lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ac4e929e-bcf1-4c78-971f-20cf9e683d4d@gmx.net>
Date: Wed, 21 Aug 2024 09:20:48 +0200
From: "peter.boettcher1.gmx.net" <peter.boettcher1@....net>
To: linux-kernel@...r.kernel.org
Subject: Control-Path Procedure

---------------------------------
Presentation and suggestion of a simple control path procedure for
the Linux kernel.
---------------------------------

TESTED:
Linux Kernel 6.1.0 - 6.10.1

Compile without Errors or Warnings

No loss of speed noted.

---------------------------------
Basics in advance:
A control path procedure requires maintenance and must be updated regularly.
But this is not a job of the Linux kernel.



---------------------------------
Supported are users, groups, directories, path, file size, file hash.

All programs are checked before starting. Such as binaries, scripts,
Java, Python files etc..

Programs and directories that are not in the list in the kernel are
not found and therefore are not started.

The control data is loaded into the kernel line by line as text and sorted.
This results in short search times.

Tested 40000 plus lines.


Two lists are evaluated in the kernel.
Files and directories.

---------------------------------
Rules:
a = user allowd
ga = group allowed

d = user deny
gd = group deny

ai = user allowed script in this form. Interpreter script
gai = group allow script ...

ai and gai are important so that interpreters cannot be executed 
interactively.

If "insmod" is used to start modules, modules can also be checked.



Structure of the control text/line
FILES:
<RIGHTS>:<USER ID/GROUP ID>;<FILE SIZE>:<FILE HASH>;<FILE PATH>
Example:
a:0;1234;abc123;/sbin/cp
ga:20000;1234;abc123;/sbin/cp

DIRECTORIES:
<RIGHTS>:<USER ID/ GROUP ID>;<PATH + "/">
Example:
a:0;/proc/



INTERPRETER etc.:
Example:
ai:1000;12345;abc123;/usr/bin/python
a:1000;1234;a12;/PATH/file.py

In this case, "python" cannot be started interactively, but the script
is started.

If the script is in the PATH, have "Shebang", its start immedetly.
Otherwise full path required.

Or in this form:
python /PATH/file.py

If python not in path:
/PATH/python /PATH/file.py


---------------------------------
It's not a problem if a line of text doesn't follow the rules,
it just won't get a hit.


The control data is loaded by ROOT with a "USER-LAND TOOL".
This tool must evaluate the control file and sort the list.

The "USER-LAND TOOL" recognizes a directory path by the final SLASH.


--------------------------------------
Information regarding status and information about started programs is 
displayed
with

/proc/safer.learning
/proc/safer.info

Only root can see this information.


------------------------------
A good idea to get a control file is to work with the system
for a while without "Safer Mode" active.

After that, "/proc/safer.learning" can be used as a control file.
You need Section FILE learning LIST.
Example is at the end.


Programs that are needed later can then be recorded via "dmesg" or from 
"safer.learning".

Developers have to unlock directories in order to work productively.

However, users and servers would benefit from increased security.
Downloaded malware, exploits, etc. would not be started.


CONTAINERS are also supported.



---------------------------------
Activate:
At what point can the control data be loaded into the kernel and activated?

initramfs
system start, like rc.local etc.
manually at any time
compiled in the kernel?


You can lock.
No changes are possible.
Until the restart.


---------------------------------
There are two program variants for loading the control data into the kernel:

Additional parameter for execve:
Therefore, "execve" has 5 parameters.
Thus, all CPU architectures are supported.
I hope.

This is unconventional but works and saves
a syscall.


But I would be happy to hear about an alternative.



With a new SYSCALL:
AMD64 tested.








------------------------------

--- exec.c    2024-07-24 15:54:07.000000000 +0200
+++ exec.new.c    2024-08-11 19:58:03.774355327 +0200
@@ -78,6 +78,18 @@

  #include <trace/events/sched.h>

+
+
+
+#define add_safer
+
+#ifdef add_safer
+#include <crypto/internal/hash.h>
+static int exec_second_step(const char *filename);
+#endif
+
+
+
  static int bprm_creds_from_file(struct linux_binprm *bprm);

  int suid_dumpable = 0;
@@ -931,6 +943,16 @@
          .lookup_flags = LOOKUP_FOLLOW,
      };

+
+
+
+#ifdef add_safer
+    if (exec_second_step(name->name) == -2) return(ERR_PTR(-2));
+#endif
+
+
+
+
      if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_EMPTY_PATH)) != 0)
          return ERR_PTR(-EINVAL);
      if (flags & AT_SYMLINK_NOFOLLOW)
@@ -2140,6 +2162,18 @@
      set_mask_bits(&mm->flags, MMF_DUMPABLE_MASK, value);
  }

+
+
+
+
+/* change safer */
+#ifdef add_safer
+#include "safer.c"
+#endif
+
+
+
+#ifndef add_safer
  SYSCALL_DEFINE3(execve,
          const char __user *, filename,
          const char __user *const __user *, argv,
@@ -2147,6 +2181,10 @@
  {
      return do_execve(getname(filename), argv, envp);
  }
+#endif
+
+
+

  SYSCALL_DEFINE5(execveat,
          int, fd, const char __user *, filename,




------------------------------
--- Makefile    2024-07-24 15:54:07.000000000 +0200
+++ Makefile.new    2024-07-26 23:14:56.605043898 +0200
@@ -17,6 +17,8 @@
          fs_types.o fs_context.o fs_parser.o fsopen.o init.o \
          kernel_read_file.o mnt_idmapping.o remap_range.o pidfs.o

+obj-y                += safer_info.o
+obj-y                += safer_learning.o
  obj-$(CONFIG_BUFFER_HEAD)    += buffer.o mpage.o
  obj-$(CONFIG_PROC_FS)        += proc_namespace.o
  obj-$(CONFIG_LEGACY_DIRECT_IO)    += direct-io.o






------------------------------
safer.c
No Syscall.
------------------------------


/* Copyright (c) 2022/03/28, 2022.09.17, Peter Boettcher, Germany/NRW, 
Muelheim Ruhr, mail:peter.boettcher@....net
  * Urheber: 2022.03.28, 2022.09.17, Peter Boettcher, Germany/NRW, 
Muelheim Ruhr, mail:peter.boettcher@....net

  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2, or (at your option)
  * any later version.

  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.

  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>
*/



/*
     Program        : safer.c
     Path        : fs/

     TEST        : Kernel 6.0 - 6.10.1
               Lenovo X230, T460, T470, Fujitsu Futro S xxx, AMD Ryzen
               Proxmox, Docker

*/


/*
Look -> "exec_first_step"
Limit argv[0] = 1000
Reason glibc
A GOOD IDEA? I don't know?
But it's works
when in doubt remove it
*/



/* HASH ?*/

/* Your choice */
/*
#define HASH_ALG "md5"
#define DIGIT 16
*/

#define HASH_ALG "sha256"
#define DIGIT 32

/*
#define HASH_ALG "sha512"
#define DIGIT 64
*/

/*your choice */
#define MAX_DYN 100000
#define MAX_DYN_BYTES MAX_DYN * 200
#define ARGV_MAX 16
#define LEARNING_ARGV_MAX 5000
#define KERNEL_READ_SIZE 2000000




#define RET_SHELL -2
#define ALLOWED 0
#define NOT_ALLOWED -1
#define CONTROL_ERROR -1
#define CONRTOL_OK 0
#define ERROR -1
#define NOT_IN_LIST -1
#define IN_LIST 0


static DEFINE_MUTEX(learning_lock);
static DEFINE_MUTEX(control);


static bool    safer_show_mode = false;
static bool    safer_mode = false;

static bool    printk_allowed = false;
static bool    printk_deny = false;
static bool    learning_mode = true;
static bool    change_mode = true;    /*true = change_mode allowed */
static bool    verbose_param_mode = false;

static char    **global_list_prog = NULL;
static long    global_list_prog_size = 0;

static char    **global_list_learning = NULL;
static long    global_list_learning_size = 0;

static char    **global_list_learning_argv = NULL;
static long    global_list_learning_argv_size = 0;
static bool    global_list_learning_argv_init = false;

static char    **global_list_folder = NULL;
static long    global_list_folder_size = 0;

static long    global_list_progs_bytes = 0;
static long    global_list_folders_bytes = 0;




/* proto. */
struct sum_hash_struct {
     int    retval;
     char    hash_string[DIGIT * 2 + 1];
     ssize_t    file_size;
};


/* proto. */
struct  safer_info_struct {
     bool safer_show_mode;
     bool safer_mode;
     bool printk_allowed;
     bool printk_deny;
     bool learning_mode;
     bool change_mode;
     long global_list_prog_size;
     long global_list_folder_size;
     char **global_list_prog;
     char **global_list_folder;
     long global_hash_size;
     long global_list_progs_bytes;
     long global_list_folders_bytes;
};


/* proto. */
struct  safer_learning_struct {
     long global_list_learning_size;
     char **global_list_learning;
     long global_list_learning_argv_max;
     long global_list_learning_argv_size;
     char **global_list_learning_argv;
};


/* Makes compiler happy */
void safer_info(struct safer_info_struct *info);
void safer_learning(struct safer_learning_struct *learning);


/* DATA: Only over function */
void safer_info(struct safer_info_struct *info)
{
     info->safer_show_mode =safer_show_mode;
     info->safer_mode = safer_mode;
     info->printk_allowed = printk_allowed;
     info->printk_deny = printk_deny;
     info->learning_mode = learning_mode;
     info->change_mode = change_mode;
     info->global_list_prog_size = global_list_prog_size;
     info->global_list_folder_size = global_list_folder_size;
     info->global_list_prog = global_list_prog;
     info->global_list_folder = global_list_folder;
     info->global_hash_size = KERNEL_READ_SIZE;
     info->global_list_progs_bytes = global_list_progs_bytes;
     info->global_list_folders_bytes = global_list_folders_bytes;
     return;
}



/* DATA: Only over function */
void safer_learning(struct safer_learning_struct *learning)
{
     learning->global_list_learning_size = global_list_learning_size;
     learning->global_list_learning = global_list_learning;
     learning->global_list_learning_argv_max = LEARNING_ARGV_MAX;
     learning->global_list_learning_argv_size = 
global_list_learning_argv_size;
     learning->global_list_learning_argv = global_list_learning_argv;
     return;
}



static int besearch_file(char *str_search,
             char **list,
             long elements)
{
     long left, right;
     long middle;
     long int_ret;

     left = 0;
     right = elements - 1;

     while(left <= right) {
         middle = (left + right) / 2;

         int_ret = strcmp(list[middle], str_search);

         if (int_ret == 0) return 0;
         else if (int_ret < 0) left = middle + 1;
         else if (int_ret > 0) right = middle - 1;
     }

     return NOT_IN_LIST;
}





static int besearch_folder(    char *str_search,
                 char **list,
                 long elements)
{
     long left, right;
     long middle;
     long int_ret;


     if (str_search[strlen(str_search) -1] == '/' ) return NOT_IN_LIST;


     left = 0;
     right = elements - 1;

     while(left <= right) {
         middle = (left + right) / 2;

         int_ret = strncmp(list[middle], str_search, strlen(list[middle]));

         if (int_ret == 0) return 0;
         else if (int_ret < 0) left = middle + 1;
         else if (int_ret > 0) right = middle - 1;
     }

     return NOT_IN_LIST;
}




static long search(char *str_search,
         char **list,
         long elements)
{
     long n;

     for (n = 0; n < elements; n++) {
         if (strncmp(list[n], str_search, strlen(list[n])) == 0) return 0;
     }

     return NOT_IN_LIST;
}



static struct sum_hash_struct get_hash_sum_buffer(char buffer[], int 
max, const char *hash_alg, int digit)
{

     char            hash_out[64];
     struct crypto_shash    *hash;
     struct shash_desc    *shash;
     struct sum_hash_struct    hash_sum;

     char            hash_[2];


     hash = crypto_alloc_shash(hash_alg, 0, 0);
     if (IS_ERR(hash)) {
         hash_sum.retval = ERROR;
         return hash_sum;
     }

     shash = kmalloc(sizeof(struct shash_desc) + 
crypto_shash_descsize(hash), GFP_KERNEL);
     if (!shash) {
         hash_sum.retval = ERROR;
         return hash_sum;
     }

     shash->tfm = hash;


     if (crypto_shash_init(shash)) {
         hash_sum.retval = ERROR;
         return hash_sum;
     }



     if (crypto_shash_update(shash, buffer, max)) {
         hash_sum.retval = ERROR;
         return hash_sum;
     }

     if (crypto_shash_final(shash, hash_out)) {
         hash_sum.retval = ERROR;
         return hash_sum;
     }

     kfree(shash);
     crypto_free_shash(hash);


     for (int n = 0; n < digit; n++) {
         sprintf(hash_, "%02x", (unsigned char) hash_out[n]);
         hash_sum.hash_string[n * 2] = hash_[0];
         hash_sum.hash_string[(n * 2) + 1] = hash_[1];
     }

     hash_sum.hash_string[digit * 2] = '\0';
     hash_sum.retval = 0;

     return hash_sum;
}






static struct sum_hash_struct get_file_size_hash_read(const char 
*filename, const char *hash_alg, int digit)
{
     ssize_t                retval;
     ssize_t                file_size;
     void                *data = NULL;
     struct sum_hash_struct        size_hash_sum;
     int                max = KERNEL_READ_SIZE;


     retval = kernel_read_file_from_path(    filename,
                         0,
                         &data,
                         KERNEL_READ_SIZE,
                         &file_size,
                         READING_POLICY);

     if (retval < 1) {
         size_hash_sum.file_size = 0;
         size_hash_sum.hash_string[0] = '\0';
         size_hash_sum.retval = ERROR;
         return size_hash_sum;
     }

     if (file_size < 1) {
         vfree(data);
         size_hash_sum.file_size = 0;
         size_hash_sum.hash_string[0] = '\0';
         size_hash_sum.retval = ERROR;
         return size_hash_sum;
     }

     if (file_size < max) max = file_size;

     char *buffer = data;

     size_hash_sum = get_hash_sum_buffer(buffer, max, hash_alg, digit);

     if (size_hash_sum.retval == 0) {
         vfree(data);
         size_hash_sum.file_size = file_size;
         return size_hash_sum;
     }

     vfree(data);
     size_hash_sum.retval = -1;
     size_hash_sum.file_size = 0;
     size_hash_sum.hash_string[0] = '\0';

     return size_hash_sum;
}






static ssize_t get_file_size(const char *filename)
{

     loff_t    i_size;
     struct    file *file;

     file = filp_open(filename, O_RDONLY, 0);
     if (IS_ERR(file))
         return ERROR;

     if (!S_ISREG(file_inode(file)->i_mode)) {
         fput(file);
         return ERROR;
     }

     if (deny_write_access(file)) {
         fput(file);
         return ERROR;
     }

     i_size = i_size_read(file_inode(file));
     if (i_size < 1) {
         allow_write_access(file);
         fput(file);
         return ERROR;
     }

     /* The file is too big for sane activities. */
     if (i_size > INT_MAX) {
         allow_write_access(file);
         fput(file);
         return ERROR;
     }

     allow_write_access(file);
     fput(file);
     return (ssize_t) i_size;
}




static void learning_argv(uid_t user_id,
             const char *filename,
             char **argv,
             long argv_len,
             char ***list,
             long *list_len,
             bool *list_init)

{

     char    str_user_id[19];
     char    str_file_size[19];

     ssize_t    file_size;

     char    *str_learning =  NULL;
     int    string_length = 0;


     if (argv_len == 1)
         return;

     file_size = get_file_size(filename);
     /* file not exist or empty */
     if (file_size < 1)
         return;


     /* init list */
     if (*list_init == false) {
         *list = kzalloc(sizeof(char *) * LEARNING_ARGV_MAX, GFP_KERNEL);
         if (*list == NULL) {
             return;
         }
         else *list_init = true;
     }


     sprintf(str_user_id, "%u", user_id);
     sprintf(str_file_size, "%ld", file_size);

     string_length = strlen(str_user_id);
     string_length += strlen(str_file_size);
     string_length += strlen(filename);
     string_length += strlen("a:;;;") + 1;

     //if (argv_len > 10) argv_len = 10;
     for (int n = 1; n < argv_len; n++) {
         string_length += strlen(argv[n]);
         string_length += 1;
     }

     str_learning = kzalloc(string_length * sizeof(char), GFP_KERNEL);

     strcpy(str_learning, "a:");
     strcat(str_learning, str_user_id);
     strcat(str_learning, ";");
     strcat(str_learning, str_file_size);
     strcat(str_learning, ";");
     strcat(str_learning, filename);
     strcat(str_learning, ";");

     for (int n = 1; n < argv_len; n++) {
         strcat(str_learning, argv[n]);
         strcat(str_learning, ";");
     }


     if (search(str_learning, *list, *list_len) != 0) {

         if ((*list)[*list_len] != NULL)
             kfree((*list)[*list_len]);

         (*list)[*list_len] = kzalloc(string_length * sizeof(char), 
GFP_KERNEL);
             if ((*list)[*list_len] == NULL) {
                 kfree(str_learning);
                 return;
             }

         strcpy((*list)[*list_len], str_learning);

         *list_len += 1;
         /* check argv_len > lerning_argv_max */
         if (*list_len > LEARNING_ARGV_MAX - 1)
             *list_len = 0;

     }

     kfree(str_learning);
     return;
}



static void learning(    uid_t user_id,
             const char *filename,
             char ***list,
             long *list_len,
             char const *hash_alg,
             int digit)
{

     char    str_user_id[19];
     char    str_file_size[19];
     char    *str_learning =  NULL;
     int    string_length = 0;

     struct sum_hash_struct size_hash_sum;


     if (filename[0] != '/')
         return;

     //size_hash_sum = get_file_size_hash_read(filename);
     size_hash_sum = get_file_size_hash_read(filename, hash_alg, digit);

     if (size_hash_sum.retval == -1)
         return;

     sprintf(str_user_id, "%u", user_id);
     sprintf(str_file_size, "%ld", size_hash_sum.file_size);

     string_length = strlen(str_user_id);
     string_length += strlen(str_file_size);
     string_length += strlen(filename);
     string_length += strlen(size_hash_sum.hash_string);
     string_length += strlen("a:;;;") + 1;

     str_learning = kzalloc(string_length * sizeof(char), GFP_KERNEL);

     strcpy(str_learning, "a:");
     strcat(str_learning, str_user_id);
     strcat(str_learning, ";");
     strcat(str_learning, str_file_size);
     strcat(str_learning, ";");
     strcat(str_learning, size_hash_sum.hash_string);
     strcat(str_learning, ";");
     strcat(str_learning, filename);


     if (search(str_learning, *list, *list_len) != 0) {

         if (*list_len == 0) {
             *list = kzalloc(sizeof(char *), GFP_KERNEL);
             if (*list == NULL) {
                 kfree(str_learning);
                 return;
             }

             (*list)[0] = kzalloc(string_length * sizeof(char), GFP_KERNEL);
             if ((*list)[0] == NULL) {
                 kfree(str_learning);
                 return;
             }

             strcpy((*list)[0], str_learning);
             *list_len = 1;
         }
         else {
             *list = krealloc(*list, (*list_len + 1) * sizeof(char *), 
GFP_KERNEL);
             if (*list == NULL) {
                 kfree(str_learning);
                 return;
             }

             (*list)[*list_len] = kzalloc(string_length * sizeof(char), 
GFP_KERNEL);
             if ((*list)[*list_len] == NULL) {
                 kfree(str_learning);
                 return;
             }

             strcpy((*list)[*list_len], str_learning);
             *list_len += 1;
         }
     }

     kfree(str_learning);
     return;
}



static void print_prog_arguments(uid_t user_id,
                 const char *filename,
                 char **argv,
                 long argv_len,
                 const char *hash_alg,
                 int digit)
{


     struct sum_hash_struct size_hash_sum;

     size_hash_sum = get_file_size_hash_read(filename, hash_alg, digit);
     if (size_hash_sum.retval == -1)
         return;


     printk("USER ID:%u;%ld;%s;%s\n",user_id,
                     size_hash_sum.file_size,
                     size_hash_sum.hash_string,
                     filename);

     for (int n = 0; n < argv_len; n++) {
         printk("argv[%d]:%s\n", n, argv[n]);
     }

     return;
}


static int
user_allowed(    uid_t user_id,
         const char *filename,
         ssize_t file_size,
         char hash[],
         char **list,
         long list_len,
         const char *step)
{

     char str_user_id[19];
     char str_file_size[19];
     char *str_user_file = NULL;

     sprintf(str_user_id, "%u", user_id);
     sprintf(str_file_size, "%ld", file_size);

     /* user allowed */
     int string_length = strlen(str_user_id);
     string_length += strlen(str_file_size);
     string_length += strlen(filename);
     string_length += strlen(hash);

     /* i hope the compiler makes a constant ? */
     string_length += strlen("a:;;;") + 1;

     str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
     if (!str_user_file)
         return NOT_ALLOWED;

     strcpy(str_user_file, "a:");
     strcat(str_user_file, str_user_id);
     strcat(str_user_file, ";");
     strcat(str_user_file, str_file_size);
     strcat(str_user_file, ";");
     strcat(str_user_file, hash);
     strcat(str_user_file, ";");
     strcat(str_user_file, filename);

     if (besearch_file(str_user_file, list, list_len) == IN_LIST) {
         if (printk_allowed == true)
             printk("%s USER/PROG.  ALLOWED: a:%s;%s;%s;%s\n", step, 
str_user_id, str_file_size, hash, filename);
         kfree(str_user_file);
         str_user_file = NULL;
         return ALLOWED;
     }

     kfree(str_user_file);
     str_user_file = NULL;
     return NOT_ALLOWED;
}


static int
user_deny(uid_t user_id,
     const char *filename,
     ssize_t file_size,
     char hash[],
     char **list,
     long list_len,
     const char *step)

{

     char str_user_id[19];
     char str_file_size[19];
     char *str_user_file = NULL;


     sprintf(str_user_id, "%d", user_id);
     sprintf(str_file_size, "%ld", file_size);

     /* user allowed */
     int string_length = strlen(str_user_id);
     string_length += strlen(str_file_size);
     string_length += strlen(filename);
     string_length += strlen(hash);
     string_length += strlen("d:;;;") + 1;

     str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
     if (!str_user_file)
         return NOT_ALLOWED;

     strcpy(str_user_file, "d:");
     strcat(str_user_file, str_user_id);
     strcat(str_user_file, ";");
     strcat(str_user_file, str_file_size);
     strcat(str_user_file, ";");
     strcat(str_user_file, hash);
     strcat(str_user_file, ";");
     strcat(str_user_file, filename);

     if (besearch_file(str_user_file, list, list_len) == IN_LIST) {
         if (printk_deny == true)
             printk("%s USER/PROG.  DENY   : a:%s;%s;%s;%s\n", step, 
str_user_id, str_file_size, hash, filename);

         kfree(str_user_file);
         return NOT_ALLOWED;
     }

     kfree(str_user_file);
     return ALLOWED;
}


static int
group_allowed(uid_t user_id,
         const char *filename,
         ssize_t file_size,
         char hash[],
         char **list,
         long list_len,
         const char *step)

{

     char    str_user_id[19];
     char    str_file_size[19];
     char    str_group_id[19];
     char    *str_group_file = NULL;
     struct    group_info *group_info;
     int    string_length;

     group_info = get_current_groups();

     sprintf(str_user_id, "%d", user_id);


     for (int n = 0; n < group_info->ngroups; n++) {
         sprintf(str_group_id, "%u", group_info->gid[n].val);
         sprintf(str_file_size, "%ld", file_size);

         string_length = strlen(str_group_id);
         string_length += strlen(str_file_size);
         string_length += strlen(filename);
         string_length += strlen(hash);
         string_length += strlen("ga:;;;") +1;

         //if (str_group_file != NULL) kfree(str_group_file);
         str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
         if (!str_group_file)
             return NOT_ALLOWED;

         strcpy(str_group_file, "ga:");
         strcat(str_group_file, str_group_id);
         strcat(str_group_file, ";");
         strcat(str_group_file, str_file_size);
         strcat(str_group_file, ";");
         strcat(str_group_file, hash);
         strcat(str_group_file, ";");
         strcat(str_group_file, filename);

         if (besearch_file(str_group_file, list, list_len) == IN_LIST) {
             if (printk_allowed == true)
                 printk("%s GROUP/PROG. ALLOWED: ga:%s;%s;%s;%s\n", 
step, str_group_id, str_file_size, hash, filename);

             kfree(str_group_file);
             str_group_file = NULL;
             return ALLOWED;
         }

         kfree(str_group_file);
         str_group_file = NULL;
     }

     return NOT_ALLOWED;
}



static int
group_deny(    uid_t user_id,
         const char *filename,
         ssize_t file_size,
         char hash[],
         char **list,
         long list_len,
         const char *step)
{

     char    str_user_id[19];
     char    str_file_size[19];
     char    str_group_id[19];
     char    *str_group_file = NULL;
     struct    group_info *group_info;
     int    string_length;

     group_info = get_current_groups();

     sprintf(str_user_id, "%d", user_id);

     for (int n = 0; n < group_info->ngroups; n++) {
         sprintf(str_group_id, "%u", group_info->gid[n].val);
         sprintf(str_file_size, "%ld", file_size);

         string_length = strlen(str_group_id);
         string_length += strlen(str_file_size);
         string_length += strlen(hash);
         string_length += strlen(filename);
         string_length += strlen("gd:;;;") +1;

         str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
         if (!str_group_file)
             return NOT_ALLOWED;

         strcpy(str_group_file, "gd:");
         strcat(str_group_file, str_group_id);
         strcat(str_group_file, ";");
         strcat(str_group_file, str_file_size);
         strcat(str_group_file, ";");
         strcat(str_group_file, hash);
         strcat(str_group_file, ";");
         strcat(str_group_file, filename);

         if (besearch_file(str_group_file, list, list_len) == IN_LIST) {
             if (printk_deny == true)
                 printk("%s GROUP/PROG. DENY   : gd:%s;%s;%s;%s\n", 
step, str_group_id, str_file_size, hash, filename);

             kfree(str_group_file);

             return NOT_ALLOWED;
         }
         else kfree(str_group_file);
     }

     return ALLOWED;
}


static int
user_folder_allowed(    uid_t user_id,
             const char *filename,
             char **list,
             long list_len,
             const char *step)

{

     char str_user_id[19];
     char *str_folder = NULL;
     int  string_length;

     sprintf(str_user_id, "%d", user_id);

     string_length = strlen(str_user_id);
     string_length += strlen(filename);
     string_length += strlen("a:;") + 1;

     str_folder = kmalloc(string_length * sizeof(char), GFP_KERNEL);
     if (!str_folder)
         return NOT_ALLOWED;

     strcpy(str_folder, "a:");
     strcat(str_folder, str_user_id);
     strcat(str_folder, ";");
     strcat(str_folder, filename);
     /* Importend! Need qsorted list */
     if (besearch_folder(str_folder, list, list_len) == IN_LIST) {
         if (printk_allowed == true)
             printk("%s USER/PROG.  ALLOWED: a:%s;%s\n", step, 
str_user_id, filename);

         kfree(str_folder);
         return ALLOWED;
     }

     kfree(str_folder);
     return NOT_ALLOWED;
}



static int
user_folder_deny(uid_t user_id,
         const char *filename,
         char **list,
         long list_len,
         const char *step)

{

     char str_user_id[19];
     char *str_folder = NULL;
     int  string_length;

     sprintf(str_user_id, "%d", user_id);

     string_length = strlen(str_user_id);
     string_length += strlen(filename);
     string_length += strlen("d:;") + 1;

     str_folder = kmalloc(string_length * sizeof(char), GFP_KERNEL);
     if (!str_folder)
         return NOT_ALLOWED;

     strcpy(str_folder, "d:");
     strcat(str_folder, str_user_id);
     strcat(str_folder, ";");
     strcat(str_folder, filename);

     /* Importend! Need qsorted list */
     if (besearch_folder(str_folder, list, list_len) == IN_LIST) {
         if (printk_deny == true)
             printk("%s USER/PROG.  DENY   : a:%s;%s\n", step, 
str_user_id, filename);

         kfree(str_folder);
         return NOT_ALLOWED;
     }

     kfree(str_folder);
     return ALLOWED;
}


static int
group_folder_allowed(    uid_t user_id,
             const char *filename,
             char **list,
             long list_len,
             const char *step)

{

     char    str_user_id[19];
     char    str_group_id[19];
     char    *str_group_folder = NULL;
     struct    group_info *group_info;
     int    string_length;


     group_info = get_current_groups();

     sprintf(str_user_id, "%d", user_id);


     for (int n = 0; n < group_info->ngroups; n++) {
         sprintf(str_group_id, "%u", group_info->gid[n].val);

         string_length = strlen(str_group_id);
         string_length += strlen(filename);
         string_length += strlen("ga:;") + 1;

         //if (str_group_folder != NULL) kfree(str_group_folder);
         str_group_folder = kmalloc(string_length * sizeof(char), 
GFP_KERNEL);
         if (!str_group_folder)
             return NOT_ALLOWED;

         strcpy(str_group_folder, "ga:");
         strcat(str_group_folder, str_group_id);
         strcat(str_group_folder, ";");
         strcat(str_group_folder, filename);


         /* Importend! Need qsorted list */
         if (besearch_folder(str_group_folder, list, list_len) == IN_LIST) {
             if (printk_allowed == true)
                 printk("%s USER/PROG.  ALLOWED: ga:%s;%s\n", step, 
str_group_id, filename);

             kfree(str_group_folder);
             return ALLOWED;
         }
         else kfree(str_group_folder);

     }

     return NOT_ALLOWED;
}



static int
group_folder_deny(uid_t user_id,
         const char *filename,
         char **list,
         long list_len,
         const char *step)

{

     char    str_user_id[19];
     char    str_group_id[19];
     char    *str_group_folder = NULL;
     struct    group_info *group_info;
     int    string_length;

     group_info = get_current_groups();

     sprintf(str_user_id, "%d", user_id);


     for (int n = 0; n < group_info->ngroups; n++) {
         sprintf(str_group_id, "%u", group_info->gid[n].val);

         string_length = strlen(str_group_id);
         string_length += strlen(filename);
         string_length += strlen("gd:;") + 1;

         //if (str_group_folder != NULL) kfree(str_group_folder);
         str_group_folder = kmalloc(string_length * sizeof(char), 
GFP_KERNEL);
         if (!str_group_folder)
             return NOT_ALLOWED;

         strcpy(str_group_folder, "gd:");
         strcat(str_group_folder, str_group_id);
         strcat(str_group_folder, ";");
         strcat(str_group_folder, filename);


         /* Importend! Need qsorted list */
         if (besearch_folder(str_group_folder, list, list_len) == IN_LIST) {
             if (printk_deny == true)
                 printk("%s USER/PROG.  DENY   : gd:%s;%s\n", step, 
str_group_id, filename);

             kfree(str_group_folder);
             return NOT_ALLOWED;
         }
         else kfree(str_group_folder);
     }

     return ALLOWED;
}


static int
user_interpreter_allowed(uid_t user_id,
             const char *filename,
             ssize_t file_size,
             char hash[],
             char **list,
             long list_len,
             const char *step)

{

     char    str_user_id[19];
     char    str_file_size[19];
     char    *str_user_file = NULL;
     int    string_length;


     sprintf(str_user_id, "%d", user_id);
     sprintf(str_file_size, "%ld", file_size);


     /* user allowed interpreter */
     string_length = strlen(str_user_id);
     string_length += strlen(str_file_size);
     string_length += strlen(hash);
     string_length += strlen(filename);
     string_length += strlen("ai:;;;") + 1;

     str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
     if (str_user_file == NULL)
         return NOT_ALLOWED;

     strcpy(str_user_file, "ai:");
     strcat(str_user_file, str_user_id);
     strcat(str_user_file, ";");
     strcat(str_user_file, str_file_size);
     strcat(str_user_file, ";");
     strcat(str_user_file, hash);
     strcat(str_user_file, ";");
     strcat(str_user_file, filename);


     if (besearch_file(str_user_file, list, list_len) == IN_LIST) {
         if (printk_allowed == true)
             printk("%s USER/PROG.  ALLOWED: ai:%s;%s;%s;%s\n", step, 
str_user_id, str_file_size, hash, filename);

         kfree(str_user_file);
         str_user_file = NULL;
         return ALLOWED;
     }

     kfree(str_user_file);
     str_user_file = NULL;

     return NOT_ALLOWED;
}


static int
group_interpreter_allowed(uid_t user_id,
         const char *filename,
         ssize_t file_size,
         char hash[],
         char **list,
         long list_len,
         const char *step)

{

     char    str_user_id[19];
     char    str_file_size[19];
     char    str_group_id[19];
     char    *str_group_file = NULL;
     struct    group_info *group_info;
     int    string_length;

     group_info = get_current_groups();

     sprintf(str_user_id, "%d", user_id);


     for (int n = 0; n < group_info->ngroups; n++) {
         sprintf(str_group_id, "%u", group_info->gid[n].val);
         sprintf(str_file_size, "%ld", file_size);

         string_length = strlen(str_group_id);
         string_length += strlen(str_file_size);
         string_length += strlen(filename);
         string_length += strlen(hash);
         string_length += strlen("gai:;;;") +1;

         //if (str_group_file != NULL) kfree(str_group_file);
         str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
         if (!str_group_file)
             return NOT_ALLOWED;

         strcpy(str_group_file, "gai:");
         strcat(str_group_file, str_group_id);
         strcat(str_group_file, ";");
         strcat(str_group_file, str_file_size);
         strcat(str_group_file, ";");
         strcat(str_group_file, hash);
         strcat(str_group_file, ";");
         strcat(str_group_file, filename);

         if (besearch_file(str_group_file, list, list_len) == IN_LIST) {
             if (printk_allowed == true)
                 printk("%s GROUP/PROG. ALLOWED: gai:%s;%s;%s;%s\n", 
step, str_group_id, str_file_size, hash, filename);

             kfree(str_group_file);
             str_group_file = NULL;
             return ALLOWED;
         }

         kfree(str_group_file);
         str_group_file = NULL;
     }

     return NOT_ALLOWED;
}





/* allowed/deny user/group script file*/
/* 0 allowed */
/* -1 deny */
static int
param_file(uid_t user_id,
         const char *filename,
         ssize_t file_size,
         char hash[],
         char **argv,
         long argv_len,
         char **list,
         long list_len,
         const char *step)

