matth
/
fw-daemon
mirror of https://github.com/subgraph/fw-daemon
1
1
Fork 0
Code Releases Activity

Sandboxed process entries in GUI now include sandbox name/ID in display.

Browse Source 
Removed fatal error when a connection to oz-control socket cannot be established.
shw_dev
shw 7 years ago
parent ba35abfb46
commit a930fbbce0
3 changed files with 20 additions and 13 deletions
Show Stats Download Patch File Download Diff File

26
sgfw/ipc.go
Unescape View File

@ -13,23 +13,29 @@ import (
const ReceiverSocketPath = "/tmp/fwoz.sock" const ReceiverSocketPath = "/tmp/fwoz.sock"
var OzInitPids []int = []int{} type OzInitProc struct {
Name string
Pid int
}
var OzInitPids []OzInitProc = []OzInitProc{}
func addInitPid(pid int) { func addInitPid(pid int, name string) {
fmt.Println("::::::::::: init pid added: ", pid) fmt.Println("::::::::::: init pid added: ", pid, " -> ", name)
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
if OzInitPids[i] == pid { if OzInitPids[i].Pid == pid {
return return
} }
} }
OzInitPids = append(OzInitPids, pid) ozi := OzInitProc{Name: name, Pid: pid}
OzInitPids = append(OzInitPids, ozi)
} }
func removeInitPid(pid int) { func removeInitPid(pid int) {
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
if OzInitPids[i] == pid { if OzInitPids[i].Pid == pid {
OzInitPids = append(OzInitPids[:i], OzInitPids[i+1:]...) OzInitPids = append(OzInitPids[:i], OzInitPids[i+1:]...)
return return
} }
@ -154,7 +160,7 @@ func ReceiverLoop(fw *Firewall, c net.Conn) {
return return
} }
if tokens[0] == "register-init" && len(tokens) == 2 { if tokens[0] == "register-init" && len(tokens) >= 3 {
initp := tokens[1] initp := tokens[1]
initpid, err := strconv.Atoi(initp) initpid, err := strconv.Atoi(initp)
@ -164,7 +170,8 @@ func ReceiverLoop(fw *Firewall, c net.Conn) {
return return
} }
addInitPid(initpid) ozname := strings.Join(tokens[2:], " ")
addInitPid(initpid, ozname)
c.Write([]byte("OK.\n")) c.Write([]byte("OK.\n"))
return return
} }
@ -258,7 +265,8 @@ func OzReceiver(fw *Firewall) {
if len(sboxes) > 0 { if len(sboxes) > 0 {
log.Warning("Adding existing Oz sandbox init pids...") log.Warning("Adding existing Oz sandbox init pids...")
for s := 0; s < len(sboxes); s++ { for s := 0; s < len(sboxes); s++ {
addInitPid(sboxes[s].InitPid) profname := fmt.Sprintf("%s (%d)", sboxes[s].Profile, sboxes[s].Id)
addInitPid(sboxes[s].InitPid, profname)
} }
} else { } else {
log.Warning("It does not appear there were any Oz sandboxed processes already launched.") log.Warning("It does not appear there were any Oz sandboxed processes already launched.")

6
sgfw/policy.go
Unescape View File

@ -505,7 +505,7 @@ func findProcessForPacket(pkt *nfqueue.NFQPacket) (*procsnitch.Info, string) {
for i := 0; i < len(OzInitPids); i++ { for i := 0; i < len(OzInitPids); i++ {
data := "" data := ""
fname := fmt.Sprintf("/proc/%d/net/tcp", OzInitPids[i]) fname := fmt.Sprintf("/proc/%d/net/tcp", OzInitPids[i].Pid)
fmt.Println("XXX: opening: ", fname) fmt.Println("XXX: opening: ", fname)
bdata, err := readFileDirect(fname) bdata, err := readFileDirect(fname)
@ -531,8 +531,8 @@ fmt.Println("XXX: opening: ", fname)
res = procsnitch.LookupTCPSocketProcessAll(srcip, srcp, dstip, dstp, rlines) res = procsnitch.LookupTCPSocketProcessAll(srcip, srcp, dstip, dstp, rlines)
if res != nil { if res != nil {
optstr = "[Sandboxed application]" optstr = "Sandbox: " + OzInitPids[i].Name
res.ExePath = getRealRoot(res.ExePath, OzInitPids[i]) res.ExePath = getRealRoot(res.ExePath, OzInitPids[i].Pid)
break break
} }
} }

1
sgfw/snitch-ext.go
Unescape View File

@ -30,7 +30,6 @@ var ozCtrlFactory = ipc.NewMsgFactory(
func getSandboxes() ([]SandboxInfo, error) { func getSandboxes() ([]SandboxInfo, error) {
c, err := ipc.Connect(socketPath, ozCtrlFactory, nil) c, err := ipc.Connect(socketPath, ozCtrlFactory, nil)
if err != nil { if err != nil {
log.Fatal("Error connecting to oz control socket: ", err)
return nil, err return nil, err
} }

Write Preview
Loading…
Cancel
Save