkLabelTarget.SetText(tt)
} }

@ -9,6 +9,8 @@ const St = imports.gi.St;
const CheckBox = imports.ui.checkBox const CheckBox = imports.ui.checkBox
const ModalDialog = imports.ui.modalDialog; const ModalDialog = imports.ui.modalDialog;
const Tweener = imports.ui.tweener; const Tweener = imports.ui.tweener;
const Extension = imports.misc.extensionUtils.getCurrentExtension();
const Misc = Extension.imports.misc;
const RuleScope = { const RuleScope = {
APPLY_SESSION: 0, APPLY_SESSION: 0,
@ -22,36 +24,47 @@ const DetailSection = new Lang.Class({
Name: 'DetailSection', Name: 'DetailSection',
_init: function(sandboxed) { _init: function(sandboxed) {
this.actor = new St.BoxLayout({ style_class: 'fw-details-section' }); //this.actor = new St.BoxLayout({ style_class: 'fw-details-section', pack_start: false });
this.actor = new St.BoxLayout({ style_class: 'fw-details-section-container', pack_start: false });
this._cont = new St.BoxLayout({ style_class: 'fw-details-section' });
this._left = new St.BoxLayout({ vertical: true, style_class: 'fw-details-left' }); this._left = new St.BoxLayout({ vertical: true, style_class: 'fw-details-left' });
//this._right = new St.BoxLayout({ vertical: true, style_class: 'fw-details-right' });
this._right = new St.BoxLayout({ vertical: true, style_class: 'fw-details-right' }); this._right = new St.BoxLayout({ vertical: true, style_class: 'fw-details-right' });
this.actor.add_child(this._left); this._more = new St.BoxLayout({ vertical: true, style_class: 'fw-details-right', y_align: Clutter.ActorAlign.CENTER, x_align: St.Align.END });
this.actor.add_child(this._right); this._cont.add_child(this._left);
this._cont.add_child(this._right);
this.actor.add_child(this._cont);
this.actor.add_child(this._more);
//this.actor.add_child(this._left);
//this.actor.add_child(this._right);
//this.actor.add_child(this._more);
if (sandboxed) {
this.sandbox = this._addDetails("Realm:");
}
this.ipAddr = this._addDetails("IP Address:"); this.ipAddr = this._addDetails("IP Address:");
this.path = this._addDetails("Path:"); this.path = this._addDetails("Path:");
this.pid = this._addDetails("Process ID:"); this.pid = this._addDetails("Process ID:");
this.origin = this._addDetails("Origin:"); this.origin = this._addDetails("Origin IP address:");
this.user = this._addCheckboxDetails("User:"); this.user = this._addCheckboxDetails("User:");
this.group = this._addCheckboxDetails("Group:"); this.group = this._addCheckboxDetails("Group:");
this.sandboxed = sandboxed; this.sandboxed = sandboxed;
if (sandboxed) {
this.sandbox = this._addDetails("Sandbox:");
}
this.optstring = this._addDetails(""); this.optstring = this._addDetails("");
}, },
_addDetails: function(text, d) { _addDetails: function(text, d) {
let title = new St.Label({ style_class: 'fw-detail-title', text: text}); let title = new St.Label({ style_class: 'fw-detail-title', text: text});
//this._left.add(title, { expand: true, x_fill: false, x_align: St.Align.END});
this._left.add(title, { expand: true, x_fill: false, x_align: St.Align.END}); this._left.add(title, { expand: true, x_fill: false, x_align: St.Align.END});
let msg = new St.Label({ style_class: 'fw-detail-message' }); let msg = new St.Label({ style_class: 'fw-detail-message' });
if (d === undefined) { if (d === undefined) {
this._right.add(msg); // this._right.add(msg);
this._right.add(msg, { expand: true, x_fill: false, x_align: St.Align.END});
} else { } else {
let inner = new St.BoxLayout({ vertical: false, style_class: 'fw-ugid-apply-checkbox' }); let inner = new St.BoxLayout({ vertical: false, style_class: 'fw-ugid-apply-checkbox', x_align: St.Align.END });
inner.add(msg); //inner.add(msg);
inner.add(d.actor); inner.add(msg, { expand: true, x_fill: true, x_align: St.Align.END});
inner.add(d.actor, { x_fill: true, x_align: St.Align.END, expand: true});
this._right.add(inner); this._right.add(inner);
} }
return msg; return msg;
@ -60,13 +73,14 @@ const DetailSection = new Lang.Class({
_addCheckboxDetails: function(text) { _addCheckboxDetails: function(text) {
let title = new St.Label({ style_class: 'fw-detail-title', text: text}); let title = new St.Label({ style_class: 'fw-detail-title', text: text});