{

     struct sum_hash_struct size_hash_sum;


     if (argv_len == 1) return NOT_ALLOWED;


     /* check interpreter and files */
     /* user allowed interpreter */
     /* check "ai:  gai:"  */
     if (user_interpreter_allowed(user_id,
                     filename,
                     file_size,
                     hash,
                     list,
                     list_len,
                     step) == NOT_ALLOWED)
         if (group_interpreter_allowed(user_id,
                         filename,
                         file_size,
                         hash,
                         list,
                         list_len,
                         step) == NOT_ALLOWED)
                             return NOT_ALLOWED;


     /* java */
     if (strcmp(argv[1], "-jar") == 0) {
         if (argv_len != 3) return NOT_ALLOWED;

         size_hash_sum = get_file_size_hash_read(argv[2], HASH_ALG, DIGIT);
         if (size_hash_sum.retval == NOT_ALLOWED) {
             if (printk_deny == true)
                 printk("STAT STEP FIRST: USER/PROG.  UNKOWN : 
a:%d;;;%s\n",user_id,
                                             argv[2]);
             return NOT_ALLOWED;
         }

         /* check file/prog is in the list: allowed or deny */
         /* deny user not required. not in the list is the same */
         if (user_deny(user_id,
                 argv[2],
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == NOT_ALLOWED) return NOT_ALLOWED;

         if (group_deny(user_id,
                 argv[2],
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == NOT_ALLOWED) return NOT_ALLOWED;

         if (user_allowed(user_id,
                 argv[2],
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == ALLOWED) return ALLOWED;

         if (group_allowed(user_id,
                 argv[2],
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == ALLOWED) return ALLOWED;

         if (printk_deny == true)
             printk("%s USER/SCRIPT DENY   : a:%d;%ld;%s;%s\n", step,
                                     user_id,
                                     size_hash_sum.file_size,
                                     size_hash_sum.hash_string,
                                     argv[2]);

         return(NOT_ALLOWED);

     }


     /* java */
     if (strcmp(argv[1], "-classpath") == 0) {
         if (argv_len != 4) return NOT_ALLOWED;

         long str_length;
         str_length = strlen(argv[2]);
         str_length += strlen(argv[3]);
         str_length += strlen("/.class") + 1;

         char *str_class_name = kmalloc(str_length * sizeof(char), 
GFP_KERNEL);
         if (str_class_name == NULL) return(NOT_ALLOWED);

         strcpy(str_class_name, argv[2]);
         strcat(str_class_name, "/");
         strcat(str_class_name, argv[3]);
         strcat(str_class_name, ".class");

         size_hash_sum = get_file_size_hash_read(str_class_name, 
HASH_ALG, DIGIT);
         if (size_hash_sum.retval == NOT_ALLOWED) {
             if (printk_deny == true)
                 printk("STAT STEP FIRST: USER/PROG.  UNKOWN : 
a:%d;;;%s\n",user_id,
                                             str_class_name);

             kfree(str_class_name);
             return NOT_ALLOWED;
         }

         /* check file/prog is in the list: allowed or deny */
         /* deny user not required. not in the list is the same */
         if (user_deny(user_id,
                 str_class_name,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == NOT_ALLOWED) {

             kfree(str_class_name);
             return NOT_ALLOWED;
         }

         if (group_deny(user_id,
                 str_class_name,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == NOT_ALLOWED) {

             kfree(str_class_name);
             return NOT_ALLOWED;
         }

         if (user_allowed(user_id,
                 str_class_name,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == ALLOWED) {

             kfree(str_class_name);
             return ALLOWED;
         }

         if (group_allowed(user_id,
                 str_class_name,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == ALLOWED) {

             kfree(str_class_name);
             return ALLOWED;
         }

         if (printk_deny == true)
             printk("%s USER/SCRIPT DENY   : d:%d;%ld;%s;%s\n", step,
                                     user_id,
                                     size_hash_sum.file_size,
                                     size_hash_sum.hash_string,
                                     str_class_name);

         kfree(str_class_name);

         return(NOT_ALLOWED);
     }


     /* other */
     size_hash_sum = get_file_size_hash_read(argv[1], HASH_ALG, DIGIT);
     if (size_hash_sum.retval == NOT_ALLOWED)
         return NOT_ALLOWED;


     /* check file/prog is in the list: allowed or deny */
     /* deny user not required. not in the list is the same */
     if (user_deny(user_id,
             argv[1],
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             list,
             list_len,
             step) == NOT_ALLOWED) return NOT_ALLOWED;

     if (group_deny(user_id,
             argv[1],
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             list,
             list_len,
             step) == NOT_ALLOWED) return NOT_ALLOWED;

     if (user_allowed(user_id,
             argv[1],
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             list,
             list_len,
             step) == ALLOWED) return ALLOWED;

     if (group_allowed(user_id,
             argv[1],
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             list,
             list_len,
             step) == ALLOWED) return ALLOWED;

     if (printk_deny == true)
         printk("%s USER/SCRIPT DENY   : d:%d;%ld;%s;%s\n", step,
                                 user_id,
                                 size_hash_sum.file_size,
                                 size_hash_sum.hash_string,
                                 argv[1]);

     /* not found */
     return NOT_ALLOWED;
}






static int exec_first_step(uid_t user_id, const char *filename, char 
**argv, long argv_len)
{

     struct sum_hash_struct size_hash_sum;


     /* Limit argv[0] = 1000 */
     /* Reason glibc */
     /* A GOOD IDEA? I don't know? */
     /* But it's works */
     /* when in doubt remove it */

     /*
     if (strlen(argv[0]) > 1000) {
         if (printk_deny == true || printk_allowed == true)
             printk("STAT STEP FIRST: USER/PROG.  DENY. ARGV[0] ERROR: 
a:%d;;;%s\n",user_id,
                                                 filename);
         return RET_SHELL;
     }
     */

     /* if Size = 0 not check */
     size_hash_sum = get_file_size_hash_read(filename, HASH_ALG, DIGIT);
     if (size_hash_sum.retval == NOT_ALLOWED) {
         if (printk_deny == true)
             printk("STAT STEP FIRST: USER/PROG.  UNKOWN : 
a:%d;;;%s\n",user_id,
                                         filename);
         return ALLOWED;
     }


     /* group deny folder */
     if (global_list_folder_size > 0) {
         if (group_folder_deny(user_id,
                     filename,
                     global_list_folder,
                     global_list_folder_size,
                     "STAT STEP FIRST:") == NOT_ALLOWED)
             return RET_SHELL;
     }

     /* deny folder */
     if (global_list_folder_size > 0) {
         if (user_folder_deny(user_id,
                     filename,
                     global_list_folder,
                     global_list_folder_size,
                     "STAT STEP FIRST:") == NOT_ALLOWED)
             return RET_SHELL;
     }

     /* deny group */
     /* if global_list_prog_size = 0, safer_mode not true */
     if (group_deny( user_id,
             filename,
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             global_list_prog,
             global_list_prog_size,
                     "STAT STEP FIRST:") == NOT_ALLOWED)
         return RET_SHELL;

     /* deny user */
     if (user_deny(user_id,
             filename,
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             global_list_prog,
             global_list_prog_size,
                     "STAT STEP FIRST:") == NOT_ALLOWED)
         return RET_SHELL;

     /* group allowed folder */
     if (global_list_folder_size > 0) {
         if (group_folder_allowed(user_id,
                     filename,
                     global_list_folder,
                     global_list_folder_size,
                     "STAT STEP FIRST:") == ALLOWED)
             return ALLOWED;
     }

     /* user allowed folder */
     if (global_list_folder_size > 0) {
         if (user_folder_allowed(user_id,
                     filename,
                     global_list_folder,
                     global_list_folder_size,
                     "STAT STEP FIRST:") == ALLOWED)
             return ALLOWED;
     }

     /* allowed user */
     if (user_allowed(user_id,
             filename,
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             global_list_prog,
             global_list_prog_size,
             "STAT STEP FIRST:") == ALLOWED)
         return ALLOWED;;

     /* allowed group */
     if (group_allowed(user_id,
             filename,
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             global_list_prog,
             global_list_prog_size,
             "STAT STEP FIRST:") == ALLOWED)
         return ALLOWED;


     /* user allowed interpreter and allowed group script file*/
     /* 0 allowed */
     /* -1 deny */
     if (param_file(user_id,
             filename,
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             argv,
             argv_len,
             global_list_prog,
             global_list_prog_size,
                 "STAT STEP FIRST:") == ALLOWED)
         return ALLOWED;

     if (printk_deny == true)
         printk("STAT STEP FIRST: USER/PROG.  DENY   : 
a:%d;%ld;%s;%s\n", user_id,
                                         size_hash_sum.file_size,
                                         size_hash_sum.hash_string,
                                         filename);

     return (RET_SHELL);

}





static int exec_second_step(const char *filename)
{

     struct sum_hash_struct size_hash_sum;
     int retval;

     uid_t user_id = get_current_user()->uid.val;




     if (learning_mode == true) {

         /* works too */
         mutex_lock(&learning_lock);

         learning(user_id,
             filename,
             &global_list_learning,
             &global_list_learning_size,
             HASH_ALG,
             DIGIT);

         mutex_unlock(&learning_lock);
     }



     if (safer_mode == true    || (safer_show_mode == true && 
printk_allowed == true )
                 || (safer_show_mode == true && printk_deny == true)) {

         /* if size = 0 not check */
         size_hash_sum = get_file_size_hash_read(filename, HASH_ALG, DIGIT);
         if (size_hash_sum.retval == NOT_ALLOWED) {
             if (printk_deny == true)
                 printk("STAT STEP SEC  : USER/PROG.  UNKOWN : 
a:%d;;;%s\n",user_id,
                                             filename);
             return ALLOWED;
         }


         /* group deny folder */
         if (global_list_folder_size > 0) {
             retval = group_folder_deny(user_id,
                         filename,
                         global_list_folder,
                         global_list_folder_size,
                         "STAT STEP SEC  :");

             if (safer_mode == true) {
                 if (retval == NOT_ALLOWED)
                     return RET_SHELL;
             }
             else if (retval == NOT_ALLOWED)
                 return ALLOWED;
         }


         /* deny folder */
         if (global_list_folder_size > 0) {
             retval = user_folder_deny(user_id,
                         filename,
                         global_list_folder,
                         global_list_folder_size,
                         "STAT STEP SEC  :");

             if (safer_mode == true) {
                 if (retval == NOT_ALLOWED)
                     return RET_SHELL;
             }
             else if (retval == NOT_ALLOWED)
                 return ALLOWED;
         }



         /* deny group */
         /* if global_list_prog_size = 0, safer_mode not true */
         retval = group_deny(user_id,
                 filename,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 global_list_prog,
                 global_list_prog_size,
                 "STAT STEP SEC  :");

         if (safer_mode == true) {
             if (retval == NOT_ALLOWED)
                 return RET_SHELL;
         }
         else if (retval == NOT_ALLOWED)
             return ALLOWED;


         /* deny user */
         retval = user_deny(user_id,
                 filename,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 global_list_prog,
                 global_list_prog_size,
                 "STAT STEP SEC  :");

         if (safer_mode == true) {
             if (retval == NOT_ALLOWED)
                 return RET_SHELL;
         }
         else if (retval == NOT_ALLOWED)
             return ALLOWED;


         /* allowed folder */
         if (global_list_folder_size > 0) {
             if (group_folder_allowed(user_id,
                         filename,
                         global_list_folder,
                         global_list_folder_size,
                         "STAT STEP SEC  :") == ALLOWED)
                 return ALLOWED;
         }

         /* allowed folder */
         if (global_list_folder_size > 0) {
             if (user_folder_allowed(user_id,
                         filename,
                         global_list_folder,
                         global_list_folder_size,
                         "STAT STEP SEC  :") == ALLOWED)
                 return ALLOWED;
         }

         /* allowed user */
         if (user_allowed(user_id,
                 filename,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 global_list_prog,
                 global_list_prog_size,
                 "STAT STEP SEC  :") == ALLOWED)
             return ALLOWED;

         /* allowed group */
         if (group_allowed(user_id,
                 filename,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 global_list_prog,
                 global_list_prog_size,
                 "STAT STEP SEC  :") == ALLOWED)
             return ALLOWED;


         /* user allowed interpreter */
         if (user_interpreter_allowed(    user_id,
                         filename,
                         size_hash_sum.file_size,
                         size_hash_sum.hash_string,
                         global_list_prog,
                         global_list_prog_size,
                         "STAT STEP SEC  :") == ALLOWED)
                 return ALLOWED;

         /* group allowed interpreter */
         if (group_interpreter_allowed(    user_id,
                         filename,
                         size_hash_sum.file_size,
                         size_hash_sum.hash_string,
                         global_list_prog,
                         global_list_prog_size,
                         "STAT STEP SEC  :") == ALLOWED)
                 return ALLOWED;


         if (printk_deny == true) {
             printk("STAT STEP SEC  : USER/PROG.  DENY   : 
a:%d;%ld;%s;%s\n",user_id,
                                             size_hash_sum.file_size,
size_hash_sum.hash_string,
                                             filename);
         }






         /* filter end */
         if (safer_mode == true)
             return (RET_SHELL);
         else return ALLOWED;
     }

     return ALLOWED;
}



static int allowed_exec(struct filename *kernel_filename,
             const char __user *const __user *_argv)
{

     struct user_arg_ptr argv = { .ptr.native = _argv };

     const char __user    *str;
     char            **argv_list = NULL;
     long            argv_list_len = 0;
     long            str_len;
     int            retval;
     uid_t            user_id;


     if (safer_mode == false)
         if (learning_mode == false)
             if (safer_show_mode == false || printk_allowed == false)
                 if (safer_show_mode == false || printk_deny == false)
                     return ALLOWED;

     /* argv -> kernel space */
     argv_list_len = count(argv, MAX_ARG_STRINGS);

     if (argv_list_len > ARGV_MAX) argv_list_len = ARGV_MAX;
     argv_list = kzalloc(argv_list_len * sizeof(char *), GFP_KERNEL);
     if (!argv_list)
         return ALLOWED;

     for (int n = 0; n < argv_list_len; n++) {
         str = get_user_arg_ptr(argv, n);
         str_len = strnlen_user(str, MAX_ARG_STRLEN);

         argv_list[n] = kzalloc((str_len + 1) * sizeof(char), GFP_KERNEL);

         retval = copy_from_user(argv_list[n], str, str_len);
     }

     user_id = get_current_user()->uid.val;



     if (verbose_param_mode == true)
         print_prog_arguments(    user_id,
                     kernel_filename->name,
                     argv_list,
                     argv_list_len,
                     HASH_ALG,
                     DIGIT);


     if (learning_mode == true) {

         /* works too */
         mutex_lock(&learning_lock);

         learning(user_id,
             kernel_filename->name,
             &global_list_learning,
             &global_list_learning_size,
             HASH_ALG,
             DIGIT);

         learning_argv(    user_id,
                 kernel_filename->name,
                 argv_list,
                 argv_list_len,
                 &global_list_learning_argv,
                 &global_list_learning_argv_size,
                 &global_list_learning_argv_init);

         mutex_unlock(&learning_lock);

     }

     if (safer_mode == true    || (safer_show_mode == true && 
printk_allowed == true)
                 || (safer_show_mode == true && printk_deny == true))
         retval = exec_first_step(user_id,
                     kernel_filename->name,
                     argv_list,
                     argv_list_len);


     for (int n = 0; n < argv_list_len; n++) {
         if (argv_list[n] != NULL)
             kfree(argv_list[n]);
     }

     if (argv_list != NULL) {
         kfree(argv_list);
         argv_list = NULL;
     }


     if (safer_mode == true)
         return (retval);

     return ALLOWED;

}





SYSCALL_DEFINE5(execve,
         const char __user *, filename,
         const char __user *const __user *, argv,
         const char __user *const __user *, envp,
         const loff_t, number,
         const char __user *const __user *, list)
{

     uid_t    user_id;
     int    str_len = 0;
     char    *list_string = NULL;

     struct user_arg_ptr _list = { .ptr.native = list };
     const char __user *str;



     user_id = get_current_user()->uid.val;

     /* command part, future ? */
     switch(number) {


         /* safer on */
         case 999900:    if (user_id != 0) return CONTROL_ERROR;
                 if (change_mode == false) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;

                 if (global_list_prog_size > 0 || 
global_list_folder_size > 0) {
                     safer_mode = true;
                     printk("MODE: SAFER ON\n");
                     mutex_unlock(&control);
                     return CONRTOL_OK;
                 }
                 else {
                     printk("MODE: SAFER OFF\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


         /* safer off */
         case 999901:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER OFF\n");
                 safer_mode = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         /* stat */
         case 999902:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 printk("SAFER STATE         : %d\n", safer_mode);
                 return(safer_mode);


         /* printk allowed on */
         case 999903:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER PRINTK ALLOWED ON\n");
                 printk_allowed = true;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         /* printk allowed off */
         case 999904:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER PRINTK ALLOWED OFF\n");
                 printk_allowed = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         case 999905:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: NO MORE CHANGES ALLOWED\n");
                 change_mode = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         case 999906:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: learning ON\n");
                 learning_mode = true;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         case 999907:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: learning OFF\n");
                 learning_mode = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         case 999908:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: verbose paramter mode ON\n");
                 verbose_param_mode = true;
                 mutex_unlock(&control);
                 return CONRTOL_OK;



         case 999909:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: verbose parameter mode OFF\n");
                 verbose_param_mode = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         /* safer show on */
         case 999910:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;

                 safer_show_mode = true;
                 printk("MODE: SAFER SHOW ONLY ON\n");
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         /* safer show off */
         case 999911:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER SHOW ONLY OFF\n");
                 safer_show_mode = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;



         /* printk deny ON */
         case 999912:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER PRINTK DENY ON\n");
                 printk_deny = true;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         /* printk deny OFF */
         case 999913:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER PRINTK DENY OFF\n");
                 printk_deny = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;



         /* set all list */
         case 999920:

                 if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;


                 if (list == NULL) {        /* check? */
                     printk("ERROR: FILE LIST\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 } /* check!? */

                 int int_ret = count(_list, MAX_ARG_STRINGS);
                 if (int_ret == 0) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 str = get_user_arg_ptr(_list, 0);        /* String 0 */
                 str_len = strnlen_user(str, MAX_ARG_STRLEN);
                 if (str_len < 1) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 /* safer */
                 if (list_string != NULL) { kfree(list_string); 
list_string = NULL; }

                 list_string = kmalloc((str_len + 1) * sizeof(char), 
GFP_KERNEL);
                 if (list_string == NULL) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 int_ret = copy_from_user(list_string, str, str_len);

                 long list_prog_size;
                 int_ret = kstrtol(list_string, 10, &list_prog_size);
                 if (list_string != NULL) { kfree(list_string); 
list_string = NULL; }
                 if (int_ret != 0) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 /* new list 0 ? */
                 if (list_prog_size < 1) {
                     printk("NO FILE LIST\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 /* new list > MAX_DYN */
                 if (list_prog_size > MAX_DYN) {
                     printk("FILE LIST TO BIG!\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


                 /* check bytes */
                 /* new list */
                 long list_progs_bytes = 0;
                 for (int n = 0; n < list_prog_size; n++) {
                     str = get_user_arg_ptr(_list, n + 1);
                     list_progs_bytes += strnlen_user(str, MAX_ARG_STRLEN);
                 }

                 if (list_progs_bytes > MAX_DYN_BYTES) {
                     printk("FILE LIST TO BIG!\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


                 /*
                 first: new list
                 if new list ok. clear old list.
                 if new list not ok clear new list
                 keep old list
                 */

                 char **list_prog_temp = NULL;

                 /* dyn list */
                 list_prog_temp = kmalloc(list_prog_size * sizeof(char 
*), GFP_KERNEL);
                 /* Create a new not ok */
                 if (list_prog_temp == NULL) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 for (int n = 0; n < list_prog_size; n++) {
                     str = get_user_arg_ptr(_list, n + 1);        /* 
String 0 */
                     str_len = strnlen_user(str, MAX_ARG_STRLEN);

                     list_prog_temp[n] = kmalloc((str_len + 1) * 
sizeof(char), GFP_KERNEL);
                     /* Create a new list not ok */
                     if (list_prog_temp[n] == NULL) {
                         for (int n_error = 0; n_error < n; n_error++) {
                             kfree(list_prog_temp[n_error]);
                             list_prog_temp[n_error] = NULL;
                         }

                         kfree(list_prog_temp);
                         list_prog_temp = NULL;
                         mutex_unlock(&control);
                         return CONTROL_ERROR;
                     }

                     int_ret = copy_from_user(list_prog_temp[n], str, 
str_len);
                 }


                 /* clear */
                 /* old list */
                 if (global_list_prog_size > 0) {
                     for (int n = 0; n < global_list_prog_size; n++) {
                         kfree(global_list_prog[n]);
                         global_list_prog[n] = NULL;
                     }
                     kfree(global_list_prog);
                 }

                 /* global = new */
                 global_list_prog = list_prog_temp;
                 list_prog_temp = NULL;
                 global_list_prog_size = list_prog_size;
                 global_list_progs_bytes = list_progs_bytes;

                 printk("FILE LIST ELEMENTS: %ld\n", global_list_prog_size);
                 printk("FILE LIST BYTES   : %ld\n", 
global_list_progs_bytes);


                 mutex_unlock(&control);
                 return(global_list_prog_size);


         /* set all folder list */
         case 999921:
                 if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;


                 if (list == NULL) {        /* check? */
                     printk("ERROR: FOLDER LIST\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 } /* check!? */


                 /* No Syscall Parameter 6 necessary */
                 int_ret = count(_list, MAX_ARG_STRINGS);
                 if (int_ret == 0) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 str = get_user_arg_ptr(_list, 0);        /* String 0 */
                 str_len = strnlen_user(str, MAX_ARG_STRLEN);
                 if (str_len < 1) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 /* safer */
                 if (list_string != NULL) { kfree(list_string); 
list_string = NULL; }

                 list_string = kmalloc((str_len + 1) * sizeof(char), 
GFP_KERNEL);
                 if (list_string == NULL) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 int_ret = copy_from_user(list_string, str, str_len);

                 long list_folder_size;
                 int_ret = kstrtol(list_string, 10, &list_folder_size);
                 if (list_string != NULL) { kfree(list_string); 
list_string = NULL; };
                 if (int_ret != 0) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


                 /* new list = 0 ? */
                 if (list_folder_size < 1) {
                     printk("NO FOLDER LIST\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 /* new list > MAX_DYN */
                 if (list_folder_size > MAX_DYN) {
                     printk("FOLDER LIST TO BIG!\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


                 /* check bytes */
                 /* new list */
                 long list_folders_bytes = 0;
                 for (int n = 0; n < list_folder_size; n++) {
                     str = get_user_arg_ptr(_list, n + 1);
                     list_folders_bytes += strnlen_user(str, 
MAX_ARG_STRLEN);
                 }

                 if (list_folders_bytes > MAX_DYN_BYTES) {
                     printk("FOLDER LIST TO BIG!\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


                 /*
                 first: new list
                 if new list ok. clear old list.
                 if new list not ok clear new list
                 keep old list
                 */

                 char **list_folder_temp = NULL;

                 /* dyn array */
                 list_folder_temp = kmalloc(list_folder_size * 
sizeof(char *), GFP_KERNEL);
                 /* Create a new list not ok */
                 if (list_folder_temp == NULL) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 for (int n = 0; n < list_folder_size; n++) {
                     str = get_user_arg_ptr(_list, n + 1);        /* 
String 0 */
                     str_len = strnlen_user(str, MAX_ARG_STRLEN);

                     list_folder_temp[n] = kmalloc((str_len + 1) * 
sizeof(char), GFP_KERNEL);
                     /* Create a new list not ok*/
                     if (list_folder_temp[n] == NULL) {
                         for (int n_error = 0; n_error < n; n_error++) {
                             kfree(list_folder_temp[n_error]);
                             list_folder_temp[n_error] = NULL;
                         }

                         kfree(list_folder_temp);
                         list_folder_temp = NULL;
                         mutex_unlock(&control);
                         return CONTROL_ERROR;
                     }

                     int_ret = copy_from_user(list_folder_temp[n], str, 
str_len);
                 }

                 /* clear */
                 /* old list */
                 if (global_list_folder_size > 0) {
                     for (int n = 0; n < global_list_folder_size; n++) {
                         kfree(global_list_folder[n]);
                         global_list_folder[n] = NULL;
                     }
                     kfree(global_list_folder);
                 }

                 /* global = new */
                 global_list_folder = list_folder_temp;
                 list_folder_temp = NULL;
                 global_list_folder_size = list_folder_size;
                 global_list_folders_bytes = list_folders_bytes;

                 printk("FILE LIST ELEMENTS: %ld\n", 
global_list_folder_size);
                 printk("FILE LIST BYTES   : %ld\n", 
global_list_folders_bytes);


                 mutex_unlock(&control);
                 return(global_list_folder_size);

         default:    break;
     }


     if (allowed_exec(getname(filename), argv) == RET_SHELL) 
return(RET_SHELL);


     return do_execve(getname(filename), argv, envp);

}












---------------------------------
safer_info.c
---------------------------------


/* Copyright (c) 2022/03/28, Peter Boettcher, Germany/NRW, Muelheim 
Ruhr, mail:peter.boettcher@....net
  * Urheber: 2022.03.28, Peter Boettcher, Germany/NRW, Muelheim Ruhr, 
mail:peter.boettcher@....net

  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2, or (at your option)
  * any later version.

  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.

  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/


/*
     Program        : safer_info.c
     Path        : fs/

     Makefile
     obj-y        += safer_info.o
*/




#include <linux/fs.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/utsname.h>





/* proto. */
struct  safer_info_struct {
     bool safer_show_mode;
     bool safer_mode;
     bool printk_allowed;
     bool printk_deny;
     bool learning_mode;
     bool change_mode;
     long global_list_prog_size;
     long global_list_folder_size;
     char **global_list_prog;
     char **global_list_folder;
     long global_hash_size;
     long global_list_progs_bytes;
     long global_list_folders_bytes;
};


static struct safer_info_struct info;
extern void safer_info(struct safer_info_struct *info);



static int safer_info_display(struct seq_file *proc_show, void *v)
{
     long n;
     uid_t    user_id;

     user_id = get_current_user()->uid.val;
     if (user_id != 0) return(0);

     safer_info(&info);
     seq_printf(proc_show, "INFO SAFER\n\n");

     if (info.safer_mode == true)
         seq_printf(proc_show, "MODE SAFER                  : ON\n");
     else    seq_printf(proc_show, "MODE SAFER                  : OFF\n");

     if (info.safer_show_mode == true)
         seq_printf(proc_show, "MODE SAFER SHOW ONLY        : ON\n");
     else    seq_printf(proc_show, "MODE SAFER SHOW ONLY        : OFF\n");

     if (info.printk_allowed == true)
         seq_printf(proc_show, "MODE PRINTK ALLOWED         : ON\n");
     else    seq_printf(proc_show, "MODE PRINTK ALLOWED         : OFF\n");

     if (info.printk_deny == true)
         seq_printf(proc_show, "MODE PRINTK DENY            : ON\n");
     else    seq_printf(proc_show, "MODE PRINTK DENY            : OFF\n");

     if (info.learning_mode == true)
         seq_printf(proc_show, "MODE LEARNING               : ON\n");
     else    seq_printf(proc_show, "MODE LEARNING               : OFF\n");

     if (info.change_mode == true)
         seq_printf(proc_show, "MODE SAFER CHANGE ALLOWED   : ON\n");
     else    seq_printf(proc_show, "MODE SAFER CHANGE ALLOWED   : OFF\n");


     seq_printf(proc_show, "PROG. LIST MAX              : %ld\n", 
info.global_list_prog_size);
     seq_printf(proc_show, "FOLDER LIST MAX             : %ld\n", 
info.global_list_folder_size);

     seq_printf(proc_show, "PROG. LIST BYTES            : %ld\n", 
info.global_list_progs_bytes);
     seq_printf(proc_show, "FOLDER LIST BYTES           : %ld\n", 
info.global_list_folders_bytes);


     seq_printf(proc_show, "MODE SEARCH                 : BSEARCH\n");

     seq_printf(proc_show, "HASH SIZE MAX               : %ld\n", 
info.global_hash_size);


     seq_printf(proc_show, "\n\n");

     seq_printf(proc_show, "FOLDER:\n\n");
     for (n = 0; n < info.global_list_folder_size; n++) {
         seq_printf(proc_show, "%s\n", info.global_list_folder[n]);
     }

     seq_printf(proc_show, "\n\n");
     seq_printf(proc_show, "FILES:\n\n");
     for (n = 0; n < info.global_list_prog_size; n++) {
         seq_printf(proc_show, "%s\n", info.global_list_prog[n]);
     }

     return 0;
}



static int __init safer_info_show(void)
{
     proc_create_single("safer.info", 0, NULL, safer_info_display);
     return 0;
}
fs_initcall(safer_info_show);


















---------------------------------
safer_learning.c
---------------------------------

/* Copyright (c) 2022/06/26, Peter Boettcher, Germany/NRW, Muelheim 
Ruhr, mail:peter.boettcher@....net
  * Urheber: 2022.06.26, Peter Boettcher, Germany/NRW, Muelheim Ruhr, 
mail:peter.boettcher@....net

  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2, or (at your option)
  * any later version.

  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.

  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/



/*
     Program        : safer_learning.c
     Path        : fs/


     Makefile
     obj-y        += safer_learning.o
*/




#include <linux/fs.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/utsname.h>




/* proto. */
struct  safer_learning_struct {
     long global_list_learning_size;
     char **global_list_learning;
     long global_list_learning_argv_max;
     long global_list_learning_argv_size;
     char **global_list_learning_argv;
};


static struct safer_learning_struct learning;
extern void safer_learning(struct safer_learning_struct *learning);




static int safer_learning_display(struct seq_file *proc_show, void *v)
{
     long    n;
     uid_t    user_id;


     user_id = get_current_user()->uid.val;
     if (user_id != 0) return(0);


     safer_learning(&learning);

     seq_printf(proc_show, "INFO learning\n\n");

     seq_printf(proc_show, "FILES:\n\n");
     seq_printf(proc_show, "FILE learning LIST LEN       : %ld\n", 
learning.global_list_learning_size);

     if (learning.global_list_learning_size > 0) {
         for (n = 0; n < learning.global_list_learning_size; n++) {
             seq_printf(proc_show, "%s\n", 
learning.global_list_learning[n]);
         }
     }

     seq_printf(proc_show, "\n\nARGV:\n");
     seq_printf(proc_show, "<ARGV LEARNING LIST> is organized as a 
RING\n\n");


     seq_printf(proc_show, "ARGV learning LIST MAX       : %ld\n", 
learning.global_list_learning_argv_max);
     seq_printf(proc_show, "ARGV learning LIST LEN       : %ld\n", 
learning.global_list_learning_argv_size);

     for (n = 0; n < learning.global_list_learning_argv_max; n++) {
         if (learning.global_list_learning_argv[n] == NULL) return 0;

         seq_printf(proc_show, "%s\n", 
learning.global_list_learning_argv[n]);
     }

     return 0;
}



static int __init safer_learning_show(void)
{
     proc_create_single("safer.learning", 0, NULL, safer_learning_display);
     return 0;
}
fs_initcall(safer_learning_show);





















---------------------------------
AMD64 version
---------------------------------

--- syscall_64.tbl    2024-07-24 15:54:07.000000000 +0200
+++ syscall_64.new.tbl    2024-08-11 19:54:19.474341831 +0200
@@ -385,6 +385,9 @@
  461    common    lsm_list_modules    sys_lsm_list_modules
  462     common  mseal            sys_mseal

+501    common    set_execve_list        sys_set_execve_list
+
+
  #
  # Due to a historical design error, certain syscalls are numbered 
differently
  # in x32 as compared to native x86_64.  These syscalls have numbers 
512-547.




---------------------------------
safer.syscall.c
---------------------------------

/* Copyright (c) 2022/03/28, 2022.09.17, Peter Boettcher, Germany/NRW, 
Muelheim Ruhr, mail:peter.boettcher@....net
  * Urheber: 2022.03.28, 2022.09.17, Peter Boettcher, Germany/NRW, 
Muelheim Ruhr, mail:peter.boettcher@....net

  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2, or (at your option)
  * any later version.

  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.

