Can firejail trace program filesystem changes? #5882
danielkrajnik
started this conversation in
Ideas
Replies: 1 comment 1 reply
-
|
Sorry, just realized that strace has an -f (--follow-forks) option that also lets you capture child processes. If anyone knows though about any solution that compares before and after of filesystem state in firejail that would be still interesting and useful for long-running processes (strace can make execution much slower.) |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
This approach isn't very helpful if you run a program with a subset of your filesystem rather than a new sysroot. Because you can not know if a filesystem chnage was done external or by the sandbox. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Does anyone know if firejail could be used to trace changes (e.g. files created/modified) of a sandboxed process:
firejail trace-files <process> | xargs <process created files>Strace comes to mind, but it doesn't seem to include changes (created files) by its forked child processes. In firejail it seems to be easier, because you could just compare before and after the process runs any files created in its namespace.
This may not be the usual way firejail is used and maybe there have been other snadboxing techniques that achieve this (I'd be surprised if there weren't any), so please let me know your thoughts.
I'm trying track what files an odaconverter creates and it's cli isn't very reliable, so this would be really really helpful.
Beta Was this translation helpful? Give feedback.
All reactions