title.hide(); title.hide();
//this._left.add(title, { expand: true, x_fill: false, x_align: St.Align.END});
this._left.add(title, { expand: true, x_fill: false, x_align: St.Align.END}); this._left.add(title, { expand: true, x_fill: false, x_align: St.Align.END});
//let msg = new St.Label({ style_class: 'fw-detail-message' }); //let msg = new St.Label({ style_class: 'fw-detail-message' });
let check = new CheckBox.CheckBox(""); let check = new CheckBox.CheckBox("");
check.actor.checked = true; check.actor.checked = true;
check.actor.hide(); check.actor.hide();
this._right.add(check.actor); this._right.add(check.actor, { expand: true, x_align: St.Align.END, x_fill: false});
/* /*
let inner = new St.BoxLayout({ vertical: false, style_class: 'fw-ugid-apply-checkbox' }); let inner = new St.BoxLayout({ vertical: false, style_class: 'fw-ugid-apply-checkbox' });
@ -115,10 +129,78 @@ const DetailSection = new Lang.Class({
} }
if (sandbox != "") { if (sandbox != "") {
this.sandbox.text = sandbox;
//this.sandbox = new St.Label({ style_class: 'fw-detail-message' });
//this._right.remove_child(this.sandbox);
//let yek = new St.Label({ style_class: 'fw-detail-message' });
var [r,g,b] = Misc.pastelColorsFromName(sandbox);
var hexbg = r.toString(16) + g.toString(16) + b.toString(16);
this.sandbox.get_clutter_text().set_markup('<span font_weight="bold" underline_color="#'+hexbg+'"><u>'+sandbox+'</u></span>');
//this._right.add_child(yek);
//this.sandbox.show();
// result_label.get_clutter_text().set_markup('<span foreground="' + styles[stat] + '" underline_color="red">' + Fuzzy.fuzzysort.highlight(r[k], open = '<u>', close = '</u>') + '</span>');
// global.log(hexbg);
/* var _dot = new St.Widget({ style_class: 'realm-running-dot',//'app-well-app-running-dot',
layout_manager: new Clutter.BinLayout(),
x_expand: true, y_expand: true,
x_align: Clutter.ActorAlign.CENTER,
y_align: Clutter.ActorAlign.CENTER });
_dot.style = 'background-color: #'+hexbg+';width: '+width+'px;';
this.sandbox.add_actor(_dot);
this.sandbox = _dot;
_dot.show(); */
} }
this.optstring.text = optstring this.optstring.text = optstring;
let windows = global.get_window_actors();
let tnpid = -1;
let winpids = {};
let t;
let mw;
let x = 0;
let thumb = false;
for (x = 0; x < windows.length; x++) {
mw = windows[x].get_meta_window();
if (typeof mw != 'undefined') {
global.log("pid: "+pid+" mw.get_client_pid(): "+mw.get_client_pid().toString());
winpids[pid] = windows[x].get_meta_window();
if (pid == mw.get_client_pid().toString()) {
t = Misc.getThumbnail(mw);
this._more.add(t);
tnpid = pid;
thumb = true;
break;
}
}
}
if (pid > 1 && tnpid == -1) {
tnpid = Misc.findParentProcessWindow(pid);
global.log(tnpid);
}
if (tnpid > 1 && thumb == false) {
for (x = 0; x < windows.length; x++) {
mw = windows[x].get_meta_window();
if (typeof mw != 'undefined') {
if (tnpid == mw.get_client_pid().toString()) {
t = Misc.getThumbnail(mw);
t.expand = true;
t.x_align = St.Align.END;
t.x_fill = true;
t.y_fill = true;
this._more.add(t);
thumb = true;
break;
}
}
}
}
if (thumb == true) {
this._right.height = this._left.height;
}
} }
}); });
@ -184,7 +266,7 @@ const OptionList = new Lang.Class({
} }
this.actor.add_child(this.buttonGroup.actor); this.actor.add_child(this.buttonGroup.actor);
this.items = []; this.items = [];
this._selected; this._selected = "";
this.tlsGuard = false; this.tlsGuard = false;
if (sandboxed) { if (sandboxed) {
this.tlsGuard = true; this.tlsGuard = true;
@ -595,7 +677,9 @@ const PromptDialogHeader = new Lang.Class({
if (!remaining) { if (!remaining) {
this.waiting.text; this.waiting.text;
} else { } else {
this.waiting.text = "Remaining: " + remaining; //ithis.waiting.text = "Remaining: " + remaining;
// this.waiting = new St.Label({style_class: 'fw-prompt-waiting', text: "Remaining: " + remaining});
} }
}, },
@ -782,7 +866,7 @@ const PromptDialog = new Lang.Class({
} }
if (sandbox != "") { if (sandbox != "") {
application = application + " (sandboxed)" application = application;
} }
this.header.setTitle(application); this.header.setTitle(application);