  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>
*/



/*
     Program        : safer.c
     Path        : fs/

     TEST        : Kernel 6.0 - 6.10.1
               Lenovo X230, T460, T470, Fujitsu Futro S xxx, AMD Ryzen
               Proxmox, Docker
*/




/*
Look -> "exec_first_step"
Limit argv[0] = 1000
Reason glibc
A GOOD IDEA? I don't know?
But it's works
when in doubt remove it
*/



/* HASH ?*/

/* Your choice */
/*
#define HASH_ALG "md5"
#define DIGIT 16
*/

#define HASH_ALG "sha256"
#define DIGIT 32

/*
#define HASH_ALG "sha512"
#define DIGIT 64
*/

/*your choice */
#define MAX_DYN 100000
#define MAX_DYN_BYTES MAX_DYN * 200
#define ARGV_MAX 16
#define LEARNING_ARGV_MAX 5000
#define KERNEL_READ_SIZE 2000000




#define RET_SHELL -2
#define ALLOWED 0
#define NOT_ALLOWED -1
#define CONTROL_ERROR -1
#define CONRTOL_OK 0
#define ERROR -1
#define NOT_IN_LIST -1

static DEFINE_MUTEX(learning_lock);
static DEFINE_MUTEX(control);


static bool    safer_show_mode = false;
static bool    safer_mode = false;

static bool    printk_allowed = false;
static bool    printk_deny = false;
static bool    learning_mode = true;
static bool    change_mode = true;    /*true = change_mode allowed */
static bool    verbose_param_mode = false;

static char    **global_list_prog = NULL;
static long    global_list_prog_size = 0;

static char    **global_list_learning = NULL;
static long    global_list_learning_size = 0;

static char    **global_list_learning_argv = NULL;
static long    global_list_learning_argv_size = 0;
static bool    global_list_learning_argv_init = false;

static char    **global_list_folder = NULL;
static long    global_list_folder_size = 0;

static long    global_list_progs_bytes = 0;
static long    global_list_folders_bytes = 0;




/* proto. */
struct sum_hash_struct {
     int    retval;
     char    hash_string[DIGIT * 2 + 1];
     ssize_t    file_size;
};


/* proto. */
struct  safer_info_struct {
     bool safer_show_mode;
     bool safer_mode;
     bool printk_allowed;
     bool printk_deny;
     bool learning_mode;
     bool change_mode;
     long global_list_prog_size;
     long global_list_folder_size;
     char **global_list_prog;
     char **global_list_folder;
     long global_hash_size;
     long global_list_progs_bytes;
     long global_list_folders_bytes;
};


/* proto. */
struct  safer_learning_struct {
     long global_list_learning_size;
     char **global_list_learning;
     long global_list_learning_argv_max;
     long global_list_learning_argv_size;
     char **global_list_learning_argv;
};


/* Makes compiler happy */
void safer_info(struct safer_info_struct *info);
void safer_learning(struct safer_learning_struct *learning);


/* DATA: Only over function */
void safer_info(struct safer_info_struct *info)
{
     info->safer_show_mode =safer_show_mode;
     info->safer_mode = safer_mode;
     info->printk_allowed = printk_allowed;
     info->printk_deny = printk_deny;
     info->learning_mode = learning_mode;
     info->change_mode = change_mode;
     info->global_list_prog_size = global_list_prog_size;
     info->global_list_folder_size = global_list_folder_size;
     info->global_list_prog = global_list_prog;
     info->global_list_folder = global_list_folder;
     info->global_hash_size = KERNEL_READ_SIZE;
     info->global_list_progs_bytes = global_list_progs_bytes;
     info->global_list_folders_bytes = global_list_folders_bytes;
     return;
}



/* DATA: Only over function */
void safer_learning(struct safer_learning_struct *learning)
{
     learning->global_list_learning_size = global_list_learning_size;
     learning->global_list_learning = global_list_learning;
     learning->global_list_learning_argv_max = LEARNING_ARGV_MAX;
     learning->global_list_learning_argv_size = 
global_list_learning_argv_size;
     learning->global_list_learning_argv = global_list_learning_argv;
     return;
}



static int besearch_file(char *str_search,
             char **list,
             long elements)
{
     long left, right;
     long middle;
     long int_ret;

     left = 0;
     right = elements - 1;

     while(left <= right) {
         middle = (left + right) / 2;

         int_ret = strcmp(list[middle], str_search);

         if (int_ret == 0) return 0;
         else if (int_ret < 0) left = middle + 1;
         else if (int_ret > 0) right = middle - 1;
     }

     return NOT_IN_LIST;
}





static int besearch_folder(    char *str_search,
                 char **list,
                 long elements)
{
     long left, right;
     long middle;
     long int_ret;


     if (str_search[strlen(str_search) -1] == '/' ) return NOT_IN_LIST;


     left = 0;
     right = elements - 1;

     while(left <= right) {
         middle = (left + right) / 2;

         int_ret = strncmp(list[middle], str_search, strlen(list[middle]));

         if (int_ret == 0) return 0;
         else if (int_ret < 0) left = middle + 1;
         else if (int_ret > 0) right = middle - 1;
     }

     return NOT_IN_LIST;
}




static long search(char *str_search,
         char **list,
         long elements)
{
     long n;

     for (n = 0; n < elements; n++) {
         if (strncmp(list[n], str_search, strlen(list[n])) == 0) return 0;
     }

     return NOT_IN_LIST;
}



static struct sum_hash_struct get_hash_sum_buffer(char buffer[], int 
max, const char *hash_alg, int digit)
{

     char            hash_out[64];
     struct crypto_shash    *hash;
     struct shash_desc    *shash;
     struct sum_hash_struct    hash_sum;

     char            hash_[2];


     hash = crypto_alloc_shash(hash_alg, 0, 0);
     if (IS_ERR(hash)) {
         hash_sum.retval = ERROR;
         return hash_sum;
     }

     shash = kmalloc(sizeof(struct shash_desc) + 
crypto_shash_descsize(hash), GFP_KERNEL);
     if (!shash) {
         hash_sum.retval = ERROR;
         return hash_sum;
     }

     shash->tfm = hash;


     if (crypto_shash_init(shash)) {
         hash_sum.retval = ERROR;
         return hash_sum;
     }



     if (crypto_shash_update(shash, buffer, max)) {
         hash_sum.retval = ERROR;
         return hash_sum;
     }

     if (crypto_shash_final(shash, hash_out)) {
         hash_sum.retval = ERROR;
         return hash_sum;
     }

     kfree(shash);
     crypto_free_shash(hash);


     for (int n = 0; n < digit; n++) {
         sprintf(hash_, "%02x", (unsigned char) hash_out[n]);
         hash_sum.hash_string[n * 2] = hash_[0];
         hash_sum.hash_string[(n * 2) + 1] = hash_[1];
     }

     hash_sum.hash_string[digit * 2] = '\0';
     hash_sum.retval = 0;

     return hash_sum;
}






static struct sum_hash_struct get_file_size_hash_read(const char 
*filename, const char *hash_alg, int digit)
{
     ssize_t                retval;
     ssize_t                file_size;
     void                *data = NULL;
     struct sum_hash_struct        size_hash_sum;
     int                max = KERNEL_READ_SIZE;


     retval = kernel_read_file_from_path(    filename,
                         0,
                         &data,
                         KERNEL_READ_SIZE,
                         &file_size,
                         READING_POLICY);

     if (retval < 1) {
         size_hash_sum.file_size = 0;
         size_hash_sum.hash_string[0] = '\0';
         size_hash_sum.retval = ERROR;
         return size_hash_sum;
     }

     if (file_size < 1) {
         vfree(data);
         size_hash_sum.file_size = 0;
         size_hash_sum.hash_string[0] = '\0';
         size_hash_sum.retval = ERROR;
         return size_hash_sum;
     }

     if (file_size < max) max = file_size;

     char *buffer = data;

     size_hash_sum = get_hash_sum_buffer(buffer, max, hash_alg, digit);

     if (size_hash_sum.retval == 0) {
         vfree(data);
         size_hash_sum.file_size = file_size;
         return size_hash_sum;
     }

     vfree(data);
     size_hash_sum.retval = -1;
     size_hash_sum.file_size = 0;
     size_hash_sum.hash_string[0] = '\0';

     return size_hash_sum;
}






static ssize_t get_file_size(const char *filename)
{

     loff_t    i_size;
     struct    file *file;

     file = filp_open(filename, O_RDONLY, 0);
     if (IS_ERR(file))
         return ERROR;

     if (!S_ISREG(file_inode(file)->i_mode)) {
         fput(file);
         return ERROR;
     }

     if (deny_write_access(file)) {
         fput(file);
         return ERROR;
     }

     i_size = i_size_read(file_inode(file));
     if (i_size < 1) {
         allow_write_access(file);
         fput(file);
         return ERROR;
     }

     /* The file is too big for sane activities. */
     if (i_size > INT_MAX) {
         allow_write_access(file);
         fput(file);
         return ERROR;
     }

     allow_write_access(file);
     fput(file);
     return (ssize_t) i_size;
}




static void learning_argv(uid_t user_id,
             const char *filename,
             char **argv,
             long argv_len,
             char ***list,
             long *list_len,
             bool *list_init)

{

     char    str_user_id[19];
     char    str_file_size[19];

     ssize_t    file_size;

     char    *str_learning =  NULL;
     int    string_length = 0;


     if (argv_len == 1)
         return;

     file_size = get_file_size(filename);
     /* file not exist or empty */
     if (file_size < 1)
         return;


     /* init list */
     if (*list_init == false) {
         *list = kzalloc(sizeof(char *) * LEARNING_ARGV_MAX, GFP_KERNEL);
         if (*list == NULL) {
             return;
         }
         else *list_init = true;
     }


     sprintf(str_user_id, "%u", user_id);
     sprintf(str_file_size, "%ld", file_size);

     string_length = strlen(str_user_id);
     string_length += strlen(str_file_size);
     string_length += strlen(filename);
     string_length += strlen("a:;;;") + 1;

     //if (argv_len > 10) argv_len = 10;
     for (int n = 1; n < argv_len; n++) {
         string_length += strlen(argv[n]);
         string_length += 1;
     }

     str_learning = kzalloc(string_length * sizeof(char), GFP_KERNEL);

     strcpy(str_learning, "a:");
     strcat(str_learning, str_user_id);
     strcat(str_learning, ";");
     strcat(str_learning, str_file_size);
     strcat(str_learning, ";");
     strcat(str_learning, filename);
     strcat(str_learning, ";");

     for (int n = 1; n < argv_len; n++) {
         strcat(str_learning, argv[n]);
         strcat(str_learning, ";");
     }


     if (search(str_learning, *list, *list_len) != 0) {

         if ((*list)[*list_len] != NULL)
             kfree((*list)[*list_len]);

         (*list)[*list_len] = kzalloc(string_length * sizeof(char), 
GFP_KERNEL);
             if ((*list)[*list_len] == NULL) {
                 kfree(str_learning);
                 return;
             }

         strcpy((*list)[*list_len], str_learning);

         *list_len += 1;
         /* check argv_len > lerning_argv_max */
         if (*list_len > LEARNING_ARGV_MAX - 1)
             *list_len = 0;

     }

     kfree(str_learning);
     return;
}



static void learning(    uid_t user_id,
             const char *filename,
             char ***list,
             long *list_len,
             char const *hash_alg,
             int digit)
{

     char    str_user_id[19];
     char    str_file_size[19];
     char    *str_learning =  NULL;
     int    string_length = 0;

     struct sum_hash_struct size_hash_sum;


     if (filename[0] != '/')
         return;

     //size_hash_sum = get_file_size_hash_read(filename);
     size_hash_sum = get_file_size_hash_read(filename, hash_alg, digit);

     if (size_hash_sum.retval == -1)
         return;

     sprintf(str_user_id, "%u", user_id);
     sprintf(str_file_size, "%ld", size_hash_sum.file_size);

     string_length = strlen(str_user_id);
     string_length += strlen(str_file_size);
     string_length += strlen(filename);
     string_length += strlen(size_hash_sum.hash_string);
     string_length += strlen("a:;;;") + 1;

     str_learning = kzalloc(string_length * sizeof(char), GFP_KERNEL);

     strcpy(str_learning, "a:");
     strcat(str_learning, str_user_id);
     strcat(str_learning, ";");
     strcat(str_learning, str_file_size);
     strcat(str_learning, ";");
     strcat(str_learning, size_hash_sum.hash_string);
     strcat(str_learning, ";");
     strcat(str_learning, filename);


     if (search(str_learning, *list, *list_len) != 0) {

         if (*list_len == 0) {
             *list = kzalloc(sizeof(char *), GFP_KERNEL);
             if (*list == NULL) {
                 kfree(str_learning);
                 return;
             }

             (*list)[0] = kzalloc(string_length * sizeof(char), GFP_KERNEL);
             if ((*list)[0] == NULL) {
                 kfree(str_learning);
                 return;
             }

             strcpy((*list)[0], str_learning);
             *list_len = 1;
         }
         else {
             *list = krealloc(*list, (*list_len + 1) * sizeof(char *), 
GFP_KERNEL);
             if (*list == NULL) {
                 kfree(str_learning);
                 return;
             }

             (*list)[*list_len] = kzalloc(string_length * sizeof(char), 
GFP_KERNEL);
             if ((*list)[*list_len] == NULL) {
                 kfree(str_learning);
                 return;
             }

             strcpy((*list)[*list_len], str_learning);
             *list_len += 1;
         }
     }

     kfree(str_learning);
     return;
}



static void print_prog_arguments(uid_t user_id,
                 const char *filename,
                 char **argv,
                 long argv_len,
                 const char *hash_alg,
                 int digit)
{


     struct sum_hash_struct size_hash_sum;

     size_hash_sum = get_file_size_hash_read(filename, hash_alg, digit);
     if (size_hash_sum.retval == -1)
         return;


     printk("USER ID:%u;%ld;%s;%s\n",user_id,
                     size_hash_sum.file_size,
                     size_hash_sum.hash_string,
                     filename);

     for (int n = 0; n < argv_len; n++) {
         printk("argv[%d]:%s\n", n, argv[n]);
     }

     return;
}


static int
user_allowed(    uid_t user_id,
         const char *filename,
         ssize_t file_size,
         char hash[],
         char **list,
         long list_len,
         const char *step)
{

     char str_user_id[19];
     char str_file_size[19];
     char *str_user_file = NULL;

     sprintf(str_user_id, "%u", user_id);
     sprintf(str_file_size, "%ld", file_size);

     /* user allowed */
     int string_length = strlen(str_user_id);
     string_length += strlen(str_file_size);
     string_length += strlen(filename);
     string_length += strlen(hash);

     /* i hope the compiler makes a constant ? */
     string_length += strlen("a:;;;") + 1;

     str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
     if (!str_user_file)
         return NOT_ALLOWED;

     strcpy(str_user_file, "a:");
     strcat(str_user_file, str_user_id);
     strcat(str_user_file, ";");
     strcat(str_user_file, str_file_size);
     strcat(str_user_file, ";");
     strcat(str_user_file, hash);
     strcat(str_user_file, ";");
     strcat(str_user_file, filename);

     if (besearch_file(str_user_file, list, list_len) == 0) {
         if (printk_allowed == true)
             printk("%s USER/PROG.  ALLOWED: a:%s;%s;%s;%s\n", step, 
str_user_id, str_file_size, hash, filename);
         kfree(str_user_file);
         str_user_file = NULL;
         return ALLOWED;
     }

     kfree(str_user_file);
     str_user_file = NULL;
     return NOT_ALLOWED;
}


static int
user_deny(uid_t user_id,
     const char *filename,
     ssize_t file_size,
     char hash[],
     char **list,
     long list_len,
     const char *step)

{

     char str_user_id[19];
     char str_file_size[19];
     char *str_user_file = NULL;


     sprintf(str_user_id, "%d", user_id);
     sprintf(str_file_size, "%ld", file_size);

     /* user allowed */
     int string_length = strlen(str_user_id);
     string_length += strlen(str_file_size);
     string_length += strlen(filename);
     string_length += strlen(hash);
     string_length += strlen("d:;;;") + 1;

     str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
     if (!str_user_file)
         return NOT_ALLOWED;

     strcpy(str_user_file, "d:");
     strcat(str_user_file, str_user_id);
     strcat(str_user_file, ";");
     strcat(str_user_file, str_file_size);
     strcat(str_user_file, ";");
     strcat(str_user_file, hash);
     strcat(str_user_file, ";");
     strcat(str_user_file, filename);

     if (besearch_file(str_user_file, list, list_len) == 0) {
         if (printk_deny == true)
             printk("%s USER/PROG.  DENY   : a:%s;%s;%s;%s\n", step, 
str_user_id, str_file_size, hash, filename);

         kfree(str_user_file);
         return NOT_ALLOWED;
     }

     kfree(str_user_file);
     return ALLOWED;
}


static int
group_allowed(uid_t user_id,
         const char *filename,
         ssize_t file_size,
         char hash[],
         char **list,
         long list_len,
         const char *step)

{

     char    str_user_id[19];
     char    str_file_size[19];
     char    str_group_id[19];
     char    *str_group_file = NULL;
     struct    group_info *group_info;
     int    string_length;

     group_info = get_current_groups();

     sprintf(str_user_id, "%d", user_id);


     for (int n = 0; n < group_info->ngroups; n++) {
         sprintf(str_group_id, "%u", group_info->gid[n].val);
         sprintf(str_file_size, "%ld", file_size);

         string_length = strlen(str_group_id);
         string_length += strlen(str_file_size);
         string_length += strlen(filename);
         string_length += strlen(hash);
         string_length += strlen("ga:;;;") +1;

         //if (str_group_file != NULL) kfree(str_group_file);
         str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
         if (!str_group_file)
             return NOT_ALLOWED;

         strcpy(str_group_file, "ga:");
         strcat(str_group_file, str_group_id);
         strcat(str_group_file, ";");
         strcat(str_group_file, str_file_size);
         strcat(str_group_file, ";");
         strcat(str_group_file, hash);
         strcat(str_group_file, ";");
         strcat(str_group_file, filename);

         if (besearch_file(str_group_file, list, list_len) == 0) {
             if (printk_allowed == true)
                 printk("%s GROUP/PROG. ALLOWED: ga:%s;%s;%s;%s\n", 
step, str_group_id, str_file_size, hash, filename);

             kfree(str_group_file);
             str_group_file = NULL;
             return ALLOWED;
         }

         kfree(str_group_file);
         str_group_file = NULL;
     }

     return NOT_ALLOWED;
}



static int
group_deny(    uid_t user_id,
         const char *filename,
         ssize_t file_size,
         char hash[],
         char **list,
         long list_len,
         const char *step)
{

     char    str_user_id[19];
     char    str_file_size[19];
     char    str_group_id[19];
     char    *str_group_file = NULL;
     struct    group_info *group_info;
     int    string_length;

     group_info = get_current_groups();

     sprintf(str_user_id, "%d", user_id);

     for (int n = 0; n < group_info->ngroups; n++) {
         sprintf(str_group_id, "%u", group_info->gid[n].val);
         sprintf(str_file_size, "%ld", file_size);

         string_length = strlen(str_group_id);
         string_length += strlen(str_file_size);
         string_length += strlen(hash);
         string_length += strlen(filename);
         string_length += strlen("gd:;;;") +1;

         str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
         if (!str_group_file)
             return NOT_ALLOWED;

         strcpy(str_group_file, "gd:");
         strcat(str_group_file, str_group_id);
         strcat(str_group_file, ";");
         strcat(str_group_file, str_file_size);
         strcat(str_group_file, ";");
         strcat(str_group_file, hash);
         strcat(str_group_file, ";");
         strcat(str_group_file, filename);

         if (besearch_file(str_group_file, list, list_len) == 0) {
             if (printk_deny == true)
                 printk("%s GROUP/PROG. DENY   : gd:%s;%s;%s;%s\n", 
step, str_group_id, str_file_size, hash, filename);

             kfree(str_group_file);

             return NOT_ALLOWED;
         }
         else kfree(str_group_file);
     }

     return ALLOWED;
}


static int
user_folder_allowed(    uid_t user_id,
             const char *filename,
             char **list,
             long list_len,
             const char *step)

{

     char str_user_id[19];
     char *str_folder = NULL;
     int  string_length;

     sprintf(str_user_id, "%d", user_id);

     string_length = strlen(str_user_id);
     string_length += strlen(filename);
     string_length += strlen("a:;") + 1;

     str_folder = kmalloc(string_length * sizeof(char), GFP_KERNEL);
     if (!str_folder)
         return NOT_ALLOWED;

     strcpy(str_folder, "a:");
     strcat(str_folder, str_user_id);
     strcat(str_folder, ";");
     strcat(str_folder, filename);
     /* Importend! Need qsorted list */
     if (besearch_folder(str_folder, list, list_len) == 0) {
         if (printk_allowed == true)
             printk("%s USER/PROG.  ALLOWED: a:%s;%s\n", step, 
str_user_id, filename);

         kfree(str_folder);
         return ALLOWED;
     }

     kfree(str_folder);
     return NOT_ALLOWED;
}



static int
user_folder_deny(uid_t user_id,
         const char *filename,
         char **list,
         long list_len,
         const char *step)

{

     char str_user_id[19];
     char *str_folder = NULL;
     int  string_length;

     sprintf(str_user_id, "%d", user_id);

     string_length = strlen(str_user_id);
     string_length += strlen(filename);
     string_length += strlen("d:;") + 1;

     str_folder = kmalloc(string_length * sizeof(char), GFP_KERNEL);
     if (!str_folder)
         return NOT_ALLOWED;

     strcpy(str_folder, "d:");
     strcat(str_folder, str_user_id);
     strcat(str_folder, ";");
     strcat(str_folder, filename);

     /* Importend! Need qsorted list */
     if (besearch_folder(str_folder, list, list_len) == 0) {
         if (printk_deny == true)
             printk("%s USER/PROG.  DENY   : a:%s;%s\n", step, 
str_user_id, filename);

         kfree(str_folder);
         return NOT_ALLOWED;
     }

     kfree(str_folder);
     return ALLOWED;
}


static int
group_folder_allowed(    uid_t user_id,
             const char *filename,
             char **list,
             long list_len,
             const char *step)

{

     char    str_user_id[19];
     char    str_group_id[19];
     char    *str_group_folder = NULL;
     struct    group_info *group_info;
     int    string_length;


     group_info = get_current_groups();

     sprintf(str_user_id, "%d", user_id);


     for (int n = 0; n < group_info->ngroups; n++) {
         sprintf(str_group_id, "%u", group_info->gid[n].val);

         string_length = strlen(str_group_id);
         string_length += strlen(filename);
         string_length += strlen("ga:;") + 1;

         //if (str_group_folder != NULL) kfree(str_group_folder);
         str_group_folder = kmalloc(string_length * sizeof(char), 
GFP_KERNEL);
         if (!str_group_folder)
             return NOT_ALLOWED;

         strcpy(str_group_folder, "ga:");
         strcat(str_group_folder, str_group_id);
         strcat(str_group_folder, ";");
         strcat(str_group_folder, filename);


         /* Importend! Need qsorted list */
         if (besearch_folder(str_group_folder, list, list_len) == 0) {
             if (printk_allowed == true)
                 printk("%s USER/PROG.  ALLOWED: ga:%s;%s\n", step, 
str_group_id, filename);

             kfree(str_group_folder);
             return ALLOWED;
         }
         else kfree(str_group_folder);

     }

     return NOT_ALLOWED;
}



static int
group_folder_deny(uid_t user_id,
         const char *filename,
         char **list,
         long list_len,
         const char *step)

{

     char    str_user_id[19];
     char    str_group_id[19];
     char    *str_group_folder = NULL;
     struct    group_info *group_info;
     int    string_length;

     group_info = get_current_groups();

     sprintf(str_user_id, "%d", user_id);


     for (int n = 0; n < group_info->ngroups; n++) {
         sprintf(str_group_id, "%u", group_info->gid[n].val);

         string_length = strlen(str_group_id);
         string_length += strlen(filename);
         string_length += strlen("gd:;") + 1;

         //if (str_group_folder != NULL) kfree(str_group_folder);
         str_group_folder = kmalloc(string_length * sizeof(char), 
GFP_KERNEL);
         if (!str_group_folder)
             return NOT_ALLOWED;

         strcpy(str_group_folder, "gd:");
         strcat(str_group_folder, str_group_id);
         strcat(str_group_folder, ";");
         strcat(str_group_folder, filename);


         /* Importend! Need qsorted list */
         if (besearch_folder(str_group_folder, list, list_len) == 0) {
             if (printk_deny == true)
                 printk("%s USER/PROG.  DENY   : gd:%s;%s\n", step, 
str_group_id, filename);

             kfree(str_group_folder);
             return NOT_ALLOWED;
         }
         else kfree(str_group_folder);
     }

     return ALLOWED;
}


static int
user_interpreter_allowed(uid_t user_id,
             const char *filename,
             ssize_t file_size,
             char hash[],
             char **list,
             long list_len,
             const char *step)

{

     char    str_user_id[19];
     char    str_file_size[19];
     char    *str_user_file = NULL;
     int    string_length;


     sprintf(str_user_id, "%d", user_id);
     sprintf(str_file_size, "%ld", file_size);


     /* user allowed interpreter */
     string_length = strlen(str_user_id);
     string_length += strlen(str_file_size);
     string_length += strlen(hash);
     string_length += strlen(filename);
     string_length += strlen("ai:;;;") + 1;

     str_user_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
     if (str_user_file == NULL)
         return NOT_ALLOWED;

     strcpy(str_user_file, "ai:");
     strcat(str_user_file, str_user_id);
     strcat(str_user_file, ";");
     strcat(str_user_file, str_file_size);
     strcat(str_user_file, ";");
     strcat(str_user_file, hash);
     strcat(str_user_file, ";");
     strcat(str_user_file, filename);


     if (besearch_file(str_user_file, list, list_len) == 0) {
         if (printk_allowed == true)
             printk("%s USER/PROG.  ALLOWED: ai:%s;%s;%s;%s\n", step, 
str_user_id, str_file_size, hash, filename);

         kfree(str_user_file);
         str_user_file = NULL;
         return ALLOWED;
     }

     kfree(str_user_file);
     str_user_file = NULL;

     return NOT_ALLOWED;
}


static int
group_interpreter_allowed(uid_t user_id,
         const char *filename,
         ssize_t file_size,
         char hash[],
         char **list,
         long list_len,
         const char *step)

{

     char    str_user_id[19];
     char    str_file_size[19];
     char    str_group_id[19];
     char    *str_group_file = NULL;
     struct    group_info *group_info;
     int    string_length;

     group_info = get_current_groups();

     sprintf(str_user_id, "%d", user_id);


     for (int n = 0; n < group_info->ngroups; n++) {
         sprintf(str_group_id, "%u", group_info->gid[n].val);
         sprintf(str_file_size, "%ld", file_size);

         string_length = strlen(str_group_id);
         string_length += strlen(str_file_size);
         string_length += strlen(filename);
         string_length += strlen(hash);
         string_length += strlen("gai:;;;") +1;

         //if (str_group_file != NULL) kfree(str_group_file);
         str_group_file = kmalloc(string_length * sizeof(char), GFP_KERNEL);
         if (!str_group_file)
             return NOT_ALLOWED;

         strcpy(str_group_file, "gai:");
         strcat(str_group_file, str_group_id);
         strcat(str_group_file, ";");
         strcat(str_group_file, str_file_size);
         strcat(str_group_file, ";");
         strcat(str_group_file, hash);
         strcat(str_group_file, ";");
         strcat(str_group_file, filename);

         if (besearch_file(str_group_file, list, list_len) == 0) {
             if (printk_allowed == true)
                 printk("%s GROUP/PROG. ALLOWED: gai:%s;%s;%s;%s\n", 
step, str_group_id, str_file_size, hash, filename);

             kfree(str_group_file);
             str_group_file = NULL;
             return ALLOWED;
         }

         kfree(str_group_file);
         str_group_file = NULL;
     }

     return NOT_ALLOWED;
}





/* allowed/deny user/group script file*/
/* 0 allowed */
/* -1 deny */
static int
param_file(uid_t user_id,
         const char *filename,
         ssize_t file_size,
         char hash[],
         char **argv,
         long argv_len,
         char **list,
         long list_len,
         const char *step)

{

     struct sum_hash_struct size_hash_sum;


     if (argv_len == 1) return NOT_ALLOWED;


     /* check interpreter and files */
     /* user allowed interpreter */
     /* check "ai:  gai:"  */
     if (user_interpreter_allowed(user_id,
                     filename,
                     file_size,
                     hash,
                     list,
                     list_len,
                     step) == NOT_ALLOWED)
         if (group_interpreter_allowed(user_id,
                         filename,
                         file_size,
                         hash,
                         list,
                         list_len,
                         step) == NOT_ALLOWED)
                             return NOT_ALLOWED;


     /* java */
     if (strcmp(argv[1], "-jar") == 0) {
         if (argv_len != 3) return NOT_ALLOWED;

         size_hash_sum = get_file_size_hash_read(argv[2], HASH_ALG, DIGIT);
         if (size_hash_sum.retval == NOT_ALLOWED) {
             if (printk_deny == true)
                 printk("STAT STEP FIRST: USER/PROG.  UNKOWN : 
a:%d;;;%s\n",user_id,
                                             argv[2]);
             return NOT_ALLOWED;
         }

         /* check file/prog is in the list: allowed or deny */
         /* deny user not required. not in the list is the same */
         if (user_deny(user_id,
                 argv[2],
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == NOT_ALLOWED) return NOT_ALLOWED;

         if (group_deny(user_id,
                 argv[2],
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == NOT_ALLOWED) return NOT_ALLOWED;

         if (user_allowed(user_id,
                 argv[2],
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == ALLOWED) return ALLOWED;

         if (group_allowed(user_id,
                 argv[2],
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == ALLOWED) return ALLOWED;

         if (printk_deny == true)
             printk("%s USER/SCRIPT DENY   : a:%d;%ld;%s;%s\n", step,
                                     user_id,
                                     size_hash_sum.file_size,
                                     size_hash_sum.hash_string,
                                     argv[2]);

         return(NOT_ALLOWED);

     }


     /* java */
     if (strcmp(argv[1], "-classpath") == 0) {
         if (argv_len != 4) return NOT_ALLOWED;

         long str_length;
         str_length = strlen(argv[2]);
         str_length += strlen(argv[3]);
         str_length += strlen("/.class") + 1;

         char *str_class_name = kmalloc(str_length * sizeof(char), 
GFP_KERNEL);
         if (str_class_name == NULL) return(NOT_ALLOWED);

         strcpy(str_class_name, argv[2]);
         strcat(str_class_name, "/");
         strcat(str_class_name, argv[3]);
         strcat(str_class_name, ".class");

         size_hash_sum = get_file_size_hash_read(str_class_name, 
HASH_ALG, DIGIT);
         if (size_hash_sum.retval == NOT_ALLOWED) {
             if (printk_deny == true)
                 printk("STAT STEP FIRST: USER/PROG.  UNKOWN : 
a:%d;;;%s\n",user_id,
                                             str_class_name);

             kfree(str_class_name);
             return NOT_ALLOWED;
         }

         /* check file/prog is in the list: allowed or deny */
         /* deny user not required. not in the list is the same */
         if (user_deny(user_id,
                 str_class_name,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == NOT_ALLOWED) {

             kfree(str_class_name);
             return NOT_ALLOWED;
         }

         if (group_deny(user_id,
                 str_class_name,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == NOT_ALLOWED) {

             kfree(str_class_name);
             return NOT_ALLOWED;
         }

         if (user_allowed(user_id,
                 str_class_name,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == ALLOWED) {

             kfree(str_class_name);
             return ALLOWED;
         }

         if (group_allowed(user_id,
                 str_class_name,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 list,
                 list_len,
                 step) == ALLOWED) {

             kfree(str_class_name);
             return ALLOWED;
         }

         if (printk_deny == true)
             printk("%s USER/SCRIPT DENY   : d:%d;%ld;%s;%s\n", step,
                                     user_id,
                                     size_hash_sum.file_size,
                                     size_hash_sum.hash_string,
                                     str_class_name);

         kfree(str_class_name);

         return(NOT_ALLOWED);
     }


     /* other */
     size_hash_sum = get_file_size_hash_read(argv[1], HASH_ALG, DIGIT);
     if (size_hash_sum.retval == NOT_ALLOWED)
         return NOT_ALLOWED;


     /* check file/prog is in the list: allowed or deny */
     /* deny user not required. not in the list is the same */
     if (user_deny(user_id,
             argv[1],
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             list,
             list_len,
             step) == NOT_ALLOWED) return NOT_ALLOWED;

     if (group_deny(user_id,
             argv[1],
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             list,
             list_len,
             step) == NOT_ALLOWED) return NOT_ALLOWED;

     if (user_allowed(user_id,
             argv[1],
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             list,
             list_len,
             step) == ALLOWED) return ALLOWED;

     if (group_allowed(user_id,
             argv[1],
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             list,
             list_len,
             step) == ALLOWED) return ALLOWED;

     if (printk_deny == true)
         printk("%s USER/SCRIPT DENY   : d:%d;%ld;%s;%s\n", step,
                                 user_id,
                                 size_hash_sum.file_size,
                                 size_hash_sum.hash_string,
                                 argv[1]);

     /* not found */
     return NOT_ALLOWED;
}






static int exec_first_step(uid_t user_id, const char *filename, char 
**argv, long argv_len)
{

     struct sum_hash_struct size_hash_sum;


     /* Limit argv[0] = 1000 */
     /* Reason glibc */
     /* A GOOD IDEA? I don't know? */
     /* But it's works */
     /* when in doubt remove it */

     /*
     if (strlen(argv[0]) > 1000) {
         if (printk_deny == true || printk_allowed == true)
             printk("STAT STEP FIRST: USER/PROG.  DENY. ARGV[0] ERROR: 
a:%d;;;%s\n",user_id,
                                                 filename);
         return RET_SHELL;
     }
     */

     /* if Size = 0 not check */
     size_hash_sum = get_file_size_hash_read(filename, HASH_ALG, DIGIT);
     if (size_hash_sum.retval == NOT_ALLOWED) {
         if (printk_deny == true)
             printk("STAT STEP FIRST: USER/PROG.  UNKOWN : 
a:%d;;;%s\n",user_id,
                                         filename);
         return ALLOWED;
     }


     /* group deny folder */
     if (global_list_folder_size > 0) {
         if (group_folder_deny(user_id,
                     filename,
                     global_list_folder,
                     global_list_folder_size,
                     "STAT STEP FIRST:") == NOT_ALLOWED)
             return RET_SHELL;
     }

     /* deny folder */
     if (global_list_folder_size > 0) {
         if (user_folder_deny(user_id,
                     filename,
                     global_list_folder,
                     global_list_folder_size,
                     "STAT STEP FIRST:") == NOT_ALLOWED)
             return RET_SHELL;
     }

     /* deny group */
     /* if global_list_prog_size = 0, safer_mode not true */
     if (group_deny( user_id,
             filename,
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             global_list_prog,
             global_list_prog_size,
                     "STAT STEP FIRST:") == NOT_ALLOWED)
         return RET_SHELL;

     /* deny user */
     if (user_deny(user_id,
             filename,
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             global_list_prog,
             global_list_prog_size,
                     "STAT STEP FIRST:") == NOT_ALLOWED)
         return RET_SHELL;

     /* group allowed folder */
     if (global_list_folder_size > 0) {
         if (group_folder_allowed(user_id,
                     filename,
                     global_list_folder,
                     global_list_folder_size,
                     "STAT STEP FIRST:") == ALLOWED)
             return ALLOWED;
     }

     /* user allowed folder */
     if (global_list_folder_size > 0) {
         if (user_folder_allowed(user_id,
                     filename,
                     global_list_folder,
                     global_list_folder_size,
                     "STAT STEP FIRST:") == ALLOWED)
             return ALLOWED;
     }

     /* allowed user */
     if (user_allowed(user_id,
             filename,
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             global_list_prog,
             global_list_prog_size,
             "STAT STEP FIRST:") == ALLOWED)
         return ALLOWED;;

     /* allowed group */
     if (group_allowed(user_id,
             filename,
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             global_list_prog,
             global_list_prog_size,
             "STAT STEP FIRST:") == ALLOWED)
         return ALLOWED;


     /* user allowed interpreter and allowed group script file*/
     /* 0 allowed */
     /* -1 deny */
     if (param_file(user_id,
             filename,
             size_hash_sum.file_size,
             size_hash_sum.hash_string,
             argv,
             argv_len,
             global_list_prog,
             global_list_prog_size,
                 "STAT STEP FIRST:") == ALLOWED)
         return ALLOWED;

     if (printk_deny == true)
         printk("STAT STEP FIRST: USER/PROG.  DENY   : 
a:%d;%ld;%s;%s\n", user_id,
                                         size_hash_sum.file_size,
                                         size_hash_sum.hash_string,
                                         filename);

     return (RET_SHELL);

}





static int exec_second_step(const char *filename)
{

     struct sum_hash_struct size_hash_sum;
     int retval;

     uid_t user_id = get_current_user()->uid.val;




     if (learning_mode == true) {

         /* works too */
         mutex_lock(&learning_lock);

         learning(user_id,
             filename,
             &global_list_learning,
             &global_list_learning_size,
             HASH_ALG,
             DIGIT);

         mutex_unlock(&learning_lock);
     }



     if (safer_mode == true    || (safer_show_mode == true && 
printk_allowed == true )
                 || (safer_show_mode == true && printk_deny == true)) {

         /* if size = 0 not check */
         size_hash_sum = get_file_size_hash_read(filename, HASH_ALG, DIGIT);
         if (size_hash_sum.retval == NOT_ALLOWED) {
             if (printk_deny == true)
                 printk("STAT STEP SEC  : USER/PROG.  UNKOWN : 
a:%d;;;%s\n",user_id,
                                             filename);
             return ALLOWED;
         }


         /* group deny folder */
         if (global_list_folder_size > 0) {
             retval = group_folder_deny(user_id,
                         filename,
                         global_list_folder,
                         global_list_folder_size,
                         "STAT STEP SEC  :");

             if (safer_mode == true) {
                 if (retval == NOT_ALLOWED)
                     return RET_SHELL;
             }
             else if (retval == NOT_ALLOWED)
                 return ALLOWED;
         }


         /* deny folder */
         if (global_list_folder_size > 0) {
             retval = user_folder_deny(user_id,
                         filename,
                         global_list_folder,
                         global_list_folder_size,
                         "STAT STEP SEC  :");

             if (safer_mode == true) {
                 if (retval == NOT_ALLOWED)
                     return RET_SHELL;
             }
             else if (retval == NOT_ALLOWED)
                 return ALLOWED;
         }



         /* deny group */
         /* if global_list_prog_size = 0, safer_mode not true */
         retval = group_deny(user_id,
                 filename,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 global_list_prog,
                 global_list_prog_size,
                 "STAT STEP SEC  :");

         if (safer_mode == true) {
             if (retval == NOT_ALLOWED)
                 return RET_SHELL;
         }
         else if (retval == NOT_ALLOWED)
             return ALLOWED;


         /* deny user */
         retval = user_deny(user_id,
                 filename,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 global_list_prog,
                 global_list_prog_size,
                 "STAT STEP SEC  :");

         if (safer_mode == true) {
             if (retval == NOT_ALLOWED)
                 return RET_SHELL;
         }
         else if (retval == NOT_ALLOWED)
             return ALLOWED;


         /* allowed folder */
         if (global_list_folder_size > 0) {
             if (group_folder_allowed(user_id,
                         filename,
                         global_list_folder,
                         global_list_folder_size,
                         "STAT STEP SEC  :") == ALLOWED)
                 return ALLOWED;
         }

         /* allowed folder */
         if (global_list_folder_size > 0) {
             if (user_folder_allowed(user_id,
                         filename,
                         global_list_folder,
                         global_list_folder_size,
                         "STAT STEP SEC  :") == ALLOWED)
                 return ALLOWED;
         }

         /* allowed user */
         if (user_allowed(user_id,
                 filename,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 global_list_prog,
                 global_list_prog_size,
                 "STAT STEP SEC  :") == ALLOWED)
             return ALLOWED;

         /* allowed group */
         if (group_allowed(user_id,
                 filename,
                 size_hash_sum.file_size,
                 size_hash_sum.hash_string,
                 global_list_prog,
                 global_list_prog_size,
                 "STAT STEP SEC  :") == ALLOWED)
             return ALLOWED;


         /* user allowed interpreter */
         if (user_interpreter_allowed(    user_id,
                         filename,
                         size_hash_sum.file_size,
                         size_hash_sum.hash_string,
                         global_list_prog,
                         global_list_prog_size,
                         "STAT STEP SEC  :") == ALLOWED)
                 return ALLOWED;

         /* group allowed interpreter */
         if (group_interpreter_allowed(    user_id,
                         filename,
                         size_hash_sum.file_size,
                         size_hash_sum.hash_string,
                         global_list_prog,
                         global_list_prog_size,
                         "STAT STEP SEC  :") == ALLOWED)
                 return ALLOWED;


         if (printk_deny == true) {
             printk("STAT STEP SEC  : USER/PROG.  DENY   : 
a:%d;%ld;%s;%s\n",user_id,
                                             size_hash_sum.file_size,
size_hash_sum.hash_string,
                                             filename);
         }






         /* filter end */
         if (safer_mode == true)
             return (RET_SHELL);
         else return ALLOWED;
     }

     return ALLOWED;
}



static int allowed_exec(struct filename *kernel_filename,
             const char __user *const __user *_argv)
{

     struct user_arg_ptr argv = { .ptr.native = _argv };

     const char __user    *str;
     char            **argv_list = NULL;
     long            argv_list_len = 0;
     long            str_len;
     int            retval;
     uid_t            user_id;


     if (safer_mode == false)
         if (learning_mode == false)
             if (safer_show_mode == false || printk_allowed == false)
                 if (safer_show_mode == false || printk_deny == false)
                     return ALLOWED;

     /* argv -> kernel space */
     argv_list_len = count(argv, MAX_ARG_STRINGS);

     if (argv_list_len > ARGV_MAX) argv_list_len = ARGV_MAX;
     argv_list = kzalloc(argv_list_len * sizeof(char *), GFP_KERNEL);
     if (!argv_list)
         return ALLOWED;

     for (int n = 0; n < argv_list_len; n++) {
         str = get_user_arg_ptr(argv, n);
         str_len = strnlen_user(str, MAX_ARG_STRLEN);

         argv_list[n] = kzalloc((str_len + 1) * sizeof(char), GFP_KERNEL);

         retval = copy_from_user(argv_list[n], str, str_len);
     }

     user_id = get_current_user()->uid.val;



     if (verbose_param_mode == true)
         print_prog_arguments(    user_id,
                     kernel_filename->name,
                     argv_list,
                     argv_list_len,
                     HASH_ALG,
                     DIGIT);


     if (learning_mode == true) {

         /* works too */
         mutex_lock(&learning_lock);

         learning(user_id,
             kernel_filename->name,
             &global_list_learning,
             &global_list_learning_size,
             HASH_ALG,
             DIGIT);

         learning_argv(    user_id,
                 kernel_filename->name,
                 argv_list,
                 argv_list_len,
                 &global_list_learning_argv,
                 &global_list_learning_argv_size,
                 &global_list_learning_argv_init);

         mutex_unlock(&learning_lock);

     }

     if (safer_mode == true    || (safer_show_mode == true && 
printk_allowed == true)
                 || (safer_show_mode == true && printk_deny == true))
         retval = exec_first_step(user_id,
                     kernel_filename->name,
                     argv_list,
                     argv_list_len);


     for (int n = 0; n < argv_list_len; n++) {
         if (argv_list[n] != NULL)
             kfree(argv_list[n]);
     }

     if (argv_list != NULL) {
         kfree(argv_list);
         argv_list = NULL;
     }


     if (safer_mode == true)
         return (retval);

     return ALLOWED;

}






/* SYSCALL NR: my choice: above 500 */
SYSCALL_DEFINE2(set_execve_list,
         const loff_t, number,
         const char __user *const __user *, list)
{


     uid_t    user_id;
     int    str_len = 0;
     char    *list_string = NULL;

     struct user_arg_ptr _list = { .ptr.native = list };
     const char __user *str;



     user_id = get_current_user()->uid.val;

     /* command part, future ? */
     switch(number) {


         /* safer on */
         case 999900:    if (user_id != 0) return CONTROL_ERROR;
                 if (change_mode == false) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;

                 if (global_list_prog_size > 0 || 
global_list_folder_size > 0) {
                     safer_mode = true;
                     printk("MODE: SAFER ON\n");
                     mutex_unlock(&control);
                     return CONRTOL_OK;
                 }
                 else {
                     printk("MODE: SAFER OFF\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


         /* safer off */
         case 999901:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER OFF\n");
                 safer_mode = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         /* stat */
         case 999902:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 printk("SAFER STATE         : %d\n", safer_mode);
                 return(safer_mode);


         /* printk allowed on */
         case 999903:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER PRINTK ALLOWED ON\n");
                 printk_allowed = true;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         /* printk allowed off */
         case 999904:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER PRINTK ALLOWED OFF\n");
                 printk_allowed = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         case 999905:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: NO MORE CHANGES ALLOWED\n");
                 change_mode = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         case 999906:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: learning ON\n");
                 learning_mode = true;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         case 999907:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: learning OFF\n");
                 learning_mode = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         case 999908:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: verbose paramter mode ON\n");
                 verbose_param_mode = true;
                 mutex_unlock(&control);
                 return CONRTOL_OK;



         case 999909:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: verbose parameter mode OFF\n");
                 verbose_param_mode = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         /* safer show on */
         case 999910:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;

                 safer_show_mode = true;
                 printk("MODE: SAFER SHOW ONLY ON\n");
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         /* safer show off */
         case 999911:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER SHOW ONLY OFF\n");
                 safer_show_mode = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;



         /* printk deny ON */
         case 999912:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER PRINTK DENY ON\n");
                 printk_deny = true;
                 mutex_unlock(&control);
                 return CONRTOL_OK;


         /* printk deny OFF */
         case 999913:    if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;
                 printk("MODE: SAFER PRINTK DENY OFF\n");
                 printk_deny = false;
                 mutex_unlock(&control);
                 return CONRTOL_OK;



         /* set all list */
         case 999920:

                 if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;


                 if (list == NULL) {        /* check? */
                     printk("ERROR: FILE LIST\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 } /* check!? */

                 int int_ret = count(_list, MAX_ARG_STRINGS);
                 if (int_ret == 0) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 str = get_user_arg_ptr(_list, 0);        /* String 0 */
                 str_len = strnlen_user(str, MAX_ARG_STRLEN);
                 if (str_len < 1) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 /* safer */
                 if (list_string != NULL) { kfree(list_string); 
list_string = NULL; }

                 list_string = kmalloc((str_len + 1) * sizeof(char), 
GFP_KERNEL);
                 if (list_string == NULL) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 int_ret = copy_from_user(list_string, str, str_len);

                 long list_prog_size;
                 int_ret = kstrtol(list_string, 10, &list_prog_size);
                 if (list_string != NULL) { kfree(list_string); 
list_string = NULL; }
                 if (int_ret != 0) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 /* new list 0 ? */
                 if (list_prog_size < 1) {
                     printk("NO FILE LIST\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 /* new list > MAX_DYN */
                 if (list_prog_size > MAX_DYN) {
                     printk("FILE LIST TO BIG!\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


                 /* check bytes */
                 /* new list */
                 long list_progs_bytes = 0;
                 for (int n = 0; n < list_prog_size; n++) {
                     str = get_user_arg_ptr(_list, n + 1);
                     list_progs_bytes += strnlen_user(str, MAX_ARG_STRLEN);
                 }

                 if (list_progs_bytes > MAX_DYN_BYTES) {
                     printk("FILE LIST TO BIG!\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


                 /*
                 first: new list
                 if new list ok. clear old list.
                 if new list not ok clear new list
                 keep old list
                 */

                 char **list_prog_temp = NULL;

                 /* dyn list */
                 list_prog_temp = kmalloc(list_prog_size * sizeof(char 
*), GFP_KERNEL);
                 /* Create a new not ok */
                 if (list_prog_temp == NULL) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 for (int n = 0; n < list_prog_size; n++) {
                     str = get_user_arg_ptr(_list, n + 1);        /* 
String 0 */
                     str_len = strnlen_user(str, MAX_ARG_STRLEN);

                     list_prog_temp[n] = kmalloc((str_len + 1) * 
sizeof(char), GFP_KERNEL);
                     /* Create a new list not ok */
                     if (list_prog_temp[n] == NULL) {
                         for (int n_error = 0; n_error < n; n_error++) {
                             kfree(list_prog_temp[n_error]);
                             list_prog_temp[n_error] = NULL;
                         }

                         kfree(list_prog_temp);
                         list_prog_temp = NULL;
                         mutex_unlock(&control);
                         return CONTROL_ERROR;
                     }

                     int_ret = copy_from_user(list_prog_temp[n], str, 
str_len);
                 }


                 /* clear */
                 /* old list */
                 if (global_list_prog_size > 0) {
                     for (int n = 0; n < global_list_prog_size; n++) {
                         kfree(global_list_prog[n]);
                         global_list_prog[n] = NULL;
                     }
                     kfree(global_list_prog);
                 }

                 /* global = new */
                 global_list_prog = list_prog_temp;
                 list_prog_temp = NULL;
                 global_list_prog_size = list_prog_size;
                 global_list_progs_bytes = list_progs_bytes;

                 printk("FILE LIST ELEMENTS: %ld\n", global_list_prog_size);
                 printk("FILE LIST BYTES   : %ld\n", 
global_list_progs_bytes);


                 mutex_unlock(&control);
                 return(global_list_prog_size);


         /* set all folder list */
         case 999921:
                 if (change_mode == false) return CONTROL_ERROR;
                 if (user_id != 0) return CONTROL_ERROR;
                 if (!mutex_trylock(&control)) return CONTROL_ERROR;


                 if (list == NULL) {        /* check? */
                     printk("ERROR: FOLDER LIST\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 } /* check!? */


                 /* No Syscall Parameter 6 necessary */
                 int_ret = count(_list, MAX_ARG_STRINGS);
                 if (int_ret == 0) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 str = get_user_arg_ptr(_list, 0);        /* String 0 */
                 str_len = strnlen_user(str, MAX_ARG_STRLEN);
                 if (str_len < 1) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 /* safer */
                 if (list_string != NULL) { kfree(list_string); 
list_string = NULL; }

                 list_string = kmalloc((str_len + 1) * sizeof(char), 
GFP_KERNEL);
                 if (list_string == NULL) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 int_ret = copy_from_user(list_string, str, str_len);

                 long list_folder_size;
                 int_ret = kstrtol(list_string, 10, &list_folder_size);
                 if (list_string != NULL) { kfree(list_string); 
list_string = NULL; };
                 if (int_ret != 0) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


                 /* new list = 0 ? */
                 if (list_folder_size < 1) {
                     printk("NO FOLDER LIST\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 /* new list > MAX_DYN */
                 if (list_folder_size > MAX_DYN) {
                     printk("FOLDER LIST TO BIG!\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


                 /* check bytes */
                 /* new list */
                 long list_folders_bytes = 0;
                 for (int n = 0; n < list_folder_size; n++) {
                     str = get_user_arg_ptr(_list, n + 1);
                     list_folders_bytes += strnlen_user(str, 
MAX_ARG_STRLEN);
                 }

                 if (list_folders_bytes > MAX_DYN_BYTES) {
                     printk("FOLDER LIST TO BIG!\n");
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }


                 /*
                 first: new list
                 if new list ok. clear old list.
                 if new list not ok clear new list
                 keep old list
                 */

                 char **list_folder_temp = NULL;

                 /* dyn array */
                 list_folder_temp = kmalloc(list_folder_size * 
sizeof(char *), GFP_KERNEL);
                 /* Create a new list not ok */
                 if (list_folder_temp == NULL) {
                     mutex_unlock(&control);
                     return CONTROL_ERROR;
                 }

                 for (int n = 0; n < list_folder_size; n++) {
                     str = get_user_arg_ptr(_list, n + 1);        /* 
String 0 */
                     str_len = strnlen_user(str, MAX_ARG_STRLEN);

                     list_folder_temp[n] = kmalloc((str_len + 1) * 
sizeof(char), GFP_KERNEL);
                     /* Create a new list not ok*/
                     if (list_folder_temp[n] == NULL) {
                         for (int n_error = 0; n_error < n; n_error++) {
                             kfree(list_folder_temp[n_error]);
                             list_folder_temp[n_error] = NULL;
                         }

                         kfree(list_folder_temp);
                         list_folder_temp = NULL;
                         mutex_unlock(&control);
                         return CONTROL_ERROR;
                     }

                     int_ret = copy_from_user(list_folder_temp[n], str, 
str_len);
                 }

                 /* clear */
                 /* old list */
                 if (global_list_folder_size > 0) {
                     for (int n = 0; n < global_list_folder_size; n++) {
                         kfree(global_list_folder[n]);
                         global_list_folder[n] = NULL;
                     }
                     kfree(global_list_folder);
                 }

                 /* global = new */
                 global_list_folder = list_folder_temp;
                 list_folder_temp = NULL;
                 global_list_folder_size = list_folder_size;
                 global_list_folders_bytes = list_folders_bytes;

                 printk("FILE LIST ELEMENTS: %ld\n", 
global_list_folder_size);
                 printk("FILE LIST BYTES   : %ld\n", 
global_list_folders_bytes);


                 mutex_unlock(&control);
                 return(global_list_folder_size);



         default:    printk("ERROR: COMMAND NOT IN LIST\n");
                 return CONTROL_ERROR;
     }
}


SYSCALL_DEFINE3(execve,
         const char __user *, filename,
         const char __user *const __user *, argv,
         const char __user *const __user *, envp)
{
     if (allowed_exec(getname(filename), argv) == RET_SHELL) return 
RET_SHELL;

     return do_execve(getname(filename), argv, envp);
}


























---------------------------------
TOOL
csafer.c

same as fpsafer.pas
---------------------------------


/** Copyright (c) 2022/05/12, Peter Boettcher, Germany/NRW, Muelheim Ruhr
  * Urheber: 2022/05/12, Peter Boettcher, Germany/NRW, Muelheim Ruhr

  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2, or (at your option)
  * any later version.

  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.

  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *)

*/



/*
     Frontend for Linux SYSCALL Extension <execve>

     Autor/Urheber    : Peter Boettcher
             : Muelheim Ruhr
             : Germany
     Date        : 2023.11.15 - 2024.05.26

     Program        : csafer.c
             : Simple Frontend

             : Control Program for Extension <SYSCALL execve>
             : It only works as ROOT

             : If you use binary search, a sorted list ist required.

     List        : ALLOW and DENY list


     Control        :  0 = safer ON
             :  1 = safer OFF
             :  2 = State
             :  3 = printk allowed LOG ON
             :  4 = printk allowed Log OFF
             :  5 = LOCK changes
             :  6 = learning ON
             :  7 = learning OFF
             :  8 = Verbose LOG ON
             :  9 = Verbose LOG OFF
             : 10 = Safer Show LOG ON
             : 11 = Safer Show LOG  OFF
             : 12 = printk deny on
             : 13 = printk deny off

             : 20 = Set FILE List
             : 21 = Set FOLDER List

     ALLOW/DENY List    : 2 DIM. dyn. char Array = string
             : String 0 = Number of strings

             : a:USER-ID;SIZE;HASH;Path
             : d:USER-ID;SIZE;HASH;Path

             : ga:GROUP-ID;HASH;Path
             : gd:GROUP-ID;HASH;Path

             : ai:USER-ID;SIZE;HASH;PATH/python
             : a:ai:USER-ID;SIZE;HASH;PATH/python-script

             : Example:
             : a:100;1224;HASH;/bin/test        = allow file
             : a:100;1234;HASH;/bin/test1        = allow file
             : a:100;/usr/sbin/            = allow Folder

             : d:100;HASH;/usr/sbin/test        = deny file
             : d:100;/usr/sbin/            = deny folder

             : ga:100;usr/sbin/            = allow group folder
             : gd:100;/usr/bin/            = deny group folder
             : gd:101;1234;HASH;/usr/bin/mc        = deny group file
             : ga:101;1234;HASH;/usr/bin/mc        = allow group file



             : ai:100;1234;HASH;/bin/python        = allow file
             : a:100;1234;HASH;/bin/test1.py        = allow file

     program start    :
             : python = allone      = not allowed
             : python /PATH/test.py = allowed
             : test1.py             = allowed



             : It is up to the ADMIN to keep the list reasonable 
according to these rules!


     I would like to remember ALICIA ALONSO, MAYA PLISETSKAYA, CARLA 
FRACCI, EVA EVDOKIMOVA, VAKHTANG CHABUKIANI and the
     "LAS CUATRO JOYAS DEL BALLET CUBANO". Admirable ballet dancers.

*/



#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>




#define SAFER_ON 0
#define SAFER_OFF 1

#define STAT 2

#define PRINTK_ALLOWED_ON 3
#define PRINTK_ALLOWED_OFF 4

#define PRINTK_DENY_ON 12
#define PRINTK_DENY_OFF 13

#define SAFER_LOCK 5

#define PRINTK_LEARNING_ON 6
#define PRINTK_LEARNING_OFF 7

#define PRINTK_ARGV_ON 8
#define PRINTK_ARGV_OFF 9

#define PRINTK_SHOW_ON 10
#define PRINTK_SHOW_OFF 11

#define LIST_PROG 20
#define LIST_FOLDER 21

#define SAFER_SORT 30





typedef signed long long int s64;
typedef unsigned long long int u64;



typedef int bool;
#define true 1
#define false 0



/* #define VERSION_SYSCALL */

#ifdef VERSION_SYSCALL
#define SYSCALL_NR 501
#else
#define SYSCALL_NR 59
#endif








//--------------------------------------------------------------------------------------------------------------------
typedef struct {
     //public
     char    **TStringList;
     s64    COUNT_BYTES_FILE;
     s64    COUNT_LINES_FILE;

     s64    TStringList_Length_Max;
     s64    TStringList_Lines;

     bool    DelDUP;
     bool    SORT;

     //public Funktionen
     s64 (*CountBytesFile)    (void *self, char *file_name);
     s64 (*CountLinesFile)    (void *self, char *file_name);
     s64 (*SetLines)        (void *self, s64 numbers);
     s64 (*DynStrcpy)    (void *self, s64 number, char *newstring);
     s64 (*DynStrcat)    (void *self, s64 number, char *newstring);
     s64 (*Del)        (void *self, s64 number);
     s64 (*CountLines)    (void *self);
     s64 (*StringLengthMax)    (void *self);
     s64 (*LoadFromFile)    (void *self, char *file_name);
     s64 (*DelDup)        (void *self);
     s64 (*DynFree)        (void *self);
     s64 (*MaxStr)        (void *self);
     s64 (*Add)        (void *self, char *newstring);
     s64 (*Sort)        (void *self);
     s64 (*SetSort)        (void *self, bool b);
     s64 (*SetDelDUP)    (void *self, bool b);



} TStringList;





int TryStrToInt64 (char *STRING_NUMBER, s64 *NUMBER, int ZAHLEN_SYSTEM) {

     char *ERROR;

     if (strlen(STRING_NUMBER) == 0) return (-1);

     *NUMBER = strtoll(STRING_NUMBER, &ERROR, ZAHLEN_SYSTEM);
     if (strlen(ERROR) != 0) return (-1);

     if (*NUMBER == 9223372036854775807) {
         if (strncmp(STRING_NUMBER, "9223372036854775807", 19) != 0) 
return(-1);
         else return(0);
     }

     /* Warning gcc: -922337203685477508 */
     if (*NUMBER + 1 == -9223372036854775807) {
         if (strncmp(STRING_NUMBER, "-9223372036854775808", 20) != 0) 
return(-1);
         else return(0);
     }

     return(0);
}





int str_compare(const void *a, const void *b)
{
     const char **pa = (const char **)a;
     const char **pb = (const char **)b;
     return strcmp(*pa, *pb);
}





s64 Sort (void *self) {

     TStringList *struct_tstringlist = self;

     qsort(struct_tstringlist->TStringList, 
struct_tstringlist->TStringList_Lines, sizeof(char *), str_compare);

     return(0);

}





s64 SetSort (void *self, bool b) {

     TStringList *struct_tstringlist = self;

     if (b == true) struct_tstringlist->SORT = true;
     else struct_tstringlist->SORT = false;

     return(0);

}





s64 SetDelDUP (void *self, bool b) {

     TStringList *struct_tstringlist = self;

     if (b == true) struct_tstringlist->DelDUP = true;
     else struct_tstringlist->DelDUP = false;

     return(0);

}





s64 Add(void *self, char *newstring)
{
     TStringList *struct_tstringlist = self;

     //New
     if (struct_tstringlist->TStringList_Lines == -1) {
         struct_tstringlist->TStringList = malloc(1 * sizeof(char *));
         if (struct_tstringlist->TStringList == NULL) return(-1);

         struct_tstringlist->TStringList[0] = malloc((strlen(newstring) 
+ 1) * sizeof(char));

         if 
(struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines] 
== NULL) {
             //former state
             free(struct_tstringlist->TStringList);
             return(-1);
         }


         strcpy(struct_tstringlist->TStringList[0], newstring);
         struct_tstringlist->TStringList_Lines = 1;

         return(0);
     }

     //backup pointer
     char **backup_ptr = struct_tstringlist->TStringList;
     s64 lines = struct_tstringlist->TStringList_Lines + 1;

     //New LINE
     backup_ptr = realloc(backup_ptr, lines * sizeof(char *));
     if (backup_ptr == NULL) return(-1);
     else struct_tstringlist->TStringList = backup_ptr;

     //MEM Columns
struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines] = 
malloc((strlen(newstring) + 1) * sizeof(char));
     if 
(struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines] 
== NULL) {
         //former state
         struct_tstringlist->TStringList = 
realloc(struct_tstringlist->TStringList, (lines - 1) * sizeof(char *));
         return(-1);
     }

strcpy(struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines], 
newstring);
     struct_tstringlist->TStringList_Lines++;

     return(0);
}





s64 MaxStr (void *self)
{
     TStringList *struct_tstringlist = self;

     s64 MAX;
     for (s64 n = 0; n < struct_tstringlist->TStringList_Lines; n++) {
         if (struct_tstringlist->TStringList[n] != NULL) {
             MAX = strlen(struct_tstringlist->TStringList[n]);
             if (MAX > struct_tstringlist->TStringList_Length_Max) 
struct_tstringlist->TStringList_Length_Max = MAX;
         }
     }

     return(0);
}





s64 DynFree (void *self)
{
     TStringList *struct_tstringlist = self;

     if (struct_tstringlist->TStringList_Lines == -1) return(-1);

     for (s64 n = 0; n < struct_tstringlist->TStringList_Lines; n++) {
         if (struct_tstringlist->TStringList[n] != NULL) 
free(struct_tstringlist->TStringList[n]);
     }

     free(struct_tstringlist->TStringList);
     struct_tstringlist->TStringList = NULL;


     struct_tstringlist->TStringList_Lines = -1;
     struct_tstringlist->TStringList_Length_Max = -1;
     struct_tstringlist->COUNT_BYTES_FILE = -1;
     struct_tstringlist->COUNT_LINES_FILE = -1;

     return(0);

}





s64 CountLinesFile(void *self, char *file_name)
{
     long long n = 1;
     int c;
     FILE *fp;

     fp = fopen(file_name, "r");
     if (!fp) return(-1);

     while ((c = fgetc(fp)) != EOF) {
         if (c == '\n') n++;
     }

     if (ferror(fp)) return(-1);

     fclose(fp);

     TStringList *struct_tstringlist = self;
     struct_tstringlist->COUNT_LINES_FILE = n;


     return(n);
}





s64 CountBytesFile(void *self, char *file_name)
{
     long n = 1;
     int c;
     FILE *fp;

     fp = fopen(file_name, "r");
     if (!fp) return(-1);


     while ((c = fgetc(fp)) != EOF) {
         n++;
     }

     if (ferror(fp)) { fclose(fp); return(-1); }

     fclose(fp);

     TStringList *struct_tstringlist = self;
     struct_tstringlist->COUNT_BYTES_FILE = n;

     return(n);
}





s64 SetLines(void *self, s64 numbers)
{
     TStringList *struct_tstringlist = self;

     if (numbers < 1) return(-1);
     if (numbers == struct_tstringlist->TStringList_Lines) return(0); 
//do nothing


     //New
     if (struct_tstringlist->TStringList_Lines == -1) {
         struct_tstringlist->TStringList = calloc(numbers, sizeof(char *));
         if (struct_tstringlist->TStringList == NULL) return(-1);
         struct_tstringlist->TStringList_Lines = numbers;

         //malloc
         //for (s64 n = 0; n < numbers; n++) 
struct_tstringlist->TStringList[n] = NULL;

         return(0);
     }

     //resize <
     if (numbers < struct_tstringlist->TStringList_Lines) {
         s64 diff = struct_tstringlist->TStringList_Lines - numbers;

         for (s64 n = diff - 1; n < 
struct_tstringlist->TStringList_Lines; n++) 
free(struct_tstringlist->TStringList[n]);

         struct_tstringlist->TStringList = 
realloc(struct_tstringlist->TStringList, numbers * sizeof(char *));
         struct_tstringlist->TStringList_Lines = numbers;

         return(0);
     }

     //resize >
     if (numbers > struct_tstringlist->TStringList_Lines) {
         s64 diff = numbers - struct_tstringlist->TStringList_Lines;

         char **tmp_ptr = struct_tstringlist->TStringList;
         tmp_ptr = realloc(tmp_ptr, numbers * sizeof(char *));
         if (tmp_ptr == NULL) return(-1);

         struct_tstringlist->TStringList = tmp_ptr;
         struct_tstringlist->TStringList_Lines = numbers;

         for (s64 n = diff - 1; n < 
struct_tstringlist->TStringList_Lines; n++) {
             struct_tstringlist->TStringList[n] = NULL;
         }


         return(0);
     }

     return(0);
}





s64 DynStrcpy (void *self, s64 number, char *newstring)
{
     TStringList *struct_tstringlist = self;

     if (number < 0 ) return(-1);
     if (struct_tstringlist->TStringList_Lines == -1) return(-1);
     if (struct_tstringlist->TStringList == NULL) return(-1);
     if (number >= struct_tstringlist->TStringList_Lines) return(-1);


     if (struct_tstringlist->TStringList[number] != NULL) 
free(struct_tstringlist->TStringList[number]);


     s64 len = strlen(newstring) + 1;
     struct_tstringlist->TStringList[number] = malloc(len * sizeof(char *));
     strcpy(struct_tstringlist->TStringList[number], newstring);

     return(0);

}





s64 DynStrcat (void *self, s64 number, char *newstring)
{
     TStringList *struct_tstringlist = self;

     if (number < 0 ) return(-1);
     if (number >= struct_tstringlist->TStringList_Lines) return(-1);
     if (struct_tstringlist->TStringList == NULL) return(-1);

     s64 len = strlen(struct_tstringlist->TStringList[number]) + 
strlen(newstring) + 1;

     struct_tstringlist->TStringList[number] = 
realloc(struct_tstringlist->TStringList[number], len * sizeof(char *));
     strcat(struct_tstringlist->TStringList[number], newstring);

     return(0);

}





s64 Del(void *self, s64 number)
{
     TStringList *struct_tstringlist = self;
     s64 lines_max = struct_tstringlist->TStringList_Lines;

     if (number < 0) return(-1);
     if (number >= struct_tstringlist->TStringList_Lines) return(-1);


     //if number = last line
     if (number == struct_tstringlist->TStringList_Lines - 1) {
         //delete
         free(struct_tstringlist->TStringList[number]);
         struct_tstringlist->TStringList = 
realloc(struct_tstringlist->TStringList, 
(struct_tstringlist->TStringList_Lines - 1) * sizeof(char *));
         struct_tstringlist->TStringList_Lines--;
         return(0);
     }

     //delete
     free(struct_tstringlist->TStringList[number]);

     //address last line -> delete line
     struct_tstringlist->TStringList[number] = 
struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines - 1];

     struct_tstringlist->TStringList = 
realloc(struct_tstringlist->TStringList, 
(struct_tstringlist->TStringList_Lines - 1) * sizeof(char *));
     struct_tstringlist->TStringList_Lines--;

     return(0);
}





s64 CountLines(void *self)
{
     TStringList *struct_tstringlist = self;
     return(struct_tstringlist->TStringList_Lines);
}






s64 DelDup(void *self)
{
     TStringList *struct_tstringlist = self;

     qsort(struct_tstringlist->TStringList, 
struct_tstringlist->TStringList_Lines, sizeof(char *), str_compare);

     s64 counter = 0;
     for (s64 n = struct_tstringlist->TStringList_Lines - 1; n > 0; n--) {
         if (strcmp(struct_tstringlist->TStringList[n - 1], 
struct_tstringlist->TStringList[n]) == 0) {
             free(struct_tstringlist->TStringList[n]);
             struct_tstringlist->TStringList[n] = 
struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines - 
1 - counter];
             counter++;
         }
     }


     struct_tstringlist->TStringList_Lines -= counter;
     struct_tstringlist->TStringList = 
realloc(struct_tstringlist->TStringList, 
struct_tstringlist->TStringList_Lines * sizeof(char *));

     return(0);
}





s64 StringLengthMax(void *self)
{
     TStringList *struct_tstringlist = self;
     return(struct_tstringlist->TStringList_Length_Max);
}





s64 LoadFromFile(void *self, char *file_name)
{
     long max_bytes = 0;
     int c;
     FILE *fp;
     long max_lines = 0;
     char *TEXT;
     long str_length = 0;



     fp = fopen(file_name, "r");
     if (!fp) return(-1);

     while ((c = fgetc(fp)) != EOF) {
         max_bytes++;
     }

     if (ferror(fp)) { fclose(fp); return(-1); }

     fseek(fp, 0, SEEK_SET);

     while ((c = fgetc(fp)) != EOF) {
         if (c == '\n') max_lines++;
     }

     fseek(fp, 0, SEEK_SET);


     TEXT = calloc(max_bytes, sizeof(char));
     if (TEXT == NULL) { fclose(fp); return(-1); }

     fread(TEXT, max_bytes, sizeof(char), fp);

     if (ferror(fp)) { fclose(fp); return(-1); }

     fclose(fp);