@ -134,7 +134,7 @@ const FirewallPromptHandler = new Lang.Class({
return false; return false;
} }
let fname = binding.replace(/-([a-z])/g, function (g) { return g[1].toUpperCase(); }); // let fname = binding.replace(/-([a-z])/g, function (g) { return g[1].toUpperCase(); });
let fname = "_on"+ fname[0].toUpperCase() + fname.substr(1); let fname = "_on"+ fname[0].toUpperCase() + fname.substr(1);
if (!( fname in this._dialog )) { if (!( fname in this._dialog )) {
log("SGFW: Invalid key binding (1)... " + fname); log("SGFW: Invalid key binding (1)... " + fname);
@ -291,18 +291,18 @@ const FirewallPromptHandler = new Lang.Class({
} }
}, },
_updateDialogRemainingPrompts: function() { _updateDialogRemainingPrompts: function() { /*
if (this._dialog === null) { if (this._dialog === null) {
return; return;
} }
try { try {
let remaining = (this._guids.length - 1); let remaining = (this._guids.length - 1);
if (remaining > 0) { /*if (remaining > 0) {
this._dialog.updateRemainingPrompts(remaining); this._dialog.updateRemainingPrompts(remaining);
} }
} catch(err) { } catch(err) {
log("SGFW: Error while updating remaining dialogs count: " + err); log("SGFW: Error while updating remaining dialogs count: " + err);
} }*/
return; return;
} }

@ -76,6 +76,10 @@
font-weight: bold; font-weight: bold;
} }
.fw-details-section-container {
padding: 5px;
}
.fw-details-section { .fw-details-section {
padding: 20px; padding: 20px;
} }
@ -113,3 +117,11 @@
padding-top: 2px !important; padding-top: 2px !important;
vertical-align: middle; vertical-align: middle;
} }
.realm-running-dot {
min-width: 15px;
height: 2px;/*3*/
background-color: #ffffff;
padding: 0px 0px 0px 0px;
margin: 0px 0px 0px 0px;
}

@ -269,8 +269,8 @@ func (ds *dbusServer) GetPendingRequests(policy string) (bool, *dbus.Error) {
pc.proto(), pc.proto(),
int32(pc.procInfo().UID), int32(pc.procInfo().UID),
int32(pc.procInfo().GID), int32(pc.procInfo().GID),
uidToUser(pc.procInfo().UID), uidToUser(pc.sandbox(),pc.procInfo().UID),
gidToGroup(pc.procInfo().GID), gidToGroup(pc.sandbox(),pc.procInfo().GID),
int32(pc.procInfo().Pid), int32(pc.procInfo().Pid),
pc.sandbox(), pc.sandbox(),
pc.socks(), pc.socks(),

@ -426,7 +426,7 @@ func (p *Policy) filterPendingOne(rule *Rule, guid string) {
continue continue
} }
if rule.match(pc.src(), pc.dst(), pc.dstPort(), pc.hostname(), pc.proto(), pc.procInfo().UID, pc.procInfo().GID, uidToUser(pc.procInfo().UID), gidToGroup(pc.procInfo().GID), pc.procInfo().Sandbox) { if rule.match(pc.src(), pc.dst(), pc.dstPort(), pc.hostname(), pc.proto(), pc.procInfo().UID, pc.procInfo().GID, uidToUser(pc.sandbox(),pc.procInfo().UID), gidToGroup(pc.sandbox(),pc.procInfo().GID), pc.procInfo().Sandbox) {
prompter := pc.getPrompter() prompter := pc.getPrompter()
if prompter == nil { if prompter == nil {
@ -465,7 +465,7 @@ func (p *Policy) filterPendingOne(rule *Rule, guid string) {
func (p *Policy) filterPending(rule *Rule) { func (p *Policy) filterPending(rule *Rule) {
remaining := []pendingConnection{} remaining := []pendingConnection{}
for _, pc := range p.pendingQueue { for _, pc := range p.pendingQueue {
if rule.match(pc.src(), pc.dst(), pc.dstPort(), pc.hostname(), pc.proto(), pc.procInfo().UID, pc.procInfo().GID, uidToUser(pc.procInfo().UID), gidToGroup(pc.procInfo().GID), pc.procInfo().Sandbox) { if rule.match(pc.src(), pc.dst(), pc.dstPort(), pc.hostname(), pc.proto(), pc.procInfo().UID, pc.procInfo().GID, uidToUser(pc.sandbox(),pc.procInfo().UID), gidToGroup(pc.sandbox(),pc.procInfo().GID), pc.procInfo().Sandbox) {
prompter := pc.getPrompter() prompter := pc.getPrompter()
if prompter == nil { if prompter == nil {
@ -606,7 +606,6 @@ func (fw *Firewall) filterPacket(pkt *nfqueue.NFQPacket, timestamp time.Time) {
// return // return
} else { } else {
ppath = pinfo.ExePath ppath = pinfo.ExePath
optstring = fmt.Sprintf("Realm: %s", pinfo.Realm)
cf := strings.Fields(pinfo.CmdLine) cf := strings.Fields(pinfo.CmdLine)
if len(cf) > 1 && strings.HasPrefix(cf[1], "/") { if len(cf) > 1 && strings.HasPrefix(cf[1], "/") {
for _, intp := range _interpreters { for _, intp := range _interpreters {
@ -896,7 +895,8 @@ func findProcessForPacket(pkt *nfqueue.NFQPacket, reverse bool, strictness int)
} }
if res != nil { if res != nil {
optstr = "Realm: " + OzInitPids[i].Name //optstr = "Realm: " + OzInitPids[i].Name
res.Realm = OzInitPids[i].Name
res.Sandbox = OzInitPids[i].Name res.Sandbox = OzInitPids[i].Name
res.ExePath = GetRealRoot(res.ExePath, OzInitPids[i].Pid) res.ExePath = GetRealRoot(res.ExePath, OzInitPids[i].Pid)
break break