     //Zeilen reservieren
     TStringList *struct_tstringlist = self;

     struct_tstringlist->COUNT_LINES_FILE = max_lines;
     struct_tstringlist->COUNT_BYTES_FILE = max_bytes;

     struct_tstringlist->TStringList = calloc(max_lines, sizeof(char *));
     if (struct_tstringlist->TStringList == NULL) return(-1);

     long lines = 0;
     long start = 0;
     long len = 0;


     for (int n = 0; n < max_bytes; n++) {
         if (TEXT[n] == '\n') {
             if (n > start) {
                 struct_tstringlist->TStringList[lines] = malloc((n - 
start + 1) * sizeof(char));
                 strncpy(struct_tstringlist->TStringList[lines], 
&TEXT[start], n - start);

                 struct_tstringlist->TStringList[lines][n - start] = '\0';
                 len = n - start;
                 if (len > struct_tstringlist->TStringList_Length_Max) 
struct_tstringlist->TStringList_Length_Max = len;

                 start = n + 1;
                 lines++;
             }
             else start++;
         }
     }



     struct_tstringlist->TStringList_Lines = lines;

     if (struct_tstringlist->DelDUP == true) {
         qsort(struct_tstringlist->TStringList, 
struct_tstringlist->TStringList_Lines, sizeof(char *), str_compare);

         s64 counter = 0;
         for (s64 n = struct_tstringlist->TStringList_Lines - 1; n > 0; 
n--) {
             if (strcmp(struct_tstringlist->TStringList[n - 1], 
struct_tstringlist->TStringList[n]) == 0) {
                 free(struct_tstringlist->TStringList[n]);
                 struct_tstringlist->TStringList[n] = 
struct_tstringlist->TStringList[struct_tstringlist->TStringList_Lines - 
1 - counter];
                 counter++;
             }
         }

         struct_tstringlist->TStringList_Lines -= counter;
         struct_tstringlist->TStringList = 
realloc(struct_tstringlist->TStringList, 
struct_tstringlist->TStringList_Lines * sizeof(char *));
     }

     if (struct_tstringlist->SORT == true) {
         qsort(struct_tstringlist->TStringList, 
struct_tstringlist->TStringList_Lines, sizeof(char *), str_compare);
     }


     return(0);
}





//--------------------------------------------------------------------------------------------------------------------
s64 TStringListCreate(void *self) {


     TStringList *struct_tstringlist = self;


     struct_tstringlist->CountBytesFile = &CountBytesFile;
     struct_tstringlist->CountLinesFile = &CountLinesFile;
     struct_tstringlist->SetLines = &SetLines;
     struct_tstringlist->DynStrcpy = &DynStrcpy;
     struct_tstringlist->DynStrcat = &DynStrcat;
     struct_tstringlist->Del = &Del;
     struct_tstringlist->CountLines = &CountLines;
     struct_tstringlist->StringLengthMax = &StringLengthMax;
     struct_tstringlist->LoadFromFile = &LoadFromFile;
     struct_tstringlist->DelDup = &DelDup;
     struct_tstringlist->DynFree = &DynFree;
     struct_tstringlist->MaxStr = &MaxStr;
     struct_tstringlist->Add = &Add;
     struct_tstringlist->Sort = &Sort;
     struct_tstringlist->SetSort = &SetSort;
     struct_tstringlist->SetDelDUP = &SetDelDUP;


     struct_tstringlist->COUNT_BYTES_FILE = -1;
     struct_tstringlist->COUNT_LINES_FILE = -1;
     struct_tstringlist->TStringList_Length_Max = -1;
     struct_tstringlist->TStringList_Lines = -1;
     struct_tstringlist->DelDUP = false;
     struct_tstringlist->SORT = false;
     //(*struct_tstringlist).DelDUP = false;        //geht auch so

     return(0);
}


int ErrorMessage()
{
     printf("csafer, 2022/05 Peter Boettcher, Germany, Muelheim Ruhr\n");
     printf("VERSION            : C, LINUX VERSION\n");
     printf("\n");
     printf("\n");
     printf("SYSCALL     :  %ld\n", SYSCALL_NR);
     printf("\n");
     printf("Parameter   :  <SON>     Safer ON\n");
     printf("Parameter   :  <SOFF>    Safer OFF\n");
     printf("\n");
     printf("Parameter   :  <STAT>    Safer STAT\n");
     printf("\n");
     printf("Parameter   :  <PAON>    Safer Printk ALLOWED ON\n");
     printf("Parameter   :  <PAOFF>   Safer Printk ALLOWED OFF\n");
     printf("\n");
     printf("Parameter   :  <PDON>    Safer Printk DENY ON\n");
     printf("Parameter   :  <PDOFF>   Safer Printk DENY OFF\n");
     printf("\n");
     printf("Parameter   :  <SLOCK>   Safer DO NOT allowed any more 
changes\n");
     printf("\n");
     printf("Parameter   :  <SLON>    Safer MODE: LEARNING ON\n");
     printf("Parameter   :  <SLOFF>   Safer MODE: LEARNING OFF\n");
     printf("\n");
     printf("Parameter   :  <SVON>    Safer MODE: VERBOSE PARAM ON\n");
     printf("Parameter   :  <SVOFF>   Safer MODE: VERBOSE PARAM OFF\n");
     printf("\n");
     printf("Parameter   :  <SHOWON>  Safer MODE: SAFER SHOW ONLY ON\n");
     printf("Parameter   :  <SHOWOFF> Safer MODE: SAFER SHOW ONLY OFF\n");
     printf("\n");
     printf("Parameter   :  <PLIST>   Safer SET FILE LIST\n");
     printf("            :  <safer list>\n");
     printf("\n");
     printf("Parameter   :  <FLIST>   Safer SET FOLDER LIST\n");
     printf("            :  <safer list>\n");
     printf("\n");
     printf("Parameter   :  <SORT>    Safer LIST SORT\n");
     printf("            :  <safer list>\n");

     printf("\n");
     printf("\n");
     exit(0);
}







     TStringList all_list;
     TStringList folder_list;
     TStringList file_list;
     TStringList work_list;



//--------------------------------------------------------------------------------------------------
void main(int argc, char *argv[]) {



     s64 NUMBER = 0;


     if (argc == 2) {
         for(;;) {

             if (strcmp(argv[1], "SON") == 0) { NUMBER = SAFER_ON; break; }
             if (strcmp(argv[1], "SOFF") == 0) { NUMBER = SAFER_OFF; 
break; }

             if (strcmp(argv[1], "STAT") == 0) { NUMBER = STAT; break; }

             if (strcmp(argv[1], "PAON") == 0) { NUMBER = 
PRINTK_ALLOWED_ON; break; }
             if (strcmp(argv[1], "PAOFF") == 0) { NUMBER = 
PRINTK_ALLOWED_OFF; break; }

             if (strcmp(argv[1], "PDON") == 0) { NUMBER = 
PRINTK_DENY_ON; break; }
             if (strcmp(argv[1], "PDOFF") == 0) { NUMBER = 
PRINTK_DENY_OFF; break; };

             if (strcmp(argv[1], "SLOCK") == 0) { NUMBER = SAFER_LOCK; 
break; }

             if (strcmp(argv[1], "SLON") == 0) { NUMBER = 
PRINTK_LEARNING_ON; break; }
             if (strcmp(argv[1], "SLOFF") == 0) { NUMBER = 
PRINTK_LEARNING_OFF; break; }

             if (strcmp(argv[1], "SVON") == 0) { NUMBER = 
PRINTK_ARGV_ON; break; }
             if (strcmp(argv[1], "SVOFF") == 0) { NUMBER = 
PRINTK_ARGV_OFF; break; }

             if (strcmp(argv[1], "SHOWON") == 0) { NUMBER = 
PRINTK_SHOW_ON; break; }
             if (strcmp(argv[1], "SHOWOFF") == 0) { NUMBER = 
PRINTK_SHOW_OFF; break; }

             ErrorMessage();
         }



#ifdef VERSION_SYSCALL
         printf("%ld\n", syscall(SYSCALL_NR, 999900 + NUMBER));
#else
         printf("%ld\n", syscall(SYSCALL_NR, 0, 0, 0, 999900 + NUMBER));
#endif
         exit(0);
     }


     if (argc == 3) {

         for (;;) {
             if (strcmp(argv[1], "PLIST") == 0) { NUMBER = LIST_PROG; 
break; }
             if (strcmp(argv[1], "FLIST") == 0) { NUMBER = LIST_FOLDER; 
break; }
             if (strcmp(argv[1], "SORT") == 0) { NUMBER = SAFER_SORT; 
break; }
             ErrorMessage();
         }

         switch(NUMBER) {
             case 20:    TStringListCreate(&all_list);
                     TStringListCreate(&file_list);
                     all_list.SetDelDUP(&all_list, true);
                     all_list.LoadFromFile(&all_list, argv[2]);

                     if (all_list.TStringList_Lines == -1) ErrorMessage();

                     for (s64 n = 0; n < all_list.TStringList_Lines; n++) {
                         if (strncmp(all_list.TStringList[n], "a:", 2) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                             continue;
                         }

                         if (strncmp(all_list.TStringList[n], "ai:", 3) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                             continue;
                         }


                         if (strncmp(all_list.TStringList[n], "d:", 2) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                             continue;
                         }

                         if (strncmp(all_list.TStringList[n], "ga:", 3) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                             continue;
                         }


                         if (strncmp(all_list.TStringList[n], "gai:", 4) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                             continue;
                         }


                         if (strncmp(all_list.TStringList[n], "gd:", 2) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                         }
                     }

                     if (file_list.TStringList_Lines == -1 ) { 
printf("ERROR: NO ELEMENT IN LIST\n"); exit(1); }

                     file_list.Sort(&file_list);
                     TStringListCreate(&work_list);
                     char str_len [19];
                     sprintf(str_len, "%u", 
file_list.TStringList_Lines);    /* int to string */
                     work_list.Add(&work_list, str_len);
                     for (s64 n = 0; n < file_list.TStringList_Lines; n++) {
                         work_list.Add(&work_list, 
file_list.TStringList[n]);
                     }

                     /* Your choice */
                     for (s64 n = 0; n < work_list.TStringList_Lines; n++) {
                         printf("%s\n", work_list.TStringList[n]);
                     }

#ifdef VERSION_SYSCALL
                     printf("%ld\n", syscall(SYSCALL_NR, 999900 + 
NUMBER, work_list.TStringList));
#else
                     printf("%ld\n", syscall(SYSCALL_NR, 0, 0, 0, 999900 
+ NUMBER, work_list.TStringList));
#endif

                     exit(0);


             case 21:    TStringListCreate(&all_list);
                     TStringListCreate(&folder_list);
                     all_list.SetDelDUP(&all_list, true);

                     all_list.LoadFromFile(&all_list, argv[2]);
                     if (all_list.TStringList_Lines == -1) ErrorMessage();

                     for (s64 n = 0; n < all_list.TStringList_Lines; n++) {
                         if (strncmp(all_list.TStringList[n], "a:", 2) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] != 
'/') continue;
                             folder_list.Add(&folder_list, 
all_list.TStringList[n]);
                             continue;
                         }

                         if (strncmp(all_list.TStringList[n], "d:", 2) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] != 
'/') continue;
                             folder_list.Add(&folder_list, 
all_list.TStringList[n]);
                             continue;
                         }

                         if (strncmp(all_list.TStringList[n], "ga:", 3) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] != 
'/') continue;
                             folder_list.Add(&folder_list, 
all_list.TStringList[n]);
                             continue;
                         }

                         if (strncmp(all_list.TStringList[n], "gd:", 2) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] != 
'/') continue;
                             folder_list.Add(&folder_list, 
all_list.TStringList[n]);
                         }
                     }

                     if (folder_list.TStringList_Lines == -1 ) { 
printf("ERROR: NO ELEMENT IN LIST\n"); exit(1); }
                     folder_list.Sort(&folder_list);
                     TStringListCreate(&work_list);
                     sprintf(str_len, "%u", 
folder_list.TStringList_Lines);    /* int to string */
                     work_list.Add(&work_list, str_len);
                     for (s64 n = 0; n < folder_list.TStringList_Lines; 
n++) {
                         work_list.Add(&work_list, 
folder_list.TStringList[n]);
                     }

                     /* Your choice */
                     for (s64 n = 0; n < work_list.TStringList_Lines; n++) {
                         printf("%s\n", work_list.TStringList[n]);
                     }
#ifdef VERSION_SYSCALL
                     printf("%ld\n", syscall(SYSCALL_NR, 999900 + 
NUMBER, work_list.TStringList));
#else
                     printf("%ld\n", syscall(SYSCALL_NR, 0, 0, 0, 999900 
+ NUMBER, work_list.TStringList));
#endif

                     exit(0);



             case 30:    TStringListCreate(&all_list);
                     TStringListCreate(&file_list);
                     all_list.SetDelDUP(&all_list, true);
                     all_list.LoadFromFile(&all_list, argv[2]);

                     if (all_list.TStringList_Lines == -1) ErrorMessage();

                     for (s64 n = 0; n < all_list.TStringList_Lines; n++) {
                         if (strncmp(all_list.TStringList[n], "a:", 2) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                             continue;
                         }

                         if (strncmp(all_list.TStringList[n], "ai:", 3) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                             continue;
                         }

                         if (strncmp(all_list.TStringList[n], "d:", 2) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                             continue;
                         }

                         if (strncmp(all_list.TStringList[n], "ga:", 3) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                             continue;
                         }

                         if (strncmp(all_list.TStringList[n], "gai:", 4) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                             continue;
                         }



                         if (strncmp(all_list.TStringList[n], "gd:", 2) 
== 0) {
                             s64 last = strlen(all_list.TStringList[n]);
                             if (all_list.TStringList[n][last - 1] == 
'/') continue;
                             file_list.Add(&file_list, 
all_list.TStringList[n]);
                         }
                     }

                     if (file_list.TStringList_Lines == -1 ) { 
printf("ERROR: NO ELEMENT IN LIST\n"); exit(1); }

                     file_list.Sort(&file_list);
                     TStringListCreate(&work_list);
                     //char str_len [19];
                     sprintf(str_len, "%u", 
file_list.TStringList_Lines);    /* int to string */
                     work_list.Add(&work_list, str_len);
                     for (s64 n = 0; n < file_list.TStringList_Lines; n++) {
                         work_list.Add(&work_list, 
file_list.TStringList[n]);
                     }

                     for (s64 n = 0; n < work_list.TStringList_Lines; n++) {
                         printf("%s\n", work_list.TStringList[n]);
                     }

                     exit(0);

             ErrorMessage();
         }
     }

     ErrorMessage();

}























---------------------------------
TOOL
fpsafer.pas

same as csafer.c

---------------------------------


(* Copyright (c) 2022/03/28, Peter Boettcher, Germany/NRW, Muelheim Ruhr
  * Urheber: 2022/03/28, Peter Boettcher, Germany/NRW, Muelheim Ruhr

  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2, or (at your option)
  * any later version.

  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.

  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  *)

  (* FreePascal:
   * fpc fpsafer.pas
   *
  *)



(*
     Frontend for Linux SYSCALL Extension <execve>

     Autor/Urheber    : Peter Boettcher
             : Muelheim Ruhr
             : Germany
     Date        : 2023.11.15 - 2024.05.26

     Program        : fpsafer.c
             : Simple Frontend

             : Control Program for Extension <SYSCALL execve>
             : It only works as ROOT

             : If you use binary search, a sorted list ist required.

     List        : ALLOW and DENY list


     Control        :  0 = safer ON
             :  1 = safer OFF
             :  2 = State
             :  3 = printk allowed LOG ON
             :  4 = printk allowed Log OFF
             :  5 = LOCK changes
             :  6 = learning ON
             :  7 = learning OFF
             :  8 = Verbose LOG ON
             :  9 = Verbose LOG OFF
             : 10 = Safer Show LOG ON
             : 11 = Safer Show LOG  OFF
             : 12 = printk deny on
             : 13 = printk deny off

             : 20 = Set FILE List
             : 21 = Set FOLDER List

     ALLOW/DENY List    : 2 DIM. dyn. char Array = string
             : String 0 = Number of strings

             : a:USER-ID;SIZE;HASH;Path
             : d:USER-ID;SIZE;HASH;Path

             : ga:GROUP-ID;HASH;Path
             : gd:GROUP-ID;HASH;Path

             : ai:USER-ID;SIZE;HASH;PATH/python
             : a:ai:USER-ID;SIZE;HASH;PATH/python-script

             : Example:
             : a:100;1224;HASH;/bin/test        = allow file
             : a:100;1234;HASH;/bin/test1        = allow file
             : a:100;/usr/sbin/            = allow Folder

             : d:100;HASH;/usr/sbin/test        = deny file
             : d:100;/usr/sbin/            = deny folder

             : ga:100;usr/sbin/            = allow group folder
             : gd:100;/usr/bin/            = deny group folder
             : gd:101;1234;HASH;/usr/bin/mc        = deny group file
             : ga:101;1234;HASH;/usr/bin/mc        = allow group file



             : ai:100;1234;HASH;/bin/python        = allow file
             : a:100;1234;HASH;/bin/test1.py        = allow file

     program start    :
             : python = allone      = not allowed
             : python /PATH/test.py = allowed
             : test1.py             = allowed



             : It is up to the ADMIN to keep the list reasonable 
according to these rules!


     I would like to remember ALICIA ALONSO, MAYA PLISETSKAYA, CARLA 
FRACCI, EVA EVDOKIMOVA, VAKHTANG CHABUKIANI and the
     "LAS CUATRO JOYAS DEL BALLET CUBANO". Admirable ballet dancers.


*)


{$mode objfpc}{$H+}


Uses
     linux,
     syscall,
     sysutils,
     strutils,
     dateUtils,
     classes;


//{$define NEW_SYSCALLVERSION}
{$define SYSCALL_VERSION}

const
     {$ifdef SYSCALL_VERSION}
         SYSCALL_NR    = 59;
     {$else NEW_SYSCALLVERSION}
         SYSCALL_NR    = 501;
     {$endif SYSCALL_VERSION}

var
     WORK_LIST    : array of ^char;
     NUMBER        : qword;

     LIST        : TStringList;
     N_LIST        : TStringList;
     n        : qword;




const
     SAFER_ON = 0;
     SAFER_OFF = 1;

     STAT = 2;

     PRINTK_ALLOWED_ON = 3;
     PRINTK_ALLOWED_OFF = 4;

     PRINTK_DENY_ON = 12;
     PRINTK_DENY_OFF = 13;

     SAFER_LOCK = 5;

     PRINTK_LEARNING_ON = 6;
     PRINTK_LEARNING_OFF = 7;

     PRINTK_ARGV_ON = 8;
     PRINTK_ARGV_OFF = 9;

     PRINTK_SHOW_ON = 10;
     PRINTK_SHOW_OFF = 11;

     LIST_PROG = 20;
     LIST_FOLDER = 21;

     SAFER_SORT = 30;




Procedure ErrorMessage;
begin
     writeln('fpsafer, 2022/03 Peter Boettcher, Germany, Muelheim Ruhr');
     writeln('VERSION            : PASCAL 0, fpc, LINUX VERSION');
     writeln;
     writeln('FreePascal Project : www.freepascal.org');
     writeln('LGPL               : www.gnu.org');
     writeln('Special Thanks     : Niklaus Wirth');
     writeln;
     writeln('SYSCALL     :  ',  SYSCALL_NR);
     writeln;
     writeln('Parameter   :  <SON>     Safer ON');
     writeln('Parameter   :  <SOFF>    Safer OFF');
     writeln;
     writeln('Parameter   :  <STAT>    Safer STAT');
     writeln;
     writeln('Parameter   :  <PAON>    Safer Printk ALLOWED ON');
     writeln('Parameter   :  <PAOFF>   Safer Printk ALLOWED OFF');
     writeln;
     writeln('Parameter   :  <PDON>    Safer Printk DENY ON');
     writeln('Parameter   :  <PDOFF>   Safer Printk DENY OFF');
     writeln;
     writeln('Parameter   :  <SLOCK>   Safer DO NOT allowed any more 
changes');
     writeln;
     writeln('Parameter   :  <SLON>    Safer MODE: LEARNING ON');
     writeln('Parameter   :  <SLOFF>   Safer MODE: LEARNING OFF');
     writeln;
     writeln('Parameter   :  <SVON>    Safer MODE: VERBOSE PARAM ON');
     writeln('Parameter   :  <SVOFF>   Safer MODE: VERBOSE PARAM OFF');
     writeln;
     writeln('Parameter   :  <SHOWON>  Safer MODE: SAFER SHOW ONLY ON');
     writeln('Parameter   :  <SHOWOFF> Safer MODE: SAFER SHOW ONLY OFF');
     writeln;
     writeln('Parameter   :  <PLIST>   Safer SET FILE LIST');
     writeln('            :  <safer list>');
     writeln;
     writeln('Parameter   :  <FLIST>   Safer SET FOLDER LIST');
     writeln('            :  <safer list>');
     writeln;
     writeln('Parameter   :  <SORT>    Safer LIST SORT');
     writeln('            :  <safer list>');
     writeln;
     writeln;
     halt(0);
end;


Function strncmp(str0 : ansistring; str1 : ansistring; Elements : qword) 
: integer;
begin
     exit(CompareStr(copy(str0, 0, Elements), copy(str1, 0, Elements)));
end;



//simple
begin
     if ParamCount = 1 then begin

         while true do begin

             if ParamStr(1) = 'SON' then begin NUMBER := SAFER_ON; 
break; end;
             if ParamStr(1) = 'SOFF' then begin NUMBER := SAFER_OFF; 
break; end;

             if ParamStr(1) = 'STAT' then begin NUMBER := STAT; break; end;

             if ParamStr(1) = 'PAON' then begin NUMBER := 
PRINTK_ALLOWED_ON; break; end;
             if ParamStr(1) = 'PAOFF' then begin NUMBER := 
PRINTK_ALLOWED_OFF; break; end;

             if ParamStr(1) = 'PDON' then begin NUMBER := 
PRINTK_DENY_ON; break; end;
             if ParamStr(1) = 'PDOFF' then begin NUMBER := 
PRINTK_DENY_OFF; break; end;;

             if ParamStr(1) = 'SLOCK' then begin NUMBER := SAFER_LOCK; 
break; end;

             if ParamStr(1) = 'SLON' then begin NUMBER := 
PRINTK_LEARNING_ON; break; end;
             if ParamStr(1) = 'SLOFF' then begin NUMBER := 
PRINTK_LEARNING_OFF; break; end;

             if ParamStr(1) = 'SVON' then begin NUMBER := 
PRINTK_ARGV_ON; break; end;
             if ParamStr(1) = 'SVOFF' then begin NUMBER := 
PRINTK_ARGV_OFF; break; end;

             if ParamStr(1) = 'SHOWON' then begin NUMBER := 
PRINTK_SHOW_ON; break; end;
             if ParamStr(1) = 'SHOWOFF' then begin NUMBER := 
PRINTK_SHOW_OFF; break; end;

             ErrorMessage;
         end;;



{$ifdef SYSCALL_VERSION}
         writeln(do_SysCall(SYSCALL_NR, 0, 0, 0, 999900 + NUMBER));
{$else NEW_SYSCALLVERSION}
         writeln(do_SysCall(SYSCALL_NR, 999900 + NUMBER));
{$endif SYSCALL_VERSION}
         halt(0);
     end;

     if ParamCount = 2 then begin
         while true do begin
             if ParamStr(1) = 'PLIST' then begin NUMBER := LIST_PROG; 
break; end;
             if ParamStr(1) = 'FLIST' then begin NUMBER := LIST_FOLDER; 
break; end;
             if ParamStr(1) = 'SORT' then begin NUMBER := SAFER_SORT; 
break; end;
             ErrorMessage;
         end;

         case NUMBER of
             //FILES
             20:    begin
                     LIST := TStringList.Create;
                     LIST.Sorted := TRUE;
                     LIST.Duplicates := dupIgnore; //dupIgnore, 
dupAccept, dupError
                     List.CaseSensitive := TRUE;
                     try
                         LIST.LoadFromFile(ParamStr(2));
                     except
                         LIST.Free;
                         ErrorMessage;
                     end;

                     N_LIST := TStringList.Create;
                     N_LIST.Sorted := TRUE;
                     N_LIST.Duplicates := dupIgnore;
                     N_List.CaseSensitive := TRUE;

                     for n := 0 to LIST.Count - 1 do begin
                         if copy(LIST[n], 0, 2) = 'a:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(LIST[n], 0, 3) = 'ai:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(LIST[n], 0, 4) = 'gai:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(List[n], 0, 2) = 'd:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(List[n], 0, 3) = 'ga:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(List[n], 0, 3) = 'gd:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                         end;
                     end;

                     if N_LIST.count = 0 then begin writeln('ERROR: NO 
ELEMENT IN LIST'); halt(0); end;

                     setlength(WORK_LIST, N_LIST.COUNT + 
1);                    //RESERVIEREN
                     WORK_LIST[0] := 
StrAlloc(length(IntToStr(N_LIST.COUNT)));        //elements
                     StrpCopy(WORK_LIST[0], IntToStr(N_LIST.COUNT));

                     //Your choice
                     writeln(WORK_LIST[0]);

                     for n := 0 to N_LIST.COUNT - 1 do begin
                         WORK_LIST[n+1] := StrAlloc(length(N_LIST[n]) + 1);
                         StrpCopy(WORK_LIST[n+1], N_LIST[n]);
                         writeln(WORK_LIST[n+1]);
                     end;

                     {$ifdef SYSCALL_VERSION}
                     writeln(do_SysCall(SYSCALL_NR, 0, 0, 0, 999900 + 
NUMBER, qword(WORK_LIST)));
                     {$else NEW_SYSCALLVERSION}
                     writeln(do_SysCall(SYSCALL_NR, 999900 + NUMBER, 
qword(WORK_LIST)));
                     {$endif SYSCALL_VERSION}
                     halt(0);
                 end;

             //FOLDER
             21:    begin
                     LIST := TStringList.Create;
                     LIST.Sorted := TRUE;
                     LIST.Duplicates := dupIgnore; //dupIgnore, 
dupAccept, dupError
                     List.CaseSensitive := TRUE;
                     try
                         LIST.LoadFromFile(ParamStr(2));
                     except
                         LIST.Free;
                         ErrorMessage;
                     end;

                     N_LIST := TStringList.Create;
                     N_LIST.Sorted := TRUE;
                     N_LIST.Duplicates := dupIgnore;
                     N_List.CaseSensitive := TRUE;

                     for n := 0 to LIST.Count - 1 do begin
                         if copy(LIST[n], 0, 2) = 'a:' then begin
                             if LIST[n][length(LIST[n])] <> '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(List[n], 0, 2) = 'd:' then begin
                             if LIST[n][length(LIST[n])] <> '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(List[n], 0, 3) = 'ga:' then begin
                             if LIST[n][length(LIST[n])] <> '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(List[n], 0, 3) = 'gd:' then begin
                             if LIST[n][length(LIST[n])] <> '/' then 
continue;
                             N_LIST.add(List[n]);
                         end;
                     end;

                     if N_LIST.count = 0 then begin writeln('ERROR: NO 
ELEMENT IN LIST'); halt(0); end;

                     setlength(WORK_LIST, N_LIST.COUNT + 
1);                    //RESERVIEREN
                     WORK_LIST[0] := 
StrAlloc(length(IntToStr(N_LIST.COUNT)));        //elements
                     StrpCopy(WORK_LIST[0], IntToStr(N_LIST.COUNT));

                     //Your choice
                     writeln(WORK_LIST[0]);
                     for n := 0 to N_LIST.COUNT - 1 do begin
                         WORK_LIST[n+1] := StrAlloc(length(N_LIST[n]) + 1);
                         StrpCopy(WORK_LIST[n+1], N_LIST[n]);
                         writeln(WORK_LIST[n+1]);
                     end;

                     {$ifdef SYSCALL_VERSION}
                     writeln(do_SysCall(SYSCALL_NR, 0, 0, 0, 999900 + 
NUMBER, qword(WORK_LIST)));
                     {$else NEW_SYSCALLVERSION}
                     writeln(do_SysCall(SYSCALL_NR, 999900 + NUMBER, 
qword(WORK_LIST)));
                     {$endif SYSCALL_VERSION}
                     halt(0);
                 end;

             //FILES
             30:    begin
                     LIST := TStringList.Create;
                     LIST.Sorted := TRUE;
                     LIST.Duplicates := dupIgnore; //dupIgnore, 
dupAccept, dupError
                     List.CaseSensitive := TRUE;
                     try
                         LIST.LoadFromFile(ParamStr(2));
                     except
                         LIST.Free;
                         ErrorMessage;
                     end;

                     N_LIST := TStringList.Create;
                     N_LIST.Sorted := TRUE;
                     N_LIST.Duplicates := dupIgnore;
                     N_List.CaseSensitive := TRUE;

                     for n := 0 to LIST.Count - 1 do begin
                         if copy(LIST[n], 0, 2) = 'a:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(LIST[n], 0, 4) = 'gai:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(LIST[n], 0, 3) = 'ai:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(List[n], 0, 2) = 'd:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(List[n], 0, 3) = 'ga:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                             continue;
                         end;

                         if copy(List[n], 0, 3) = 'gd:' then begin
                             if LIST[n][length(LIST[n])] = '/' then 
continue;
                             N_LIST.add(List[n]);
                         end;
                     end;

                     if N_LIST.count = 0 then begin writeln('ERROR: NO 
ELEMENT IN LIST'); halt(0); end;

                     setlength(WORK_LIST, N_LIST.COUNT + 
1);                    //RESERVIEREN
                     WORK_LIST[0] := 
StrAlloc(length(IntToStr(N_LIST.COUNT)));        //elements
                     StrpCopy(WORK_LIST[0], IntToStr(N_LIST.COUNT));

                     writeln(WORK_LIST[0]);
                     for n := 0 to N_LIST.COUNT - 1 do begin
                         WORK_LIST[n+1] := StrAlloc(length(N_LIST[n]) + 1);
                         StrpCopy(WORK_LIST[n+1], N_LIST[n]);
                         writeln(WORK_LIST[n+1]);
                     end;

                     halt(0);
                 end;

             else ErrorMessage;
         end;

     end;

     ErrorMessage;
end.



















---------------------------------
example config file:


command:

csafer PLIST safer.conf
csafer FLIST safer.conf

or

fpsafer PLIST safer.conf
fpsafer FLIST safer.conf



#---------------------------------
part of safer.conf
#---------------------------------


#Achtung
#Ausdruecklich root nichts in /home erlauben. eigentlich nicht erforderlich.
d:0:/home/
gd:20000:/home/


#docker
a:0;/proc/

a:1003;/proc/
ga:20000;/proc/



#--------------------------------------------------------------
#test
#a:0;/home/
#d:0;72856;b7362ffec250678ad4d60b8cf0444091;/home/abc


#------------------------------------------------------------
#interpreter
#python
ai:1000;5479736;b2d95fb4e79f786c26dcf22f9b4cb97fd831a679a48135daeeac48e48fc58e69;/usr/bin/python3
ai:1000;3553696;cb73d86795116af6e270acdaa63d15de26291a2b433351851739de6421fb27e8;/usr/bin/python
a:10000;460;89994bedbe1375ffc2f085210441b5f5f525b664f7520fae439dd287a48e1924;/etc/safer/python/p.i.div




a:1000;466;67d02f4eab5492539a5c6e798d67c53f4801d7f04aed5e66f9a26d6aa9174bbf;/usr/sbin/p3.i.mul
a:1000;468;196dba9b4d884c9626c1572d9aa1d1fc9f18991807d1029d919ad3560d5cdcae;/usr/sbin/p3.i.div

a:0;14496;fadd2d1403da4a6fbb94f5ba4264ec2ebbe3aa833d3dfcc51c3004857080e9d8;/usr/bin/cls

ai:1000;5479736;b2d95fb4e79f786c26dcf22f9b4cb97fd831a679a48135daeeac48e48fc58e69;/usr/bin/python3
ai:1003;5479736;b2d95fb4e79f786c26dcf22f9b4cb97fd831a679a48135daeeac48e48fc58e69;/usr/bin/python3

#java
ai:0;14304;efef2156655f7095dec0a65491e6a25f6f7ea83d318e6ae466cb1b9333ef55bd;/usr/bin/java
a:0;14352;ee63c89ad8cd1099ee34edaabde789dce105d4e849b7b0a01bd910110383631d;/usr/bin/javac
a:0;773;8b077b5e324969ba56f169b2e497a35b32534572152824db5aae3d9d03f995e7;/etc/safer/java/HalloWelt.jar
a:0;423;28c121ad3da3319ec96f370b312c8eeebde8dbadf752a2fc573c929ce9a3b041;/etc/safer/java/HalloWelt.class


#ai:1000;14304;efef2156655f7095dec0a65491e6a25f6f7ea83d318e6ae466cb1b9333ef55bd;/usr/bin/java
gai:20000;14304;efef2156655f7095dec0a65491e6a25f6f7ea83d318e6ae466cb1b9333ef55bd;/usr/bin/java
ga:20000;773;8b077b5e324969ba56f169b2e497a35b32534572152824db5aae3d9d03f995e7;/etc/safer/java/HalloWelt.jar
ga:20000;423;28c121ad3da3319ec96f370b312c8eeebde8dbadf752a2fc573c929ce9a3b041;/etc/safer/java/HalloWelt.class



gai:20000;14304;efef2156655f7095dec0a65491e6a25f6f7ea83d318e6ae466cb1b9333ef55bd;/usr/lib/jvm/java-17-openjdk-amd64/bin/java
gai:20000;14368;be9c11011990619512f3f68a4f192bdc6d7153ec0941e9228da440190b300979;/usr/lib/jvm/java-11-openjdk-amd64/bin/java

ga:20000;1435;d007a3607218f5f055c2f35718c04efd22f6147240e67bbafec51fe71baa6891;/usr/lib/libreoffice/program/JREProperties.class
ga:20000;1740;a33f1601459d02460ed11040fc7dfaed1ba285fc801f8f80816546ec4b544b8f;/opt/libreoffice7.5/program/JREProperties.class

a:0;96968;0f72ae1f19c1361af0ec23ca1e499f11c459bf464a0cf5499873cf73a1b3b3a3;/usr/bin/bc




#perl
ai:0;3681152;8936dd645cc6f3c1fe23bf1de6128fcb505e737a02b00b2b916fbf0f628a998b;/usr/bin/perl
a:0;1485;038e33ff0fe099ce45e4ad763de87612ed770b95d007116225653d9beba74523;/etc/safer/perl/daytime.pl

#julia
ai:1000;18496;de06390d8a9b1ca1293d116dc68189f229a7b7a294ba1887eb15ed2df7f77fae;/usr/bin/julia
ai:0;18496;de06390d8a9b1ca1293d116dc68189f229a7b7a294ba1887eb15ed2df7f77fae;/usr/bin/julia

#php
ai:0;4760504;9780c2ccf2c49150ab6de2b685af91d922363b15b16af15dcb5e1156b1d10cad;/usr/bin/php
a:0;74;3d183c1619b556fad61202ec978593615c7f4c169c6dae0489225f4e1326109d;/etc/safer/php/php1.php
a:0;74;df076eac45e21c0cafbe60589554d29a5dc748a8493bbbeb0540803390526d96;/etc/safer/php/php.php







#--------------------------------------------------------------
#docker
#--------------------------------------------------------------
#debian
a:0;2228;71df780c5048354d192175751686be1fb12aa57556b4b91eb9c4d07bb0991d67;/usr/bin/on_ac_power
a:0;158376;d968a8636eb811f4176935cb50512f5a051b1854d720639675a105662dba0f4c;/usr/bin/awk
a:0;9099;2bf2bff98e94b686f1ca477ba4e7f5e8be972a70fc57f14144c5ba6300caf8f3;/usr/sbin/service
a:0;1155;a6b67423b7a7667a9c06f81a8e85b6e39bf80fc09141d944434ca234db0e904c;/usr/lib/mc/ext.d/web.sh
a:0;1155;a6b67423b7a7667a9c06f81a8e85b6e39bf80fc09141d944434ca234db0e904c;/usr/lib/mc/ext.d/web.sh
a:0;1265648;7ebfc53f17925af4340d4218aafd16ba39b5afa8b6ac1f7adc3dd92952a2a237;/usr/bin/bash
a:0;210968;fa00e11432d68470e2b429605cff856659892611eec3a0908af7e077d2295c27;/lib64/ld-linux-x86-64.so.2
a:0;31504;f92ee15ed2dfe4c0f5b857fc0be12d83d21b1b8aa79a6e574ed179ff1e24862e;/usr/bin/whereis
a:0;1074624;b8275e6cc29962f5a05188b5d7db189b765358d38758483c80a0a773780c4d6e;/usr/bin/mc
a:0;14568;fa62d52a85daab3c3f7a980ba32f9a44fdaf4d851d63a7a34b5672a6b7211b49;/usr/lib/mc/cons.saver
a:0;1265648;7ebfc53f17925af4340d4218aafd16ba39b5afa8b6ac1f7adc3dd92952a2a237;/bin/bash
a:0;72824;26b4d4643e3791f277ee734b162428347164435a20456643e5346bfffb60d1a9;/usr/bin/ln
a:0;1074624;b8275e6cc29962f5a05188b5d7db189b765358d38758483c80a0a773780c4d6e;/usr/bin/mcedit
a:0;102200;44741cf49aded8a77eb97499f9d9e42e572918513560e2c0a033c0860c3b36cd;/usr/bin/df
a:0;14584;c6543c0d7d5479fc76c1808f9e5a033b54b67e35f2ec1663b7c354267e2adfb6;/usr/bin/cls
a:0;317320;2d08025f8af56a059847a151c18da55c922c788ea3ec3e2f568204f98ab4a7b1;/usr/bin/htop
a:0;78408;12f7f00cb1bf15d2d8c55966ad2d9da9db25df952c81889abf936859f2e41f29;/usr/bin/ping

a:0;9099;b25b0d0bb747dda5b6e4b9c0c27e8b6257051922a347272c79ab4891ec85f5bf;/usr/sbin/service
a:0;125640;f5adb8bf0100ed0f8c7782ca5f92814e9229525a4b4e0d401cf3bea09ac960a6;/bin/sh
a:0;43856;bc0828b09781a8b19a6d31f23f3f6e0d4e2f216490dc1d1e98321f684cbfe0a2;/usr/bin/basename
a:0;48536;615c46b39130a04a08da04163542ce7ce1164fa4b35408efb43aac0a8a9f7ae5;/usr/bin/env

a:0;4579;d856e15d5604ac0f430afe70b90ead159314049c431292f0c6a07238d0717627;/etc/init.d/nginx
a:0;44016;008f819498fe591f3cc920d543709347d8d14a139bb3482bc2cd8635c1b3162e;/bin/cat
a:0;27560;fe6b936df0b3de8d55d502413bed14be48a1804b09e18aed76bf7ca63f3e8a5c;/bin/run-parts
a:0;48080;eb93339329ad9ecf68acf3e7cc3415cea3a1d25e1885b4a0e42bdb70063b7ca9;/bin/head

a:0;203152;9a9c5a0c3b5d1d78952252f7bcf4a992ab9ea1081c84861381380a835106b817;/bin/grep
a:0;158376;301315e7e2e964b4e403824b3f6c7ad8db1023e4ce87e6f6c92bf367e047f311;/bin/awk
a:0;44464;76841860cdb3a3afabcb7fd9dbcdb2d059519f007f5a480678fd061da0ed3ce8;/sbin/start-stop-daemon
a:0;1260032;92d6f8de6c27c9b7f27c04e7041eea59abcf3ed50c22bf9b982ffecb2174385c;/usr/sbin/nginx
a:0;43888;4add4bb89d8ca0e3b1bd861130ddd7ae0fd9617a8055de0a38c8d2ca1ac95723;/bin/sleep

a:0;151344;cb30d69b24245bf2ecdc9e7f53bbad19159999970b6d82c0c00c7d32d9e37aa4;/usr/bin/ls
a:0;210968;fa00e11432d68470e2b429605cff856659892611eec3a0908af7e077d2295c27;/lib64/ld-linux-x86-64.so.2


#--------------------------------------------------------------
#ubuntu
a:0;88144;ce4b725a963c92a9f179f08f0df04272a6e56231f985ac8170aa610d3d4e4288;/sbin/ifdown
a:0;320;f68f766bebb7737e4d8331b4515ff67ae332837bb4a59670ff1b7a5d5b453386;/usr/bin/man
a:0;35328;3bc0dba021341fba9049a14564366d93be2e68d355581868bb5f650a5d919b01;/usr/bin/groups
a:0;39432;53a0f3f6fb2986081c68b40ed6a0c5b8ac43def56e53c5fb5d09cd464e6aefca;/usr/bin/dircolors
a:0;14568;d0b3d96f68ccb893f24b2d0d4f3162e1eaa9abe0f4e33008c0d5692d0c651709;/usr/bin/mesg
a:0;150016;e57cf0c3467e61143b4f8eabfbe0029bcfe1ebd3eb6eb98bbe0951d828d7bc63;/usr/bin/du
a:0;43432;41884442b983a7889fe80b78d7eee3b84a1169a61c6e979e036b4445287f3d70;/usr/bin/wc
a:0;158504;740c7f7d632d487adf557244715b6b448554b49e49c25587882ac4ff731b73af;/usr/bin/awk
a:0;43968;21867f7f24754a61e64e3b902adb34d65776f477ce1d492ebf9aa86ebfea4d3a;/usr/bin/env
a:0;9097;a1c6975e1dbaf1ac353b49996b3b6b2112a1e35e3bf84b739165ac84005dcd93;/usr/sbin/service
a:0;35328;d060e07070978679888acc139f4fde2a158bcd7dba22015ef1ab24df6fe9d282;/usr/bin/basename
a:0;108960;f7d2b5e6814d65f87dfa2306d5034f75735dc715f0db33895c05bc47e16f4ff9;/usr/bin/expr
a:0;39424;14b1780838a0a4f25a187410539f68269d93c3da11be84344e10f3ecca1ea9dc;/usr/bin/id
a:0;31232;adff5b545b080ac7d42546bc3b9cd3cede85cdd64aad33f1df16c3b93f571d42;/usr/bin/whoami
a:0;35280;e2e4a02c29a87f4c47eec446d246798925a57772cfb7d7af46d700959c5e2d6f;/bin/cat
a:0;27176;49a47ef3f234d31d5f526a6b279451bec6b6fdc8280b977b11ca2adfab4611ce;/bin/run-parts
a:0;92672;0d31ceed11600069e665736d38d9c161923e5d3de4d049f2006e9121eb6c2c08;/usr/bin/touch
a:0;1396520;2c336c63e26881d2f02f34379024e7c314bce572c08cbaa319bacbbec29f93ed;/bin/bash
a:0;240936;4d2657934fc7442f86bd1258a7c6440aeab584add04f0c3dae6c6f4610c612f4;/lib64/ld-linux-x86-64.so.2
a:0;35328;7737c02bd7d750a6e1489a9599736310cb9de8dbf9f110412a82deb2546e9370;/usr/bin/groups
a:0;39432;3a7e4ec42e36d19f87fba109180bc7263d7c31bedcf0506ad444c142bc29c3f4;/usr/bin/dircolors


a:0;1103352;1501bd6009b8849029d1a8097bcec8e49d9d6fc66d313f0ed5b70463843a67f8;/usr/bin/mc
a:0;14640;beec22a99ad12ae4233b0c4306b9b6153df11edb2b6a73d39bfb56c00103cc43;/usr/lib/mc/cons.saver

a:0;283144;c436995a1790379cc502650638551cb52ded4ca7be6c599596064b0c04da5fce;/usr/bin/nano
a:0;1103352;1501bd6009b8849029d1a8097bcec8e49d9d6fc66d313f0ed5b70463843a67f8;/usr/bin/mcedit
a:0;14640;beec22a99ad12ae4233b0c4306b9b6153df11edb2b6a73d39bfb56c00103cc43;/usr/lib/mc/cons.saver
a:0;26864;5b8ed969b21b3ed55eb5fdb6ce3ddcb9989c041d3df991fb323f4bd795717cd8;/usr/bin/free
a:0;85064;b416059d22259e077632190ae01301516168ce0a075c251c276eed55e7d7793d;/usr/bin/df
a:0;283840;a65f1ebc545b7602f59056134cefc31001b578c026a21f3bf1a2f6f2bbf55e19;/usr/bin/htop


a:0;320;1150abfca60bce252e8a6a449719fec697aa8ac844ae330882a1618a78db05b7;/usr/bin/man
a:0;125688;4f291296e89b784cd35479fca606f228126e3641f5bcaee68dee36583d7c9483;/bin/sh




a:0;9097;8cb36beb5ab42abef8131504d58a1af425b0202051c2743666597fa45fc5d035;/usr/sbin/service
a:0;125688;4f291296e89b784cd35479fca606f228126e3641f5bcaee68dee36583d7c9483;/bin/sh
a:0;35328;aceee0bcbfb3eea45142a59e64ee5dff789d3de539993a7fad37988aa6422614;/usr/bin/basename
a:0;43968;9b5a2c349d5f54684960e3282e56dadce404ce27bb136bd3b3f6bc18390d4d40;/usr/bin/env
a:0;35280;dd5526c5872cce104a80f4d4e7f787c56ab7686a5b8dedda0ba4e8b36a3c084c;/bin/cat
a:0;27176;6662ac8211738cab5e9c8138f92c9f54319a1892ec3da24f47620d46963671a8;/bin/run-parts
a:0;35280;dd5526c5872cce104a80f4d4e7f787c56ab7686a5b8dedda0ba4e8b36a3c084c;/bin/cat
a:0;43520;8d9c49a5f7219522582e3b89d87dd528599f2383039c63401f55705dcae8a369;/bin/head
a:0;182728;73abb4280520053564fd4917286909ba3b054598b32c9cdfaf1d733e0202cc96;/bin/grep
a:0;158504;dc157030a32367742480403025a6f731275b07d039238d167ade535e6f3eb98e;/bin/awk
a:0;26968;6287b4f0dc1e95a810d6737d2aa71d7433bf83988916103590b941525e44427f;/usr/bin/tput
a:0;108960;3ef43371e88b02f18f9bb069a8345517e6a0a44d6c88e5c67b0e829044dc7459;/usr/bin/expr
a:0;48488;0af2d0e5cd23f9d7d2be72c9ac134d1ca5a96768bec2c6bdbc62838f295fb02f;/sbin/start-stop-daemon
a:0;1240136;c817dce0a80d4183b3b12f8509e6b5ec14ee157d5f030657b43aab9fc9de3d0c;/usr/sbin/nginx
a:0;35328;8b2e8564da06c4712a580fd7bd91a236ad3f891ae6ba0a50b117bbe050d328f0;/bin/sleep

a:0;138208;ad9ba0724dc5d457f6f36dbd646db34773fff2ded43551aca6cf55d5d288d8b8;/usr/bin/dir
a:0;138208;8696974df4fc39af88ee23e307139afc533064f976da82172de823c3ad66f444;/usr/bin/ls


a;4304;1f6f4198272208d4595b25aeecc5069dcf4ae68b709da1214f56b47cb2122e99;/check
a:0;400;2ac940d3144ea22a49f4cc7b0bcc8fe78ce8d197f5382be2d4abac0dce2e96f6;/check
a:0;400;a9a31ac9ab34a248afff6064ed45371b0799de0cd24fb5e9ce37f67e54368a37;/check
a:0;472;fe87220353164b279682f902127128ed8fa67e4cf51577a031bce6034368e651;/check
a:0;472;fe87220353164b279682f902127128ed8fa67e4cf51577a031bce6034368e651;/check
a:0;400;ece4026fcacb01b0ee9b7eee1811b4b45945e414dfbbf4f80443ddf41ed5b4c4;/check
a:0;4304;1f6f4198272208d4595b25aeecc5069dcf4ae68b709da1214f56b47cb2122e99;/check
a:0;340;4f7067f1f72b55ad3d4f48a8a096745d4d6cdf01e88a1aa754cda080b721ba8d;/check


a:0;31560;652a029a904a095af89d3f3de7aa577d04c87439896e80bd6b50b0c52d153bb6;/usr/bin/whereis




#---------------------------------------------------------------
#root

#test
a:0;52;3d577acd78f3c19345f89805b1dd8dd2aa49a6b56847381801e64e63d511cf91;/etc/safer/glibc.fehler

a:0;26776;1e386f769fb341cfb8d17b58aa7c4fd3dd2ac70cedbc75a340229c904879db28;/sbin/csafer
a:0;932096;66de6aabc35a5a9ad7597eda1ba073de7ca04b4644ad06f26c1277b9adf6e6df;/sbin/fpsafer


a:0;1196248;04eb0adcebbb29965bba61860fb2620f6259bf1da6680afe91edfd432f252e5b;./tools/objtool/objtool
a:0;4784;f2f312526fdb71824d0b52aa82879fec2699b7d38cdd41d74c3c3e451e4bc669;/lib/modules/6.10.1/build/scripts/config


#---------------------------------------------
#root
#initramfs begin
a:0;170168;cc76e8741f2d36478c049eb3410db6173bbecaa01bfe9fa52f9b2e2b3584aa62;/sbin/modprobe
a:0;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:0;6301;078e9d839dbdbcf7a63c93e208e94b5baa3b8432cf4c9ad5e983613543ba1ff6;/init
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/bin/sh
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/bin/mount
a:0;384;d6e4045a43660a69a33d623c8dc8fb3fd219def71efacf75dccc4bd024ca497f;/scripts/init-top/all_generic_ide
a:0;296;e3fd2f67b92756f053ee3045c45f4d40ba957bf310f2ca64c11f80f6f25604a1;/scripts/init-top/blacklist
a:0;167;2d04d7d7705d1c06cb9fff4c5290c02e719120e43ac65c387f00d8ef37b2d4cf;/scripts/init-top/keymap
a:0;229;fff1dc28c42d101d6e959edb8d5f6bdc96a81495c26aa872db4c484eb8697f87;/bin/setupcon
a:0;14976;1521008b8d42b6661ab4abcb89ea3a48040bd88867d36217cb41be44df0b9549;/bin/kbd_mode
a:0;220304;ca4b67ce227b7301dea1dcfc6b4ca23bea789936aabf695fed601e71eed2ac7c;/bin/loadkeys
a:0;658;0b375e793f70de3329064fa1efcefee7d59e054aff46ce885c73e9a6aeb08f5f;/scripts/init-top/udev
a:0;342552;b0cc8b09827d118d019e4cba3c8b845cfb8618a84e66e5d8e12750977636aa8d;/sbin/udevd
a:0;358872;6f4cdacffafc0bc4dc7d5f9614ca7b95f577a64e6dbc331ba84d5ec3b99f380a;/sbin/udevadm
a:0;321;ff35f886ce26d27358eb635531d9f42be6b84558cb982673c710ede9516cdce3;/scripts/init-premount/brltty
a:0;757;48387c4868e05dc729d57988b58f195de78906b3e15ad94c5bd2233de7fb01c6;/scripts/local-top/cryptopensc
a:0;356;73d7cb791d3907e4c4a3f4fb53435c4cdcf4ce2aa7b076c914a2c568a82e04d7;/scripts/local-top/dmraid
a:0;29464;fde66c477e3a6be1d4a76b36bbbbf88aa4b143f7e53e93d149b995369792b4df;/sbin/dmraid
a:0;970;0308f526fe8d0f963335e0394fd2af3484947d39856a5756dfeaec3bf007d53e;/scripts/local-top/lvm2
a:0;8630;099f79e829383fa100a8b3522c0442e686ab972b5966417a97f3341efd92d937;/scripts/local-top/cryptroot
a:0;2042;49669fdd14b6c0ba7af5c5d59df30f2a233b2d56474ff046b0185df7c8861825;/scripts/local-premount/bcachefs
a:0;1003016;b9af1dc56c247213bab54c55c8aeadbe97828ea5bda62eb6daa6fa9b8e5d3212;/sbin/bcachefs
a:0;274;642807af4437aa1c88a764933169a3907b90e8bff4714191b65d56b6a517f49d;/scripts/local-premount/btrfs
a:0;829136;8188995eef2a4e18779a6ced422af0322688ce3c859d2cc8245142e0b08579d2;/bin/btrfs
a:0;226;1d5253aa05e2fc6ca4cb887296a1b1324b403b27fda74e368995c701336f1c25;/scripts/local-premount/ntfs_3g
a:0;863;e8b4ec9ba6e78965e9c054cd296291b3ed1441b3eef25c9c94b8a37afee53b3a;/scripts/local-premount/resume
a:0;10048;981049085412a4e02f9958fbe227fafeb89dc6ea79e3c95dd2d75fd98d5cffeb;/bin/fstype
a:0;74688;f406be2c852e5f5506ceece7aae140dd3752cfda9d9a9ab320cbf0a4408d0c99;/lib/klibc-YUkGbOClhnaZRUUd4cUed0X2XZI.so
a:0;253;4af31bf99d709441e447bb878160582775f952712725f2024f17de9eca3f13ff;/scripts/local-bottom/cryptgnupg-sc
a:0;449;a797ac8a0eebd5e3a0441ceb63c275b5619dfabedff3839d791a0f72e22629ff;/scripts/local-bottom/cryptopensc
a:0;307;bb5859e98734587f7ecde5f6b15b31764de26e2144521c8ecd3390e1f5153ce0;/scripts/local-bottom/cryptroot
a:0;46;b869c815c88f44df40f61b32f3f61c2aefe8139d354cfe8cb59ba9e95aae84f9;/scripts/local-bottom/mdadm
a:0;345;a9fc8e10ba7af2a21513b88f2443c0bfeae129f370e02592776ff31f246b7227;/scripts/local-bottom/ntfs_3g
a:0;403;b7d524c5c0f085c4aa7470b36a7707ed158d09d7ffa6bc9bdb47c7e2b5f30cf5;/scripts/init-bottom/udev
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/sbin/run-init
a:0;69032;7dcb9f56914ade0a6ca742c0cacae7b8744942f1361ac843b48590957c314e61;/bin/findmnt
a:0;55576;2fadedb310f95335d57b1f3f6d23d5c3b7c7a5e135106f0129db9de41ea9476b;/sbin/fsck
a:0;47336;c3b4bd4e603601ea5076f111b3db14a8787c1bae65ba00ba510bbe71c697d0fe;/usr/bin/setterm
a:0;18664;4557fc5d5ef43aa9054a88fdf27b5e7162b1c12ece0dad231d17d0b298ea1e37;/bin/mountpoint


#initramfs end








#---------------------------------------------------------------------------

#test
ai:0;170168;cc76e8741f2d36478c049eb3410db6173bbecaa01bfe9fa52f9b2e2b3584aa62;/sbin/insmod
a:0;134880;9793ed58a238fedb23fcfb8e87d83d21b8f48c9252027a1d954e995acd056fbb;/lib/modules/6.10.1/kernel/drivers/md/raid10.ko



a:0;31618;9157ed73f17869072813203d7f764639b3d75e055bb24d73988cc0d53b18b386;/etc/init.d/vboxdrv
a:0;4404;dd02be4d81fb89591ae0ef73e4539a92bd4920619b65f44286034b5312c59e3c;/etc/init.d/vboxautostart-service
a:0;6716;47ec69031bc41ea14d74ea84e1c424d3a729a0bb19463444c47c0784a3b2e44e;/etc/init.d/vboxweb-service
a:0;6773;0810c6134472f7c7bde79c51f9e5dd893a4a09d46c12e511b504908d07c4d69b;/etc/init.d/vboxballoonctrl-service
a:0;1778;ce52b721c12709997dfb2bd29602256541854807ca1fbee9fb9f481b95fe1468;/usr/lib/virtualbox/VBoxCreateUSBNode.sh
a:0;2938824;48cf66e72731afbe1646a202c9e696e2184fb0dd93e63146d29124bcd24ee4fe;/usr/lib/virtualbox/VBoxManage

a:0;4784;f2f312526fdb71824d0b52aa82879fec2699b7d38cdd41d74c3c3e451e4bc669;/lib/modules/6.10.1/build/scripts/config
a:0;2994;a2a4856c5491e1c8b84230348a41added61deaa465db4d850ce42bfe30f0ee6b;/usr/share/virtualbox/src/vboxhost/build_in_tmp
a:0;8201;0b2d64c7a4cc85ef7c07d66e8751f7a8918798114e69016da0b2d962bf217bae;/usr/lib/virtualbox/check_module_dependencies.sh
a:0;170168;cc76e8741f2d36478c049eb3410db6173bbecaa01bfe9fa52f9b2e2b3584aa62;/sbin/depmod




a:0;991016;345c39e470af8c13b492768944c1373b06ad45ad4c598cdcd343806888c468a7;/sbin/ldconfig


a:0;17324;718ff57f27652ccaf5835e14376f9e1b405b168fa0458b94f73252be03317102;/usr/sbin/update-rc.d
a:0;113048;9b47f67c96360600a36fd974ae592cd823752ff5a304f93d73bf03f9b0cc944c;/usr/bin/jmtpfs
a:0;888456;563d0d0a29e99ffe9886b229b35b7bea925f1c18df1b1417c30ee3535d8bf1b7;/usr/sbin/sshd



a:0;44424;489d9c376f8423849bc86bbb93a6e1de4a6c932dcde89f2ae3d2b35efb78aaed;/usr/sbin/hddtemp
a:0;901008;d94603e67194e522f91e85c2dd392dd578e42e34e4f5e2feb0e3a7e99cb0dc16;/usr/sbin/smartctl
a:0;31472;60681804e78a8fbc1cb9992b060fb789b30404539d719f28e75d6cd404bdba09;/usr/bin/sensors
a:0;817704;693abcb42e67fb871673f258a3644257ca69a209691ec4d8137a42442834bd19;/usr/bin/gcc
a:0;31648;28cabd05e190bc623bed6c2fdcdcf19acaa009fb02fd59a22c9791c41e8d72ab;/usr/bin/strings
a:0;60384;475a0af7fb2aeffd33a379ce5d1f2aa9f4bee566f21e7ce75ab55d2d9e4a081a;/usr/bin/who
a:0;56160;35063e9a799095a82ba0d0f1197152cfcdddf9356d5cdc16cb6e8d7e56c02e5c;/usr/bin/realpath

a:0;255;fe217144cef121a91ed18b8d42bc66bde711547dbfe867eef7631e53287321b4;/etc/cron.daily/calendar
a:0;30952;eb6d84427a5ada852028f5df9580cfa46c578fac533109d593e7a9de7443dd62;/usr/bin/ionice
a:0;35128;20545229851fb715ec8d2b04f6deea495702806b8f783c3ca2d5cd13a422ca78;/usr/bin/flock


a:0;184008;82228c8615a226c611a7b962fe722caf2bad00965116d817826fec56f0bc2683;/usr/bin/pager
a:0;55336;fc50cc3d9427fb8c15d041b3b179425057bea6d1bf6420b73898d44e39254453;/bin/locale




#----------------------------------------------------------------------------------------
a:1000;71912;c96cb2a75eb1361b05dc9a181a9e63ae3de0384e4d79c4b8e8d0a3f150577cbc;/bin/su
a:1000;64;14ba3d7bdcbb89824ccf411393060b605913e6ff5ed01d9589f3eb3db7007926;/daten//glibc.fehler


a:1000;14840;e666accbf7cdc7ac98fe451a4dc8380766bdbade2effac00424ec15586b4831b;/opt/libreoffice7.5/program/javaldx
a:1000;19000;bbbb1a2eb80ed00d2ab8188bbccc2066eddec29c1ca1731f2643b0620f9b73aa;/usr/lib/libreoffice/program/javaldx



#a:1000;15269;8dc4718f1d4270b66baa6640715bed293446cb8615d27ca0f619225c2b94cce8;/usr/lib/mc/extfs.d/uzip

a:1000;1796512;0f174ca5f8e9e84d77143fa6b0aa28b479ae1e6b1b8c38d2580cbb2e7c7a683e;/usr/bin/dicomscope
a:1000;63920;651b873cc0aa2c284a0f1d07662f6fb8a0fd5e752b840d6de85ed72f2067194e;/usr/lib/binfmt-support/run-detectors
a:1000;86;8ddc57e3a2c149ebe5432f8870b01b965510669e5bdc9dbcbd0cc42fccbe6c67;/usr/bin/jardetector
a:1000;14320;02016ff9c0da1f1204c24200c34317cf047c8668e3f03bb027a9750d9c8a17e8;/usr/bin/jar
a:1000;2248;974349bbadc15cc6cb9c5a111b25c5bfc918077a2f2cef737751336819fdd50c;/usr/bin/jarwrapper
a:1000;48064;e7162f1ea7ddaff3eadc9e871d296451235c9c295645b01aab38c2e4b8c34bdb;/bin/mktemp
a:1000;51872;15aa33090f5ca437f711db6e8c98390e1a5913d02992f4fce4a7e3a1f53719f6;/usr/bin/fastjar
ai:1000;3681152;8936dd645cc6f3c1fe23bf1de6128fcb505e737a02b00b2b916fbf0f628a998b;/usr/bin/perl


a:1000;797480;19269e22521f8e5aacbb47ec9b868abe8214fe4cfad7c36de3a7cadf2d1f7cc4;/usr/bin/ssh





#----------------------------------------------------------------------------------------
#group all

ga:20000;31400;e58629082e06b943d2c85a5f275afc694799ac6f6360298d20fd71004d100d16;/usr/bin/whereis

ga:20000;2765616;a3040a5c0454d9d3e07780a8aaedebd4b4b977eb3314d1cda81b6ca25694671d;/usr/lib/virtualbox/VirtualBox
ga:20000;5878;f11dfff14b70e34886a4ea3086ce591b60f124cb31f379703833538f96a1101b;/usr/bin/virtualbox
ga:20000;8555296;e7f2cabb2bb665e22da7d6562e97930f5f302b636f7cddab8cd08053e26b4558;/usr/lib/virtualbox/VBoxSVC

ga:20000;55336;fc50cc3d9427fb8c15d041b3b179425057bea6d1bf6420b73898d44e39254453;/bin/locale
ga:20000;55336;fc50cc3d9427fb8c15d041b3b179425057bea6d1bf6420b73898d44e39254453;/usr/bin/locale


ga:20000;72840;0273014b3ca3c0bfea114a55ff758c036895c74fe56fea8cc2470fe6171a8bb4;/bin/ln
ga:20000;43840;f2ea4402bdb62b5f151c23028d671fafe0392131294116f88b77fb66d6384460;/usr/bin/fold
ga:20000;3046;8293421fa6cff1023cb9dd4120a9a558f098dc87c596928d76f26d8f9df5ed4c;/usr/bin/x-session-manager
ga:20000;260496;54955f70fbea11d7bf1936cf2037a1a15f0475482013b3a18faddfbbb20fe6bd;/usr/bin/xfce4-session
ga:20000;28144;0ac9fd38af903ba7df04f7ee1e815a0754437ad2f6c5451c5c93f7a4b04304ce;/usr/bin/xmessage



ga:20000;175360;54efbba524703e89f128f3fe9aa53eec4e152f91b327d4bb3926b2f492bc5b6e;/usr/bin/du

ga:20000;162352;8c9310a4fef6d8557d40ea116e1c51e5896a7b10a1c5470c6bc9d8a1de04505d;/bin/cpio
ga:20000;151168;4ad96abf4ede1c952d1eb05a301ffbfeda9765b9aa518cfe0074fd2969109fe8;/bin/cp
ga:20000;47904;d93d79bc89491701522ba604cb8993753ee8eb63d51b0021492f7bf1d507c4c8;/usr/bin/cmp

ga:20000;37640;feb61e95aed348e18aa4416d9b250a7be3ab9119aba21dedd1bff215caa64284;/usr/bin/cal

ga:20000;534048;88ecee8d0936f033f554daf33b832fec2937d483e793eb53c69c681163f25a0b;/usr/bin/rdesktop


ga:20000;407768;b1ccfb2e0adc7c2d4e1824a2f72fd0f4d9fa02f50669401537e79b66c07eb9e5;/usr/bin/simple-scan



a:1003;937984;3f621b1eef41b98de3f1f04689e801103cff0db02f6d8f71ecab7b37a7cf2cc3;/usr/libexec/xdg-desktop-portal

a:1003;14664;b232291933e8f13993c54bf0c184ef0bffa325996f9b29dd54046dbd8dc7ea80;/usr/lib/x86_64-linux-gnu/libexec/kf5/kdesu_stub

a:1003;30712;420b903ea2457f8a3161ad8be1c99b3eb017bf4673562a9035acf0c0e7cea883;/usr/bin/dbus-launch
a:1003;244928;54dfc2ed53a6bc2e24320154066a59284f6d3d299623ef21aeb9592b3a91261f;/usr/bin/dbus-daemon


a:1003;1219216;53473e1529d3a9802b70ccb648352bd633c44ec09761f48296e01c62e9d564e9;/usr/bin/kolourpaint
a:1003;1234376;d86b21405852d8642ca41afae9dcf0f532e2d67973b0648b0af7c26933f1becb;/bin/bash
a:1003;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:1003;125560;f3bf59164816762430e8cdf5a5d64b4284a86af86245a52067c533c8cd98f215;/bin/sh
a:1003;52680;fe2a721d2d781adc0a2fef761cebb351fb4ddecfa942dcfab4cedf405e1d1836;/usr/bin/xauth
a:1003;39472;097a1bbb53acf4020eae1937e59d52b0e2651226ae78c5751672271511a3bc87;/usr/bin/iceauth



a:1003;5432;2cf1df0b93bb8b6aceb1d4b48ed6917f028ee5f2d179860d1c878c8bbd213d06;/opt/thunderbird/thunderbird
a:1003;789032;26b3b8adc6042e0652e66c0d6b221371b5b0e8e6a4a4b38fb770337588dc823e;/opt/thunderbird/thunderbird-bin


a:1003;27072;2c8f410a953e795e6387e3823ef8fb2874859120ffa7f2aac2e4faa37e95aa61;/opt/thunderbird/glxtest

a:1003;3638;484b6a9de8b41aa9310a305b64c092e473ee73bead994e52c4271c66df9ba3c8;/usr/bin/lsb_release

a:1003;244416472;50fe5ae596f81d45129edbb38df1d153fda0cc1b8e6c11d7e650dbeef9e46427;/opt/google/chrome/chrome


a:1003;52032;4cd4f001e88b7dc250852fa712fd960132a73f12fd9351c4e1391c541bd419dc;/bin/readlink
a:1003;39712;86a44c16148c40f4765601dd056180a76ac7b34fca3f474f98d4229ee9f21c27;/usr/bin/dirname
a:1003;85184;6b3ab9e9994a1a81a69e3a12a0b4a4c5eeb65b7a3e81e9ce65a71fc65078aabf;/bin/mkdir
a:1003;43936;e9165e34728e37ee65bf80a2f64cd922adeba2c9f5bef88132e1fc3fd891712b;/bin/cat
a:1003;38397;2f8589103045fa34702cd476060df6aeb6623b4f0765ee70c6f6d0014c4dbece;/usr/bin/xdg-settings
a:1003;30856;8ba8d769c807849220b6c9003423cb4b19219117ec186852ebfa45c99f882d2f;/usr/bin/dbus-send
a:1003;50224;1f37fa2b7d1e26a9f96604a17f118be44ec53ba68620ec5d4fde3710e0a9fcc1;/usr/bin/xprop
a:1003;203072;5212564899a46d5c342f3f49b42587446794a5b06389942db3145154a3fcd5c8;/bin/grep
a:1003;39744;44804d166aea77032b661059e6b70f860cb146b4ac25c0ad9cc9683c3b62b0f8;/bin/uname
a:1003;42126;13fabfe59c74aa2f52521b4403ff1a512a152de4d15d98fe9b61c7537dd54d8d;/usr/bin/xdg-mime
a:1003;56160;9cbbc6abdd1348e4d84de8814b68b59ccf5e7602601e1939f2a6e15997b6c48f;/usr/bin/tr
a:1003;48032;aee3ca7e450d891011150526269fe3023a8884f8e750437bb1ddf5bb9d5f5174;/usr/bin/cut
a:1003;694624;dc883511e9a83c37c421f40ebdcc0086a3275a06014634e38d8b5cf46856132b;/usr/bin/awk
a:1003;39712;efe5a5b339c257372a4daacfb99f7aa1228ab1ddec8a8e6df4f05860af9a2c0e;/usr/bin/basename
a:1003;946;7bdde142dc5cb004ab82f55adba0c56fc78430a6f6b23afd33be491d4c7c238b;/usr/bin/which
a:1003;14352;f092a2742c7310da18bf4ff6837591041bd7d75b6d029b93c25e2c741bfab885;/opt/firefox/firefox
a:1003;675160;3e338a3810a689229ef91faa5fd2737197a135e304be012f4e6c92adc1fb0ed2;/opt/firefox/firefox-bin
a:1003;1219216;53473e1529d3a9802b70ccb648352bd633c44ec09761f48296e01c62e9d564e9;/usr/bin/kolourpaint
a:1003;59656;ddced0d3d2244ee1c7aa830aae1bfbb61b2f5795ba87d389193a4b2b848b6f76;/usr/bin/kdeinit5
a:1003;14560;b1fd9d1760c5d82dac603e2c2e2e5c2575f4e4fda39e0d0fccb809aac1fc1a38;/usr/lib/x86_64-linux-gnu/libexec/kf5/kioslave5

a:1003;5368;94706f30a7e16594501affb54d523c984855af50f3b67f624d3abbd6c7d9f4ae;/opt/firefox/firefox
a:1003;916080;f7afa769c743d8be9c7e7ed11b47da25a68ab624a38b73f422bfb54f3ae4139f;/opt/firefox/firefox-bin


a:1003;31264;b54c3622a2b95fa53c4bc2b631c11920a85c9aead7d0214afacf8aa9b56d6ddd;/opt/firefox/glxtest

a:1003;218036352;ee607e7d8ca211ca0c06dbb995e7b1d0c02c3a7a4e2f4f5627d7023026b24b65;/opt/opera/opera