@ -158,7 +158,7 @@ func monitorPromptFDs(pc pendingConnection) {
//fmt.Printf("ADD TO MONITOR: %v | %v / %v / %v\n", pc.policy().application, guid, pid, fd) //fmt.Printf("ADD TO MONITOR: %v | %v / %v / %v\n", pc.policy().application, guid, pid, fd)
if pid == -1 || fd == -1 || prompter == nil { if pid == -1 || fd == -1 || prompter == nil {
log.Warningf("Unexpected error condition occurred while adding socket fd to monitor: %d %d %v",pid, fd, prompter) log.Warning("Unexpected error condition occurred while adding socket fd to monitor");
return return
} else { } else {
log.Warning("No unexpected errors"); log.Warning("No unexpected errors");
@ -315,8 +315,8 @@ func (p *prompter) processConnection(pc pendingConnection) {
pc.proto(), pc.proto(),
int32(pc.procInfo().UID), int32(pc.procInfo().UID),
int32(pc.procInfo().GID), int32(pc.procInfo().GID),
uidToUser(pc.procInfo().UID), uidToUser(pc.sandbox(), pc.procInfo().UID),
gidToGroup(pc.procInfo().GID), gidToGroup(pc.sandbox(), pc.procInfo().GID),
int32(pc.procInfo().Pid), int32(pc.procInfo().Pid),
pc.sandbox(), pc.sandbox(),
pc.socks(), pc.socks(),
@ -589,7 +589,16 @@ func lookupGroup(gid int) string {
return g.Name return g.Name
} }
func uidToUser(uid int) string { func uidToUser(realm string, uid int) string {
// TODO: cache
if (realm != "") {
user := "";
var db,_ = dbus.SystemBus()
obj := db.Object("com.subgraph.realms", "/")
obj.Call("com.subgraph.realms.Manager.RealmUsernameFromUID", 0, realm, strconv.Itoa(uid)).Store(&user)
return user;
}
uname, ok := userMap[uid] uname, ok := userMap[uid]
if ok { if ok {
return uname return uname
@ -599,7 +608,16 @@ func uidToUser(uid int) string {
return uname return uname
} }
func gidToGroup(gid int) string { func gidToGroup(realm string, gid int) string {
// TODO: cache
if (realm != "") {
group := "";
var db,_ = dbus.SystemBus()
obj := db.Object("com.subgraph.realms", "/")
obj.Call("com.subgraph.realms.Manager.RealmGroupnameFromGID", 0, realm, strconv.Itoa(gid)).Store(&group)
return group;
}
gname, ok := groupMap[gid] gname, ok := groupMap[gid]
if ok { if ok {
return gname return gname

@ -200,7 +200,7 @@ func (rl *RuleList) filter(pkt *nfqueue.NFQPacket, src, dst net.IP, dstPort uint
//log.Notice("! Skipping comparison of mismatching PIDs") //log.Notice("! Skipping comparison of mismatching PIDs")
continue continue
} }
if r.match(src, dst, dstPort, hostname, nfqproto, pinfo.UID, pinfo.GID, uidToUser(pinfo.UID), gidToGroup(pinfo.GID), pinfo.Sandbox) { if r.match(src, dst, dstPort, hostname, nfqproto, pinfo.UID, pinfo.GID, uidToUser(pinfo.Sandbox, pinfo.UID), gidToGroup(pinfo.Sandbox, pinfo.GID), pinfo.Sandbox) {
// log.Notice("+ MATCH SUCCEEDED") // log.Notice("+ MATCH SUCCEEDED")
dstStr := dst.String() dstStr := dst.String()
if FirewallConfig.LogRedact { if FirewallConfig.LogRedact {

Loading…
Cancel
Save