#a:1003;5683832;d9e8cb5f74cb47a4ff0d62ee3226075c818d289b5555142605862b9f2f53ff44;/opt/opera/opera_autoupdate
#a:1003;1339992;0bdd308ace84af73c9b01494c0879e6014a8b6943eda4b6290454f8708afb1e7;/opt/opera/opera_crashreporter
a:1003;26075;faec92df30f89fa338d9fba723e010265ffd062b41decd7885b1ff8fd46cc529;/usr/bin/xdg-open




#-----------------------------------------------------------------------------
#colord
a:113;362856;76f0938901d8a9a3d06a9247b89ef0f5634c5eba3a65f9d836f048f2c8781856;/usr/libexec/colord
a:113;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:113;18584;c8b5a547e26dfa04cae6855e76985464c83275ba0da870b23d0fa5b2402bcb7a;/usr/libexec/colord-sane






#-----------------------------------------------------------------------------
#man page
a:6;125560;f3bf59164816762430e8cdf5a5d64b4284a86af86245a52067c533c8cd98f215;/bin/sh
a:6;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:6;76152;d907ee7791050903ce57bf6d15735711476a387a4d25a63e40969b0968ec59a8;/usr/bin/xargs
a:6;311008;2ad499c88e0343f5c414e38f810cb3505fd83ac5b1d4d690fb0967f450f52233;/usr/bin/find
a:6;138392;6f773a6c72fc9f77dc5cffc06accc497e0bae07a3fe3f31ba2cd800ed3e304c3;/usr/bin/mandb







#-----------------------------------------------------------------
#cups/lp
a:7;174424;892c38c58dd0fa71a9fb9194968fa36856db8743ffeccb917fc5501a180bc864;/usr/lib/cups/filter/pdftopdf
a:7;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:7;125560;f3bf59164816762430e8cdf5a5d64b4284a86af86245a52067c533c8cd98f215;/bin/sh
a:7;101408;a822be429afafc8b5876ba18b7dd3ccb5b7721ac88b13e94262fe795e879be07;/usr/bin/touch
a:7;64448;b6365e442b815fc60e2bc63681121c45341a7ca0f540840193ddabaefef290df;/bin/chmod
a:7;203072;5212564899a46d5c342f3f49b42587446794a5b06389942db3145154a3fcd5c8;/bin/grep
a:7;39680;369d57c05e6621ac31b8a58e68efb6be7b5c2ae71c26e37845a5ed3ea15fbaa3;/usr/bin/printenv
a:7;122224;6baa01dd34e2b67590865b24b92cc9b6c43a2566e4803ea5630e41b00a846827;/bin/sed
a:7;151168;4ad96abf4ede1c952d1eb05a301ffbfeda9765b9aa518cfe0074fd2969109fe8;/bin/cp
a:7;48064;e7162f1ea7ddaff3eadc9e871d296451235c9c295645b01aab38c2e4b8c34bdb;/bin/mktemp
a:7;43936;e9165e34728e37ee65bf80a2f64cd922adeba2c9f5bef88132e1fc3fd891712b;/bin/cat
a:7;175500;9cc99c379376d7ab686179c21a7609f4a53a56cc51dc653b133642451827eb56;/lib/ld-linux.so.2
a:7;72704;4adcaeb3700af8910af3c791511d12b5b53c9e62ec09af1fd2674d93866b3522;/bin/rm
a:7;27056;0c87595d87bb6590a8eea1cfb2aa59d8e95cc5585cb52db7d579c1bcf7cf77c4;/usr/bin/file
a:7;909;c153d8fbc178ea6e576ddca45edcc23ed933bf9dc715fdd074148041107d5de8;/usr/bin/pdf2ps
a:7;39712;86a44c16148c40f4765601dd056180a76ac7b34fca3f474f98d4229ee9f21c27;/usr/bin/dirname
a:7;14520;bbe665e1bddfe0f6c6cafabed9659a6fd47e2ba2d4e7b2cf3d88cec4b7dbbafe;/usr/bin/gs
a:7;694624;dc883511e9a83c37c421f40ebdcc0086a3275a06014634e38d8b5cf46856132b;/usr/bin/awk
a:7;946;7bdde142dc5cb004ab82f55adba0c56fc78430a6f6b23afd33be491d4c7c238b;/usr/bin/which
a:0;135128;7574177379fa7bb833265faadd423282df8d8113ac1556366616d6be41911b4b;/usr/lib/x86_64-linux-gnu/cups-pk-helper-mechanism
a:7;555;d4ca356244ed5bcd1a509fd6343b96c8c2289c3f1864fb32f972f2875269e0ab;/usr/lib/cups/filter/gstopdf
a:7;63808;2d2d0cb7a1c54da384354eafaa0a88cbb523d9ef708786de43e05fd43f4a97c8;/usr/lib/cups/filter/gstoraster
a:7;555;d4ca356244ed5bcd1a509fd6343b96c8c2289c3f1864fb32f972f2875269e0ab;/usr/lib/cups/filter/gstopdf
a:7;26792;5411ebc1d838c35e74d9c63954070b67c2e095bebd8d609d0b5706b51c035d43;/usr/lib/cups/backend/driverless
a:7;30872;20bf4b9647ff722f5fa7c9e743c6e83bb5c5dad8717aef198460a0783692269a;/usr/lib/cups/backend/snmp
a:7;174424;892c38c58dd0fa71a9fb9194968fa36856db8743ffeccb917fc5501a180bc864;/usr/lib/cups/filter/pdftopdf
a:7;125560;f3bf59164816762430e8cdf5a5d64b4284a86af86245a52067c533c8cd98f215;/bin/sh
a:7;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:7;43240;b86a2fc5064ad7c1870dfa7a5d81917986417dd5ef5bd3b52a9dfa4df83d7043;/usr/lib/cups/backend/socket
a:7;64448;b6365e442b815fc60e2bc63681121c45341a7ca0f540840193ddabaefef290df;/bin/chmod
a:7;39680;369d57c05e6621ac31b8a58e68efb6be7b5c2ae71c26e37845a5ed3ea15fbaa3;/usr/bin/printenv
a:7;122224;6baa01dd34e2b67590865b24b92cc9b6c43a2566e4803ea5630e41b00a846827;/bin/sed
a:7;151168;4ad96abf4ede1c952d1eb05a301ffbfeda9765b9aa518cfe0074fd2969109fe8;/bin/cp
a:7;48064;e7162f1ea7ddaff3eadc9e871d296451235c9c295645b01aab38c2e4b8c34bdb;/bin/mktemp
a:7;203072;5212564899a46d5c342f3f49b42587446794a5b06389942db3145154a3fcd5c8;/bin/grep
a:7;43936;e9165e34728e37ee65bf80a2f64cd922adeba2c9f5bef88132e1fc3fd891712b;/bin/cat
a:7;72704;4adcaeb3700af8910af3c791511d12b5b53c9e62ec09af1fd2674d93866b3522;/bin/rm
a:7;27056;0c87595d87bb6590a8eea1cfb2aa59d8e95cc5585cb52db7d579c1bcf7cf77c4;/usr/bin/file
a:7;909;c153d8fbc178ea6e576ddca45edcc23ed933bf9dc715fdd074148041107d5de8;/usr/bin/pdf2ps
a:7;39712;86a44c16148c40f4765601dd056180a76ac7b34fca3f474f98d4229ee9f21c27;/usr/bin/dirname
a:7;14520;bbe665e1bddfe0f6c6cafabed9659a6fd47e2ba2d4e7b2cf3d88cec4b7dbbafe;/usr/bin/gs
a:7;694624;dc883511e9a83c37c421f40ebdcc0086a3275a06014634e38d8b5cf46856132b;/usr/bin/awk
a:7;946;7bdde142dc5cb004ab82f55adba0c56fc78430a6f6b23afd33be491d4c7c238b;/usr/bin/which
a:7;80120;fd75296170266046c54554249e4f714b39466ad644d024b173f2b5ef91b5fbc0;/usr/lib/cups/backend/http
a:7;537;8e49d137f5ca0f8cc0824262f6286a2697635ba74f4918bfb18ef757142fa774;/usr/lib/cups/backend/driverless-fax
a:7;80120;fd75296170266046c54554249e4f714b39466ad644d024b173f2b5ef91b5fbc0;/usr/lib/cups/backend/ipp
a:7;26776;098b9fa04a21202e0e60e3fab91374b8d83a12d372b174ed141b9a6f5c17b334;/usr/lib/cups/backend/parallel
a:7;317072;85c777c9645139d14b167e045c3dd136a4b99082bd1a6e60cf672dc67d9ae11f;/usr/lib/cups/backend/gutenprint53+usb
a:7;14488;7d1350a295b21d0767de78cea1d5f1266b6eb1e55a7ab2018dc97ef8c5989aed;/usr/lib/cups/backend/beh
a:7;43256;37d97bbe6fda76e09bf44e821c0f041ec6bd27ae95719486134ba77c3236aa6c;/usr/bin/ippfind


#--------------------------------------------------------------------------------
#_apt
a:100;28191;42d698778e869d04053a78404377ac4df1853ca05f23082e31345ec80608d399;/usr/bin/apt-key
a:100;125560;f3bf59164816762430e8cdf5a5d64b4284a86af86245a52067c533c8cd98f215;/bin/sh
a:100;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:100;26856;4e286f7679a7a6ad024ba78706b67166f6bec5bc972b9a61f836e18f1314bc6c;/usr/bin/apt-config
a:100;313888;c92aa5a52a7aa420e5ca32e61297aadd695be7f2dc5bb99eb40b105f31b35d04;/usr/bin/dpkg
a:100;48064;e7162f1ea7ddaff3eadc9e871d296451235c9c295645b01aab38c2e4b8c34bdb;/bin/mktemp
a:100;64448;b6365e442b815fc60e2bc63681121c45341a7ca0f540840193ddabaefef290df;/bin/chmod
a:100;52032;4cd4f001e88b7dc250852fa712fd960132a73f12fd9351c4e1391c541bd419dc;/bin/readlink
a:100;72704;4adcaeb3700af8910af3c791511d12b5b53c9e62ec09af1fd2674d93866b3522;/bin/rm
a:100;101408;a822be429afafc8b5876ba18b7dd3ccb5b7721ac88b13e94262fe795e879be07;/bin/touch
a:100;47904;d93d79bc89491701522ba604cb8993753ee8eb63d51b0021492f7bf1d507c4c8;/usr/bin/cmp
a:100;43936;e9165e34728e37ee65bf80a2f64cd922adeba2c9f5bef88132e1fc3fd891712b;/bin/cat
a:100;311008;2ad499c88e0343f5c414e38f810cb3505fd83ac5b1d4d690fb0967f450f52233;/usr/bin/find
a:100;118408;1646c86cb8fb94e9abc6a4b87550fd94cc4439e1d12888e30dc642fe84a41fc9;/usr/bin/sort
a:100;151168;4ad96abf4ede1c952d1eb05a301ffbfeda9765b9aa518cfe0074fd2969109fe8;/bin/cp
a:100;122224;6baa01dd34e2b67590865b24b92cc9b6c43a2566e4803ea5630e41b00a846827;/bin/sed
a:100;449400;1c64b8f6c581b976507c8ca0d11dd702ab242416421d6a07a83a1d6610910faa;/usr/bin/gpgv
a:100;166496;1124ae4a35a0aafb6f3b26216ebce3ef265ae8154957a5dc7968e1da6a600fa3;/usr/bin/gpgconf
a:100;150400;3ab3ca4a2df0dab1f35689372ac8083669206d9ff8fd35befcf2f2df984c69d6;/usr/bin/gpg-connect-agent




#--------------------------------------------------------------------------------
a:102;51336;e04aa48609f92454087d28197d06c7cdfe622ee84feb6d3381b18f77be932162;/usr/lib/dbus-1.0/dbus-daemon-launch-helper
a:102;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
















---------------------------------------------------------------
example
part of /proc/safer.learning
---------------------------------------------------------------

INFO learning

FILES:

FILE learning LIST LEN       : 309


a:0;170168;cc76e8741f2d36478c049eb3410db6173bbecaa01bfe9fa52f9b2e2b3584aa62;/sbin/modprobe
a:0;177928;1c654e88d721c9ac659b48400d20b5310ead8c6d15eeaf695d507d00d59ef490;/lib64/ld-linux-x86-64.so.2
a:0;6301;078e9d839dbdbcf7a63c93e208e94b5baa3b8432cf4c9ad5e983613543ba1ff6;/init
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/bin/sh
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/bin/mount
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/proc/self/exe
a:0;384;d6e4045a43660a69a33d623c8dc8fb3fd219def71efacf75dccc4bd024ca497f;/scripts/init-top/all_generic_ide
a:0;296;e3fd2f67b92756f053ee3045c45f4d40ba957bf310f2ca64c11f80f6f25604a1;/scripts/init-top/blacklist
a:0;167;2d04d7d7705d1c06cb9fff4c5290c02e719120e43ac65c387f00d8ef37b2d4cf;/scripts/init-top/keymap
a:0;229;fff1dc28c42d101d6e959edb8d5f6bdc96a81495c26aa872db4c484eb8697f87;/bin/setupcon
a:0;14976;1521008b8d42b6661ab4abcb89ea3a48040bd88867d36217cb41be44df0b9549;/bin/kbd_mode
a:0;220304;ca4b67ce227b7301dea1dcfc6b4ca23bea789936aabf695fed601e71eed2ac7c;/bin/loadkeys
a:0;658;0b375e793f70de3329064fa1efcefee7d59e054aff46ce885c73e9a6aeb08f5f;/scripts/init-top/udev
a:0;342552;b0cc8b09827d118d019e4cba3c8b845cfb8618a84e66e5d8e12750977636aa8d;/sbin/udevd
a:0;358872;6f4cdacffafc0bc4dc7d5f9614ca7b95f577a64e6dbc331ba84d5ec3b99f380a;/sbin/udevadm
a:0;321;ff35f886ce26d27358eb635531d9f42be6b84558cb982673c710ede9516cdce3;/scripts/init-premount/brltty
a:0;757;48387c4868e05dc729d57988b58f195de78906b3e15ad94c5bd2233de7fb01c6;/scripts/local-top/cryptopensc
a:0;356;73d7cb791d3907e4c4a3f4fb53435c4cdcf4ce2aa7b076c914a2c568a82e04d7;/scripts/local-top/dmraid
a:0;29464;fde66c477e3a6be1d4a76b36bbbbf88aa4b143f7e53e93d149b995369792b4df;/sbin/dmraid
a:0;970;0308f526fe8d0f963335e0394fd2af3484947d39856a5756dfeaec3bf007d53e;/scripts/local-top/lvm2
a:0;8630;099f79e829383fa100a8b3522c0442e686ab972b5966417a97f3341efd92d937;/scripts/local-top/cryptroot
a:0;2042;49669fdd14b6c0ba7af5c5d59df30f2a233b2d56474ff046b0185df7c8861825;/scripts/local-premount/bcachefs
a:0;1003016;b9af1dc56c247213bab54c55c8aeadbe97828ea5bda62eb6daa6fa9b8e5d3212;/sbin/bcachefs
a:0;274;642807af4437aa1c88a764933169a3907b90e8bff4714191b65d56b6a517f49d;/scripts/local-premount/btrfs
a:0;829136;8188995eef2a4e18779a6ced422af0322688ce3c859d2cc8245142e0b08579d2;/bin/btrfs
a:0;226;1d5253aa05e2fc6ca4cb887296a1b1324b403b27fda74e368995c701336f1c25;/scripts/local-premount/ntfs_3g
a:0;863;e8b4ec9ba6e78965e9c054cd296291b3ed1441b3eef25c9c94b8a37afee53b3a;/scripts/local-premount/resume
a:0;10048;981049085412a4e02f9958fbe227fafeb89dc6ea79e3c95dd2d75fd98d5cffeb;/bin/fstype
a:0;74688;f406be2c852e5f5506ceece7aae140dd3752cfda9d9a9ab320cbf0a4408d0c99;/lib/klibc-YUkGbOClhnaZRUUd4cUed0X2XZI.so
a:0;253;4af31bf99d709441e447bb878160582775f952712725f2024f17de9eca3f13ff;/scripts/local-bottom/cryptgnupg-sc
a:0;449;a797ac8a0eebd5e3a0441ceb63c275b5619dfabedff3839d791a0f72e22629ff;/scripts/local-bottom/cryptopensc
a:0;307;bb5859e98734587f7ecde5f6b15b31764de26e2144521c8ecd3390e1f5153ce0;/scripts/local-bottom/cryptroot
a:0;46;b869c815c88f44df40f61b32f3f61c2aefe8139d354cfe8cb59ba9e95aae84f9;/scripts/local-bottom/mdadm
a:0;345;a9fc8e10ba7af2a21513b88f2443c0bfeae129f370e02592776ff31f246b7227;/scripts/local-bottom/ntfs_3g
a:0;403;b7d524c5c0f085c4aa7470b36a7707ed158d09d7ffa6bc9bdb47c7e2b5f30cf5;/scripts/init-bottom/udev
a:0;2011200;1c0fed8ff0edac6a3ab9d8b609af7539c4d226a0021bbbe0b579396e04ac062f;/sbin/run-init
a:0;92544;e673d22233914f69da6b7af3b38e7c3aff18526d36c5d40d9c44679193369d7a;/lib/systemd/systemd
a:0;210976;4e4ee4c72387fd8e27661728af322ccb62d5a3f9183e20b271e1d12e07e87480;/lib64/ld-linux-x86-64.so.2
a:0;178448;c6dd853884a0df890e1b66366bbc269f18bc6fd6fb7d4b4a19a735f07d1ca4ae;/sbin/modprobe
a:0;84536;5138a643a5affb4ae5c4bea349666512595a8bd0a617af66bff771d1be5bc2be;/usr/lib/systemd/system-generators/nfs-server-generator
a:0;35336;7be0a1a9f8651a8d61d61aa26a9f477c2360ff652484e7c4d6797f6c22fce0ca;/usr/lib/systemd/system-generators/systemd-cryptsetup-generator
a:0;899;addb7f1ca1f7a204237511c6358ae542268291e33124a056575d6f1409316fb5;/usr/lib/systemd/system-generators/openvpn-generator
a:0;31032;3e18ce86ffd27ce51095a38c78d5712fdc7ddf3f6c0949480feb43ed6135ecb7;/usr/lib/systemd/system-generators/systemd-gpt-auto-generator
a:0;39264;04957d804962539c9d40fa8a2cc623a04072789e16fff5473066348d323f298e;/usr/lib/systemd/system-generators/rpc-pipefs-generator
a:0;14640;d100f0e4a74c4d704f0daac302c9b24098465c2a00a16744655a51995e292953;/usr/lib/systemd/system-generators/systemd-rc-local-generator
a:0;18888;b9e2c34a125ae01fc1b1d13e65ead70584ef0712c12f0ca5b88b7e9a8e5cf3ac;/usr/lib/systemd/system-generators/systemd-debug-generator
a:0;31096;f2bda13f4424a0470c9070668b065b914dcd6db4d7c4bd1a335ec2619f803736;/usr/lib/systemd/system-generators/systemd-sysv-generator
a:0;22832;cf5e56093d000ca9edce5cf3c6392e074b46a16230f270f062163dd4d2846335;/usr/lib/systemd/system-generators/systemd-getty-generator
a:0;43616;e85c4ea7ccac5de36530e44e9f36550f136ac501e42d3018504196d350f2b45c;/usr/lib/systemd/system-generators/systemd-fstab-generator
a:0;14776;fe05cc270fc6e32464744973efdda1b2e11052ff9da8e3434c976d09566b472e;/usr/lib/systemd/system-generators/systemd-hibernate-resume-generator
a:0;22936;3db84c11c362288abe9d77c221296bc8709572bb0709dfbe706958b99a3ecc83;/usr/lib/systemd/system-generators/systemd-integritysetup-generator
a:0;14776;78eccdd11990a27ac0275ece87b736e145a3a7689de88d2029a380ec3793a039;/usr/lib/systemd/system-generators/systemd-run-generator
a:0;14640;aa8370abb3aba1324d14f108afbf40d60f9532f3f81c861b64f4f61fe5db861f;/usr/lib/systemd/system-generators/systemd-system-update-generator
a:0;31248;dfaaf73699caa12b80673942978a3357ea316a09e47e973691b52de097a54899;/usr/lib/systemd/system-generators/systemd-veritysetup-generator
a:0;125640;f5adb8bf0100ed0f8c7782ca5f92814e9229525a4b4e0d401cf3bea09ac960a6;/bin/sh
a:0;97552;ba74b1a15a5b9b7929a595f45103d7fbe722840b7211d313dd4872893f031fb9;/usr/bin/mkdir
a:0;151344;cb30d69b24245bf2ecdc9e7f53bbad19159999970b6d82c0c00c7d32d9e37aa4;/usr/bin/ls
a:0;59704;83e4e0e5b9317f9a1e87790c923bf92120d89e2b05baae78c54c100c75563488;/bin/mount
a:0;390;f79265d2ad5b43ed44bbd6efa2b002f007cc97b369e45238b5385f35cdc00587;/lib/console-setup/keyboard-setup.sh
a:0;178448;c6dd853884a0df890e1b66366bbc269f18bc6fd6fb7d4b4a19a735f07d1ca4ae;/bin/kmod
a:0;3164824;58f8121b8f4b637e4c4576f17b519e63d3df036c023d960a61c2a613967ee724;/sbin/lvm
a:0;170496;91dca27b2f4e03ab19d9341aa6118d0fe0c2f169010a9ca3f5613b67e1e1cab0;/lib/systemd/systemd-journald
a:0;358;874bf484f844ad1003255481c36b04bfba66051ed021b4c859c79beb3c232ea2;/etc/console-setup/cached_setup_keyboard.sh
a:0;26936;0b1acc7b55d04e84e12b57337e912d2b541dea7c410e847bc3f66378d7be2e7a;/lib/systemd/systemd-fsck
a:0;18912;51e3b5795ede0be423995d576c47a650562bb15cbb1dbe784ee95405a24ed8c4;/lib/systemd/systemd-modules-load
a:0;1336848;e19e6302e04650a221c84462ebf04d8d9af28d46c0db840bb6f80f4a165ac3b1;/usr/bin/udevadm
a:0;72752;58e8be37049deaaacaf56196d507584b94e87a35a524db0c0459eb5ee6ae4b8c;/usr/bin/rm
a:0;55664;78c0b3a725e7c909d549d0ee01021ab66643f5c3f3d8f55bac1e12b10f0399c6;/sbin/fsck
a:0;2594;8d5f0d75d277ac0eea85bb7dadb7edc2f86b07db7e6e42603756f45f5a323d50;/usr/sbin/fsck.xfs
a:0;27000;aa1161b6351c24478727f8f5919248896b02454f51db0006bb2a00c5c3f25213;/lib/systemd/systemd-fsckd
a:0;18736;cf7fe3ae6d011cd13f02894f8390f9e1e1a792cd6c6563da24807aad82d3f346;/lib/systemd/systemd-remount-fs
a:0;23008;dcb355bd3c3541c281e0d09ae80bd5f140453f331646cc88098b789981e9569a;/lib/systemd/systemd-sysctl
a:0;51512;1c3011375d9ba2f2f0f867e1bcd38dd72ad613cfc3232b5dbe469449ad6b38eb;/sbin/swapon
a:0;76432;3ac549ef150d957b7aef3e11db55062862c09c1581213e118f53ad98dd06a966;/usr/bin/journalctl
a:0;22832;b55c4ca2d7332ec80c4e1cdaef007ce62df7463859acd9a7ebf159320e3caa03;/lib/systemd/systemd-random-seed
a:0;60088;98ac83d0fd26e09ac86e9fa8dd8dff759a9bd1f162b1ab64020cff50f35aa6c3;/usr/bin/systemd-sysusers
a:0;88232;6090a833f6006182549861d34f2da2712fe965dd47e10d1ad8f9e59cd96b05e6;/usr/sbin/ifquery
a:0;113224;e0d10626764729cc3b2e9022a57470b8ebcc95322a71efbbc09907124f28e9fb;/usr/bin/systemd-tmpfiles
a:0;920;26565008e9dbc7332fd999dbe92fb66b2410b66460b2c844b836de672d6040d8;/lib/console-setup/console-setup.sh
a:0;35664;c79bf44242829108e323378531f4ac839513ca1fba45efd6583643526e1e9fd2;/bin/true
a:0;88232;6090a833f6006182549861d34f2da2712fe965dd47e10d1ad8f9e59cd96b05e6;/sbin/ifup
a:0;43888;ed210303cc81299ad2bf8804d4a2f1e2853ad34f6307a3114b48444ceb6c60da;/usr/bin/uname
a:0;47936;68e9c6cd741cc47549dc9e59fbeb2ae7cac195f66c40ad73921ceb77719c11c0;/usr/bin/plymouth
a:0;18808;48409d180f3e0fff63e112d2136ba351d0a58732ac235b45c127fb620c0f1b3b;/lib/systemd/systemd-binfmt
a:0;27560;78b6e84e2a38fc763e71506c25cea342c7d83ff7d655577b798552f523b67f03;/usr/bin/run-parts
a:0;344;736329a67c074e6acf2056508028977c2edd7d7fd408b0e054843920b18d1f7d;/etc/network/if-pre-up.d/ethtool
a:0;4191;aa9ffc4995729f674d0b729ffa0a0a14304bc4f04a6a59eb64379f238b69271f;/etc/network/if-pre-up.d/wireless-tools
a:0;35392;b209e12c5272ea4d50ac1e9fbf087f020be0453bdb377185b7ad42a3b79fbf30;/sbin/iwconfig
a:0;1336848;e19e6302e04650a221c84462ebf04d8d9af28d46c0db840bb6f80f4a165ac3b1;/lib/systemd/systemd-udevd
a:0;4696;77dfc5b63e0276c8dafc26dae9b6d0ccb7bba645956dd98d43f648fcb1cbc65d;/etc/network/if-pre-up.d/wpasupplicant
a:0;203152;9a9c5a0c3b5d1d78952252f7bcf4a992ab9ea1081c84861381380a835106b817;/usr/bin/grep
a:0;691016;aa39a2d90d051a8dc3cdcb85f933b1306c399abaaa53c5310a0cfc819a4ac9a7;/usr/sbin/ip
a:0;63976;54a84dd0ca36aa15acd969df1cd29921c2d1132622761855884a44f353f9ac50;/sbin/rpcbind
a:0;18808;4e1cd1024513b98401bdefb45522706fc665f46c7e15bbfa60f3aa097f851994;/lib/systemd/systemd-update-utmp
a:0;145;89b2dd9fc15e7361cdf64de7db8eb038dd8a8677097591c89411ff380ea55f15;/etc/network/if-up.d/chrony
a:0;1685;445c0423f3e48697fd2f4161bab7b2ab7883aa398c68e26258c673adf6a0a032;/etc/network/if-up.d/ethtool
a:0;4938;2304420cb057e7231e8c8fefb96a96b9263b4f2be61c71bd77c0a08d22655ec8;/etc/network/if-up.d/mountnfs
a:0;1345168;4934ec39fb44798be04f0f06a37da77afa480bb76c7eedd8943a5e1c571c7de6;/usr/bin/systemctl
a:0;31544;f67d71f886406f395c06c7deb3a6b48d37772acae1e8a661831ce4090a7150d2;/usr/sbin/haveged
a:0;147544;71261c08339a3b050319d2051231a731acd595aabc9db6cf25f4040597bd8ca2;/usr/sbin/plymouthd
a:0;31040;f4860f0aaa2ccabdc359e23ac2b984c15dbd89e90e62a4332acb85dc7df0821e;/sbin/sysctl
a:0;385;ec5cef9ef50fe79d4085bf2753417ca1ae41ba3400cabbdaad92f39c853e3ccf;/etc/network/if-up.d/openvpn
a:0;4663;60aa2dc986c5c35fae90429334cf3002d9d9c0d0e7895d7d193c03e890a861a7;/etc/network/if-up.d/resolved
a:0;4696;77dfc5b63e0276c8dafc26dae9b6d0ccb7bba645956dd98d43f648fcb1cbc65d;/etc/network/if-up.d/wpasupplicant
a:0;606664;5e0cbefd85dd9676a7fad2172673e3b7d57c1e8ea8349768afdd958a4a0972e8;/usr/sbin/ethtool
a:0;2779;975868db14362baeaf0835f337dd95121706ec59e39143e42890a4360f3ff8c6;/lib/udev/ifupdown-hotplug
a:0;126424;73b13fa951d414c5434c88e0acf8f993e375fb970c1a9b05b61722217f721c48;/usr/bin/sed
a:0;88232;6090a833f6006182549861d34f2da2712fe965dd47e10d1ad8f9e59cd96b05e6;/sbin/ifquery
a:0;14576;509c41e82eb3bfd97ec0652e992cd19a879e2d0c9d07a8de58e9f21e8b5e1aef;/usr/sbin/obex-check-device
a:0;1998;0118bddbc23fdb4c82518aa260c19dbf23ff7c5abafce9af72dd88afcee1aeae;/lib/udev/tlp-usb-udev
a:0;48144;a3d987dd3f9ec0610dc13b7fdccef84895628065434f44247a65ef0d2a341b3c;/usr/bin/id
a:0;43952;879a70d44241bc6704bb8baae38ebd8466ac95707c3b74ca598a9487a841bfb4;/usr/bin/mktemp
a:0;6757;1f762ae21a50d61a2837d97f5bf96850749afd9bf79950a70fb21158ddc86d3a;/usr/share/tlp/tlp-readconfs
a:0;3804432;8558e358f7ec62f5c5f2d5b39777cf0b8d08b64bc5b6c45cba8592c6a79d5cff;/usr/bin/perl
a:0;44016;008f819498fe591f3cc920d543709347d8d14a139bb3482bc2cd8635c1b3162e;/usr/bin/cat
a:0;43888;4add4bb89d8ca0e3b1bd861130ddd7ae0fd9617a8055de0a38c8d2ca1ac95723;/usr/bin/sleep
a:0;55648;afd126f8fd8200c03f0261c53ad5cc5b30bf264d665810e5a5aaeb636158951e;/usr/sbin/blkmapd
a:0;56264;87fa4a8201e44b3105ded5d7aa0f70618121609f8b5e6933975418cd40b4aca4;/usr/sbin/acpid
a:0;34920;67ce01942e82096a4114c908bfdc88c214d4dac952c5725c16fd87d08e623d1f;/usr/sbin/anacron
a:0;2489;92e94db5f8934f0760a76da7fb4ba4ff545b14ee03209950db6224ad049114f2;/etc/init.d/cpufrequtils
a:0;149944;6e465a5a3ef4c43aa4ae0c7afb55817ad8e9e4cca914cbdaeb40fdeebf9d4f50;/usr/sbin/avahi-daemon
a:0;5394;ca2883dfcc5568121cf4afe5d1556a4fdaa5e24c6677d56e1c03da07bfc5356b;/sbin/e2scrub_all
a:0;51776;bbfa16dde02dae2aca823960c39966a5f58ea5aec2a46ae8ed92ee0e06381673;/usr/sbin/cron
a:0;244288;1f729ba5672fa1b3d6dfb9d4415db98e023537d7e3a7c20737a29438dfcca412;/usr/bin/dbus-daemon
a:0;1748;6154f14d18f1c6b5a296412d9830c04648e787a70ae01761093523ef2c1dba6e;/etc/init.d/hwclock.sh
a:0;27560;78b6e84e2a38fc763e71506c25cea342c7d83ff7d655577b798552f523b67f03;/bin/run-parts
a:0;117272;52d5ecabb67d8f3362898161193c08f984e58efe5b104e3432f4d8d13baae99e;/usr/lib/polkit-1/polkitd
a:0;749352;b79d66056ac3d630928485101b053cecb7d028aef8a952c0694e002be0507c2d;/usr/sbin/rsyslogd
a:0;1265648;a4b895f98db75079f2af6e510c95db0d5c5d596e448bf3fe689d0bfdd182e28e;/bin/bash
a:0;281096;98aaafe157e671f267ed1d77ef7155bce90e6bcaf64ce9c8a1c41caf6085eab5;/lib/systemd/systemd-logind
a:0;1345168;4934ec39fb44798be04f0f06a37da77afa480bb76c7eedd8943a5e1c571c7de6;/bin/systemctl
a:0;100520;75d119f710acc16345781b5fa3efcb188c9882808b4f02d19069db7fed1ff9f7;/usr/sbin/logrotate
a:0;3364352;761026a7a8302b14a3a674da00b0cb772620386be78c8cd8bcf825709813b5c9;/sbin/wpa_supplicant
a:0;52112;bfeeebae7ec8362788bc6e58182d5d1f534e6f7ec970be28ef63590b74edc4a5;/bin/readlink
a:0;3366144;6bce8a7a5280593d89d2c49b25982789aa648c53c9004cf07d2bef6cfe851f01;/usr/sbin/NetworkManager
a:0;47936;68e9c6cd741cc47549dc9e59fbeb2ae7cac195f66c40ad73921ceb77719c11c0;/bin/plymouth
a:0;2108184;f47b3a398d53e792e81616280940c9efe6277358091202f252e254886bdd1c5a;/usr/sbin/ModemManager
a:0;44016;008f819498fe591f3cc920d543709347d8d14a139bb3482bc2cd8635c1b3162e;/bin/cat
a:0;126424;73b13fa951d414c5434c88e0acf8f993e375fb970c1a9b05b61722217f721c48;/bin/sed
a:0;203152;9a9c5a0c3b5d1d78952252f7bcf4a992ab9ea1081c84861381380a835106b817;/bin/grep
a:0;14640;2794a52dbbe01fb1f60f5b305c1ec6a082bd7c2fc3dde860c0ac8d4d9aa58314;/lib/systemd/systemd-user-sessions
a:0;22760;e1f4b1093f066b00572dfdedd8fccea61259050c1e0d9ed8f7f0a31b6e69dfd7;/usr/bin/nm-online
a:0;252;8cdd9cfef02b7b6bf1f44e6bac157f14d6d0c28e107e3f084be41c16c7688df5;/usr/lib/udev/hwclock-set
a:0;43408;0abff8369dcfe54068b6489bc020581550fff01f4a6fa71727b367d1e4fc8491;/lib/systemd/systemd-hostnamed
a:0;59992;0f3a100bdff2317ae41996ca7a49c909dc870b54143b530f0b9ff150f6864eac;/usr/lib/NetworkManager/nm-dispatcher
a:0;2293;d8c5ec76ea9aa2cdcd536232543fe7d2e31bec0ffd7aac8103cc4b91d232a198;/etc/NetworkManager/dispatcher.d/01-ifupdown
a:0;1339;c7da2786cdabb3cf196b97eca9741c9191fbcc63679ae7b1f3e9b3827e057f15;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp
a:0;39264;52d6c2f2dd8a8dc37b9809f414c2ff810259985261dc11d78a5ec7a51433111f;/usr/libexec/nfsrahead
a:0;623;116c2cf7410df8e6a6816b6d21168870d22c2ca10401b7ef8adfc4fac7c88d84;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline
a:0;109672;8ef0da9cfc3256a7f6e44e8db92c342d5cec29c5d9ed57e12d5839badaf5c34a;/usr/bin/chronyc
a:0;76432;38e4759fdcff1dde5c3a37baca01f58a2465d68f980171fc3c2a6b5df6edc45c;/lib/udev/dmi_memory_id
a:0;467;3aab477e758d7f00759e00ad0260845c9a519b9bb2d93cf1653a2f8af90dae65;/etc/console-setup/cached_setup_font.sh
a:0;60312;5368bc17c43cd268ade25e8a4b0e1d05f408a988cd84183bbe2aa4271104523b;/usr/bin/setfont
a:0;19040;aed891155d4fe50a4bb7367be309cbd16c0acf127600ac6fd3960731bfcac4de;/lib/udev/libinput-device-group
a:0;14734;230fdad26d166d491acbf04d9fe315523da260efa9c6cecc9406ed3061269b51;/usr/sbin/tlp
a:0;98136;953d326212574b5ad3cbe5f87034b0c142b6e6d71bb619c51eaa3d2ce47f7e24;/usr/bin/gzip
a:0;23192;19ea1dee1ea1dc7fbc2cee781c971397dbdb2e58375a9987fce9849d63e635f7;/lib/udev/libinput-fuzz-extract
a:0;14760;600395b9885601c94d466413da2b6aab9f042bb2aa44551a36f8a7500eb8b8fd;/lib/udev/libinput-fuzz-to-zero
a:0;56208;cf8a29847ff95b77fe6ef3d9ba3d750c7fd1c807763980e8c5f918da81acb1eb;/usr/bin/tr
a:0;130584;6e8c47dbc5b9b9c47054437318922bfa5787d20f4f25ad07e6db679faef3ca11;/usr/sbin/alsactl
a:0;31096;901151e3ce1d19dd5c66fecf2585a3a89ae21d9bc6a6e72709b4e93b6d928a78;/lib/systemd/systemd-backlight
a:0;56216;ed665c8993678683e7ff97a1f7c914a83411f97147a1224c5f5f4ca7627d2c25;/usr/bin/logger
a:0;35216;0ea8c0be00334f018187237baddc24f66f22e9755ad5eebb9227096115601bba;/usr/bin/flock
a:0;52112;bfeeebae7ec8362788bc6e58182d5d1f534e6f7ec970be28ef63590b74edc4a5;/usr/bin/readlink
a:0;290072;078c2bd209057e4ff1573b55482d5e7d90d5fb510f9fd7b7390459b1a69f07fa;/usr/sbin/iw
a:0;151152;e296487a3a8f10a1c55e56056ba4bbb2d3ca22ae625af9f0d5cebaed28e55fa4;/usr/bin/cp
a:0;64496;623fdf73612f898ec829e529ffd143520fb617a75bca84e242030f48d2144645;/usr/bin/chmod
a:0;1774;9224004fb7e347bf86f089af547b25b251381a938f1ab4453e24791a894ecc4f;/etc/rc.local
a:0;80392;be42bcef0acb4536d99c8ada4c9cbd6f5c88e86e6dd7d13889aca327e863fe2c;/sbin/sm-notify
a:0;14872;1a733de5fa95dfbcdf7dfbf8eedc60640fe0f50a9d227ad3dc13e396bfbc42a8;/usr/bin/setlogcons
a:0;88656;7af543d1ff7a9e62d98303b6277b7466ad72a0bf8238dfc6e32273ed996ac866;/bin/dmesg
a:0;47424;28bc53c5239cc490aaca3ca8a4b958396ec7a0a3bbe766d28b8c096ef39ea2e5;/usr/bin/setterm
a:0;35248;30f31da8ba0660d6875fcfe48924bdf908c28c944e543728379623ad4691fe44;/usr/bin/pkill
a:0;31792;272e1fae5ce8eb29548ea7e430270bb247cec513c06ac7d1a178562da83e829c;/usr/bin/setxkbmap
a:0;691016;aa39a2d90d051a8dc3cdcb85f933b1306c399abaaa53c5310a0cfc819a4ac9a7;/bin/ip
a:0;51360;490db2b6737006383340ebc26fac2ca81a61fafa7a23810b4e8d407f547aa5f2;/usr/sbin/rfkill
a:0;145;89b2dd9fc15e7361cdf64de7db8eb038dd8a8677097591c89411ff380ea55f15;/etc/network/if-post-down.d/chrony
a:0;1409;2a3a295ace3eb0526000a5941de60a07f93ad684af602103f20aba05a3fd1d87;/etc/network/if-post-down.d/wireless-tools
a:0;4696;77dfc5b63e0276c8dafc26dae9b6d0ccb7bba645956dd98d43f648fcb1cbc65d;/etc/network/if-post-down.d/wpasupplicant
a:0;69112;faee3ffb8aae9e7a04580eef139765bb7d6fa9e6bfa1adcc95b8442d9def8b9a;/sbin/agetty
a:0;53024;a3af84194f3f8928094d53a48daf388d3295404c4e54aaa911d7d54a29f9a6f8;/bin/login
a:0;18736;1fd4643d4ceb7f3ad3010de3c28f142cdc18571ddd170be495a9708cdcb26243;/lib/systemd/systemd-user-runtime-dir
a:0;14640;212f673d55ecb2621e80028ff12291470e2949aa083db4da81228d624ca8bdec;/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
a:0;772;5a7c93bcd4301f48201b6c846babdff3e70c33d4e634749691c0b9d06acb84b1;/usr/lib/systemd/user-environment-generators/90gpg-agent
a:0;178928;e2d3556bd5c8cb9d9ff9d0805ca402c852e6ce032b2aeface3a4c1208cea8582;/usr/bin/gpgconf
a:0;713152;f67ae79386186747c21cb4ca6d449161490840fff1ec6b9d8123641bfe6fdc27;/usr/bin/awk
a:0;435424;c731e9175a16a24a60ba783636c5847779f87c643c9a1d3b5803600e05e65def;/usr/bin/gpg-agent
a:0;31096;5442951dca0ea43152e524917ef8af0f01a053d96e81f0b5e2123abf0dacc315;/usr/lib/systemd/user-generators/systemd-xdg-autostart-generator
a:0;1606;1fc3385a320be604fa903456f37e367c5f9334cc6847ceb2df30da7daf197915;/usr/sbin/lgmount.name
a:0;35128;3b59400a5ed7f2067cc846b30f2c2684f09c935a001943d237f0bddaea37b0b9;/usr/bin/fusermount
a:0;4118400;b17162878549d78c89fc2fe85604776f074c8b39e0696dea4bed6b2d3d06f5ed;/usr/bin/gocryptfs
a:0;9099;b25b0d0bb747dda5b6e4b9c0c27e8b6257051922a347272c79ab4891ec85f5bf;/usr/sbin/service
a:0;43856;bc0828b09781a8b19a6d31f23f3f6e0d4e2f216490dc1d1e98321f684cbfe0a2;/usr/bin/basename
a:0;35200;b356a1615c4dcec53a06a1f3117bc084987ff5db4ccdda7eb97b9039892132a0;/bin/systemd-tty-ask-password-agent
a:0;637416;04108ea85914b34e55e25ffed31934c83aa0e9fc69f4c0bc04490bfd338462f6;/usr/bin/sddm
a:0;52736;d5d3c556e7acc1a224a2847095bd5551a81b2418e2de827193119a028b0d0058;/usr/bin/xauth
a:0;274;bca1ceb412614f4e0cb13a68b5d78e86b32ac25f7f2f66b40de73517c8f239eb;/usr/bin/X
a:0;14672;aeb9f5f800a8e1e6aec10d49f7f62fb4b124113391bbbe3a57d8f571105c4fe6;/usr/lib/xorg/Xorg.wrap
a:0;2531136;0f26f34728d7e3f81fb6cc497d1bef5d4e65e4836fd25249a59b98f7f4275207;/usr/lib/xorg/Xorg
a:0;73;944a6ff2b756619aa977ccadb27c7d32384c3a38a3126575dddc1bd054879991;/etc/console-setup/cached_setup_terminal.sh
a:0;222144;eca6986af7d15277394b8476b8ad85229ee1a1a879d43d2a526f106af3761550;/usr/bin/xkbcomp
a:0;23144;aa37e60c8282f1ecb944d1de464b75f95a9880803d8a782ce7f5041bea1e5f7f;/usr/bin/xsetroot
a:0;74;8f51093622f8e242e027631600fad4960ca9d54468c03ced4f2368d582492ffc;/usr/share/sddm/scripts/Xsetup
a:0;260568;9920bec4ffe6716c1cc9c519474f1a6dafd52b64bb7dcc072c5daef6d38101d6;/usr/lib/x86_64-linux-gnu/sddm/sddm-helper
a:111;92544;e673d22233914f69da6b7af3b38e7c3aff18526d36c5d40d9c44679193369d7a;/lib/systemd/systemd
a:111;210976;4e4ee4c72387fd8e27661728af322ccb62d5a3f9183e20b271e1d12e07e87480;/lib64/ld-linux-x86-64.so.2
a:111;14640;212f673d55ecb2621e80028ff12291470e2949aa083db4da81228d624ca8bdec;/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
a:111;772;5a7c93bcd4301f48201b6c846babdff3e70c33d4e634749691c0b9d06acb84b1;/usr/lib/systemd/user-environment-generators/90gpg-agent
a:111;1265648;a4b895f98db75079f2af6e510c95db0d5c5d596e448bf3fe689d0bfdd182e28e;/bin/bash
a:111;178928;e2d3556bd5c8cb9d9ff9d0805ca402c852e6ce032b2aeface3a4c1208cea8582;/usr/bin/gpgconf
a:111;713152;f67ae79386186747c21cb4ca6d449161490840fff1ec6b9d8123641bfe6fdc27;/usr/bin/awk
a:111;435424;c731e9175a16a24a60ba783636c5847779f87c643c9a1d3b5803600e05e65def;/usr/bin/gpg-agent
a:111;31096;5442951dca0ea43152e524917ef8af0f01a053d96e81f0b5e2123abf0dacc315;/usr/lib/systemd/user-generators/systemd-xdg-autostart-generator
a:111;1345168;4934ec39fb44798be04f0f06a37da77afa480bb76c7eedd8943a5e1c571c7de6;/bin/systemctl
a:111;592344;b502f1a27f567b18e646c81f729e699d98481a0eb3e61bd4468dfee3eb207b37;/usr/bin/sddm-greeter
a:111;14520;2c5a33b6095114546e10f0282d07a2ee437905bd9882175aba5934405be88f43;/usr/bin/pipewire
a:111;22792;f927e3ea66e51c65a45a9e3d592514ae4a7b7fc35afa632b562e69107333fd3d;/usr/bin/wireplumber
a:111;244288;1f729ba5672fa1b3d6dfb9d4415db98e023537d7e3a7c20737a29438dfcca412;/usr/bin/dbus-daemon
a:0;486304;8a77e3dba726be283cec9556fa10766912006bc2fcc6f6f248fd463f92253c79;/usr/libexec/udisks2/udisksd
a:0;130216;02531b2784861dbe4923f899cff0b15bd42982f6f8fb3c34131acfb2babb0324;/usr/sbin/dmidecode
a:0;31040;a60346b947f47b83f4aabfb7a46a27c76f7e100025fcf2762e4f7dc820e1302f;/usr/sbin/dumpe2fs
a:0;1294;522b8b4f5f88652fd5a4f1e6fd01dfcc84898d29a0a226960d52a6e73e7b72e7;/usr/sbin/xfs_info
a:0;117168;91bddfd127a492e12129c504f019bfe3de3a9fbf2a537cdeda237fa7612727fd;/usr/sbin/losetup
a:0;76944;cd67c2baaef8395ae68a396b8ce0bd24dabd9272f501f1afb7f76f7ef0cfc083;/usr/bin/tail
a:0;85600;c4c89ad3b79c785f7b170a43417d10ba1d64fd98a6906345eeeec18ce168bbff;/usr/bin/findmnt
a:0;43736;193d44d1fd65c4138d9f13be6cdff5918396757a2009d1d9a11060db9c506b49;/usr/sbin/xfs_spaceman
a:0;141528;5ca8cfa2909ba43ed7b48057a00f450c4c43363e93b28866b70ae42d45df686d;/usr/libexec/upowerd
a:1000;92544;e673d22233914f69da6b7af3b38e7c3aff18526d36c5d40d9c44679193369d7a;/lib/systemd/systemd
a:1000;210976;4e4ee4c72387fd8e27661728af322ccb62d5a3f9183e20b271e1d12e07e87480;/lib64/ld-linux-x86-64.so.2
a:1000;14640;212f673d55ecb2621e80028ff12291470e2949aa083db4da81228d624ca8bdec;/usr/lib/systemd/user-environment-generators/30-systemd-environment-d-generator
a:1000;772;5a7c93bcd4301f48201b6c846babdff3e70c33d4e634749691c0b9d06acb84b1;/usr/lib/systemd/user-environment-generators/90gpg-agent
a:1000;1265648;a4b895f98db75079f2af6e510c95db0d5c5d596e448bf3fe689d0bfdd182e28e;/bin/bash
a:1000;178928;e2d3556bd5c8cb9d9ff9d0805ca402c852e6ce032b2aeface3a4c1208cea8582;/usr/bin/gpgconf
a:1000;713152;f67ae79386186747c21cb4ca6d449161490840fff1ec6b9d8123641bfe6fdc27;/usr/bin/awk
a:1000;435424;c731e9175a16a24a60ba783636c5847779f87c643c9a1d3b5803600e05e65def;/usr/bin/gpg-agent
a:1000;31096;5442951dca0ea43152e524917ef8af0f01a053d96e81f0b5e2123abf0dacc315;/usr/lib/systemd/user-generators/systemd-xdg-autostart-generator
a:1000;1345168;4934ec39fb44798be04f0f06a37da77afa480bb76c7eedd8943a5e1c571c7de6;/bin/systemctl
a:1000;14520;2c5a33b6095114546e10f0282d07a2ee437905bd9882175aba5934405be88f43;/usr/bin/pipewire
a:1000;125640;f5adb8bf0100ed0f8c7782ca5f92814e9229525a4b4e0d401cf3bea09ac960a6;/bin/sh
a:1000;22792;f927e3ea66e51c65a45a9e3d592514ae4a7b7fc35afa632b562e69107333fd3d;/usr/bin/wireplumber
a:1000;52736;d5d3c556e7acc1a224a2847095bd5551a81b2418e2de827193119a028b0d0058;/usr/bin/xauth
a:1000;244288;1f729ba5672fa1b3d6dfb9d4415db98e023537d7e3a7c20737a29438dfcca412;/usr/bin/dbus-daemon
a:1000;1674;9bdbde965c5b5ad98939e3541e4c64133b6a34589d8083fcf26e4606fbe103e0;/etc/sddm/Xsession
a:1000;48144;a3d987dd3f9ec0610dc13b7fdccef84895628065434f44247a65ef0d2a341b3c;/bin/id
a:1000;44016;008f819498fe591f3cc920d543709347d8d14a139bb3482bc2cd8635c1b3162e;/usr/bin/cat
a:1000;109616;76100d3a8613237bf8b18bdd007c2881b749033ee89dd92d48b86f0ce8acfd54;/usr/bin/touch
a:1000;64496;623fdf73612f898ec829e529ffd143520fb617a75bca84e242030f48d2144645;/usr/bin/chmod
a:1000;121904;b047bec6f8fed78ad9c59c8eda24d6772d51baa766fc0f71f5936d45267e4036;/usr/bin/date
a:1000;43952;879a70d44241bc6704bb8baae38ebd8466ac95707c3b74ca598a9487a841bfb4;/usr/bin/mktemp
a:1000;72752;58e8be37049deaaacaf56196d507584b94e87a35a524db0c0459eb5ee6ae4b8c;/usr/bin/rm
a:1000;27560;78b6e84e2a38fc763e71506c25cea342c7d83ff7d655577b798552f523b67f03;/usr/bin/run-parts
a:1000;14560;59081d7d01ef57b60661d0084cd73979e9fe9ac2dd9e766d74e40ae8bd58b0a6;/usr/bin/dbus-update-activation-environment
a:1000;35760;e518d9e8d3b77386d523f51ba23997d0559d929edf88588adceae42bde563c90;/usr/bin/xrdb
a:1000;1301496;7e0a72c0e201d3f2e83f42848caf23de2ba77ff43d57a8fe26621cdfaea730ca;/usr/bin/cpp
a:1000;33342568;ffb46aa0b216fd4e7334a685e8560f6b50292b998fccbf99e85087c9bd316119;/usr/lib/gcc/x86_64-linux-gnu/12/cc1
a:1000;203152;9a9c5a0c3b5d1d78952252f7bcf4a992ab9ea1081c84861381380a835106b817;/usr/bin/grep
a:1000;76944;cd67c2baaef8395ae68a396b8ce0bd24dabd9272f501f1afb7f76f7ef0cfc083;/usr/bin/tail
a:1000;48144;a3d987dd3f9ec0610dc13b7fdccef84895628065434f44247a65ef0d2a341b3c;/usr/bin/id
a:1000;19032;dfda731d4559d8d1d4572515d4558a41cedc5b2032e00182d19b92dc204b6d91;/usr/bin/xhost
a:1000;106536;66340980ebe1126b4f4fd574c8a16df1bd4b277ff46ebb97de896f73d9c300ce;/usr/bin/lspci
a:1000;481664;5c219e5b680350f551102a477d681d04aad639860d0164226d94bafc1394e683;/usr/bin/ssh-agent
a:1000;194952;b88807c1d7ded99c7409c5473da9543e60eb500e7069fabe53098a8285271fda;/usr/bin/startplasma-x11
a:1000;133512;99543201e07abb111631e74d32a823368d4e3209067b74a1e571b0a54618ef3b;/usr/bin/kapplymousetheme
a:1000;39304;f35134a3ab2a421cbe7aa68d79af9aa37e6dea0e062b17d894f8a88109d0628a;/usr/bin/ksplashqml
a:1000;48536;615c46b39130a04a08da04163542ce7ce1164fa4b35408efb43aac0a8a9f7ae5;/usr/bin/env
a:1000;23144;aa37e60c8282f1ecb944d1de464b75f95a9880803d8a782ce7f5041bea1e5f7f;/usr/bin/xsetroot
a:1000;31112;054e7df55210bd19a6305c511b10cd085ea62587f742bd4dac798165dd470416;/usr/bin/kde-systemd-start-condition
a:1000;35208;d3ebf11a38f627a542ff159166da3139435215480d8cd51e9f13d17430a145b9;/usr/bin/kcminit_startup
a:1000;736;eaec72ca46358ac17f31294c2d0dd019b687d4682067a1086ce738d350201373;/usr/lib/openssh/agent-launch
a:1000;305544;dfdfc5b86bf811b7f739e3081900de902c550f5b08c5b578565de0bac7e9b9a8;/usr/lib/x86_64-linux-gnu/libexec/baloo_file
a:1000;80104;165a089cd3fb097f549d00106771303da6710904881f8428d6bef7532acd93ae;/usr/bin/kded5
a:1000;186768;adadcf8d5eed5f7c9bc0d330c48f64a48fc752e983e14935373f16d972ae9b7a;/usr/bin/ksmserver
a:1000;1358136;d3d361ffe394a81a827c5aab09492b0515da21cb374ff4903a95b10d77a21423;/usr/bin/kwin_x11
a:1000;64880;b486fcadbd70e7cf14c48ad802bced9bbe64bdf9c0339b24656d1b932ceeb862;/usr/lib/qt5/bin/qdbus
a:1000;18752;fea0a8929b527f545836a68a0c71c42f3739f7a74478b97cb46c4bf03dcc7f2c;/usr/bin/kglobalaccel5
a:1000;31792;272e1fae5ce8eb29548ea7e430270bb247cec513c06ac7d1a178562da83e829c;/usr/bin/setxkbmap
a:1000;39688;0bc6ae9369c7918de7db6152df061150ed85984ef4562790f93468a70d2583b5;/usr/bin/iceauth
a:1000;764296;aa1c3d1329c899d7ab13c2f7024235f750daf54b1bec9e768af3b709a61a0d16;/usr/bin/plasmashell
a:1000;84280;20a1909f8a418366021b195550cb6e4c531d44e9e79c23c211a9b4ae3d0a44d0;/usr/lib/x86_64-linux-gnu/libexec/kf5/kconf_update
a:1000;43400;44de055aa3be87b437a6c40000deb2786d6da7350e826ea38213a39faefdfbeb;/usr/lib/x86_64-linux-gnu/libexec/kf5/kscreen_backend_launcher
a:1000;178576;55518dcfe406bac3dcdb9b55d2c01746740be717999367a4114da8b51098175d;/usr/lib/x86_64-linux-gnu/libexec/kactivitymanagerd
a:1000;289160;658b7b9078f9b343e9b99a48372f2b9633ed8469c9a5d4c3e692c862df7ad6f3;/usr/bin/gmenudbusmenuproxy
a:1000;88464;3427ad5e899badf4e8ab160f74f4b691a31cab64b34b291e156c12f05664461e;/usr/bin/xembedsniproxy
a:1000;92392;0a50063c37cbf882187d94f6411856b621a47ef336538e999dbdbc40c297e047;/usr/lib/x86_64-linux-gnu/libexec/polkit-kde-authentication-agent-1
a:1000;88456;42b73d0b53fb6bf48085199f9d008704cc1132a5c27d574460187e91bc87c2b4;/usr/lib/x86_64-linux-gnu/libexec/org_kde_powerdevil
a:101;51272;f097377452b62d6e41b23c6f8644705e96a54abca4b011e0e31b4f2a98243f2e;/usr/lib/dbus-1.0/dbus-daemon-launch-helper
a:101;210976;4e4ee4c72387fd8e27661728af322ccb62d5a3f9183e20b271e1d12e07e87480;/lib64/ld-linux-x86-64.so.2
a:0;18824;3e134c0a8a0d7dc105664a82da5d3ffab15ce063ec75bad165a9653baa49b087;/usr/lib/kauth/libexec/discretegpuhelper
a:0;39304;36e657105c26ece6bb7e204def30ef8caa1cb7e20ad38cb3ebc29ed1efe69287;/usr/lib/kauth/libexec/chargethresholdhelper
a:0;39304;2213720e54ef3a8cbe7d2db21ad01bedde6321c45cc1195f81becc1cf0c6b074;/usr/lib/kauth/libexec/backlighthelper
a:1000;125640;f5adb8bf0100ed0f8c7782ca5f92814e9229525a4b4e0d401cf3bea09ac960a6;/usr/bin/sh
a:1000;14640;351b7e216cdd81e20fb1f76f89332677c1355fdadb15cb8a192607698a6fd59a;/lib/systemd/systemd-xdg-autostart-condition
a:1000;43888;4add4bb89d8ca0e3b1bd861130ddd7ae0fd9617a8055de0a38c8d2ca1ac95723;/usr/bin/sleep
a:1000;67976;8bcd911c7de5ddfc374364952c3a133c64f1dad5128270ff46944b497428b72b;/usr/lib/x86_64-linux-gnu/libexec/kdeconnectd
a:1000;88456;dbbb083975039bc8e2e3b6a0a1ce7fa7e98806cb39c0e6e2de807bad152cb044;/usr/bin/kaccess
a:1000;88456;d9cf4909552156a20ea752f5e81f1fe8a2b847380197bfe2001e4f581773c321;/usr/lib/x86_64-linux-gnu/libexec/DiscoverNotifier
a:1000;26944;231139f082f153244419738c62d5cf7fa0152339f21b6cd0666a4c19c7abc660;/usr/bin/apt-config
a:0;296648;752a3f1f2c449bae2e8fb77aa264ba3cba4fa0c0294766f6fb327d163979b56c;/usr/libexec/packagekitd
a:1000;318096;628e9419d3022787966ac9d6e9ae6d35698a6c9f10ae8589976bafec149fc060;/usr/bin/dpkg
a:1000;26944;b713ea14f9f81f3ef7ccd3ebbc56dca542663a20d4e69ba0517d9f163fa4e498;/usr/bin/gsettings
a:0;318096;628e9419d3022787966ac9d6e9ae6d35698a6c9f10ae8589976bafec149fc060;/usr/bin/dpkg
a:1000;88216;e2e80ef8e9b5c025add3bb1fd2abe389ff0a3209b7a841fc58ccc9fd26dee47e;/usr/libexec/dconf-service
a:1000;27016;8a008670c0c00f5a4a739c6d190d702c8e0f90f887e9154425187a1529e9c2bf;/usr/bin/plasma_waitforname
a:1000;14640;90ba4dbe8453eac7ffff8f4e16bf2313a0cda569329a710b1bee87846513e441;/lib/x86_64-linux-gnu/libexec/kf5/kioslave5
a:1000;47496;6e4d506b6da59d0006e432ebe312a90925e7e8a911c5d00f6ae89836cf58fa69;/usr/bin/plasma-shutdown
a:1000;22832;7c2159b5b2d7cc482b134254b72db24cbe136f86c26953ae6faf0a3b8f0b9344;/usr/bin/kdeinit5_shutdown
a:0;90;ec957b2b035262dd235e23b19e353e4f508c4d1684e38b41cde8931dd420d2ab;/usr/share/sddm/scripts/Xstop
a:0;573;0f3c9c125582f96aeb9a6767c34a661e17345a96cda0c4dc9e8a4de671f6b68c;/usr/share/sddm/scripts/sddm-shutdown
a:0;18744;fc643d26847e0d4eb5cb52c5ba3eabffb9acd04d33404b4a12d0347f05288947;/usr/bin/mesg


ARGV:
<ARGV LEARNING LIST> is organized as a RING

ARGV learning LIST MAX       : 5000
ARGV learning LIST LEN       : 664
a:0;2011200;/bin/mount;-t;sysfs;-o;nodev,noexec,nosuid;sysfs;/sys;
a:0;2011200;/bin/mount;-t;proc;-o;nodev,noexec,nosuid;proc;/proc;
a:0;2011200;/proc/self/exe;/proc/cmdline;
a:0;2011200;/proc/self/exe;-t;devtmpfs;-o;nosuid,mode=0755;udev;/dev;
a:0;2011200;/proc/self/exe;-t;devpts;-o;noexec,nosuid,gid=5,mode=0620;devpts;/dev/pts;
a:0;2011200;/proc/self/exe;-t;tmpfs;-o;nodev,noexec,nosuid,size=10%,mode=0755;tmpfs;/run;
a:0;14976;/bin/kbd_mode;-u;
a:0;220304;/bin/loadkeys;/etc/console-setup/cached_UTF-8_del.kmap;
a:0;342552;/sbin/udevd;--daemon;--resolve-names=never;
a:0;358872;/sbin/udevadm;trigger;--action=add;
a:0;358872;/sbin/udevadm;settle;
a:0;2011200;/proc/self/exe;/proc/uptime;
a:0;29464;/sbin/dmraid;-r;-c;
a:0;2011200;/proc/self/exe;-qE;^(.*\s)?cryptopts=;/proc/cmdline;
a:0;1003016;/sbin/bcachefs;unlock;-c;/dev/nvme0n1p10;
a:0;829136;/bin/btrfs;device;scan;
a:0;10048;/bin/fstype;/dev/nvme0n1p10;
a:0;2011200;/proc/self/exe;-r;-t;xfs;/dev/nvme0n1p10;/root;
a:0;358872;/sbin/udevadm;control;--exit;
a:0;2011200;/proc/self/exe;-n;-o;move;/dev;/root/dev;
a:0;2011200;/proc/self/exe;-n;-o;move;/run;/root/run;
a:0;2011200;/proc/self/exe;-n;/root;/lib/systemd/systemd;
a:0;2011200;/proc/self/exe;-n;-o;move;/sys;/root/sys;
a:0;2011200;/proc/self/exe;-n;-o;move;/proc;/root/proc;
a:0;2011200;/sbin/run-init;/root;/lib/systemd/systemd;
a:0;84536;/usr/lib/systemd/system-generators/nfs-server-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;35336;/usr/lib/systemd/system-generators/systemd-cryptsetup-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;899;/usr/lib/systemd/system-generators/openvpn-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;31032;/usr/lib/systemd/system-generators/systemd-gpt-auto-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;39264;/usr/lib/systemd/system-generators/rpc-pipefs-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;14640;/usr/lib/systemd/system-generators/systemd-rc-local-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;18888;/usr/lib/systemd/system-generators/systemd-debug-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;31096;/usr/lib/systemd/system-generators/systemd-sysv-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;22832;/usr/lib/systemd/system-generators/systemd-getty-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;43616;/usr/lib/systemd/system-generators/systemd-fstab-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;14776;/usr/lib/systemd/system-generators/systemd-hibernate-resume-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;22936;/usr/lib/systemd/system-generators/systemd-integritysetup-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;14776;/usr/lib/systemd/system-generators/systemd-run-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;14640;/usr/lib/systemd/system-generators/systemd-system-update-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;31248;/usr/lib/systemd/system-generators/systemd-veritysetup-generator;/run/systemd/generator;/run/systemd/generator.early;/run/systemd/generator.late;
a:0;97552;/usr/bin/mkdir;-p;/run/systemd/generator/openvpn.service.wants;
a:0;151344;/usr/bin/ls;*.conf;
a:0;59704;/bin/mount;hugetlbfs;/dev/hugepages;-t;hugetlbfs;
a:0;59704;/bin/mount;mqueue;/dev/mqueue;-t;mqueue;-o;nosuid,nodev,noexec;
a:0;59704;/bin/mount;debugfs;/sys/kernel/debug;-t;debugfs;-o;nosuid,nodev,noexec;
a:0;59704;/bin/mount;tracefs;/sys/kernel/tracing;-t;tracefs;-o;nosuid,nodev,noexec;
a:0;178448;/bin/kmod;static-nodes;--format=tmpfiles;--output=/run/tmpfiles.d/static-nodes.conf;
a:0;178448;/sbin/modprobe;-abq;dm_mod;
a:0;178448;/sbin/modprobe;-abq;configfs;
a:0;178448;/sbin/modprobe;-abq;efi_pstore;
a:0;3164824;/sbin/lvm;vgchange;--monitor;y;
a:0;178448;/sbin/modprobe;-abq;drm;
a:0;178448;/sbin/modprobe;-abq;fuse;
a:0;178448;/sbin/modprobe;-abq;loop;
a:0;1336848;/usr/bin/udevadm;trigger;--type=all;--action=add;--prioritized-subsystem=module,block,tpmrm,net,tty,input;
a:0;59704;/bin/mount;fusectl;/sys/fs/fuse/connections;-t;fusectl;-o;nosuid,nodev,noexec;
a:0;72752;/usr/bin/rm;/run/console-setup/keymap_loaded;
a:0;59704;/bin/mount;configfs;/sys/kernel/config;-t;configfs;-o;nosuid,nodev,noexec;
a:0;55664;/sbin/fsck;-a;-T;-l;-C5;/dev/nvme0n1p10;
a:0;2594;/usr/sbin/fsck.xfs;-a;/dev/nvme0n1p10;
a:0;59704;/bin/mount;/;-o;remount;
a:0;51512;/sbin/swapon;--fixpgsz;/swap/swap;
a:0;76432;/usr/bin/journalctl;--flush;
a:0;22832;/lib/systemd/systemd-random-seed;load;
a:0;125640;/bin/sh;-c;if [ "$CONFIGURE_INTERFACES" != "no" ] && [ -n 
"$(ifquery --read-environment --list --exclude=lo)" ] && [ -x 
/bin/udevadm ]; then udevadm settle; fi;
a:0;88232;/usr/sbin/ifquery;--read-environment;--list;--exclude=lo;
a:0;113224;/usr/bin/systemd-tmpfiles;--prefix=/dev;--create;--boot;
a:0;88232;/sbin/ifup;-a;--read-environment;
a:0;47936;/usr/bin/plymouth;update-root-fs;--read-write;
a:0;97552;/usr/bin/mkdir;-p;/run/console-setup;
a:0;125640;/bin/sh;-c;run-parts --exit-on-error /etc/network/if-pre-up.d;
a:0;27560;/usr/bin/run-parts;--exit-on-error;/etc/network/if-pre-up.d;
a:0;35392;/sbin/iwconfig;--all;
a:0;203152;/usr/bin/grep;-q;^IF_WPA;
a:0;125640;/bin/sh;-c;;
a:0;113224;/usr/bin/systemd-tmpfiles;--create;--remove;--boot;--exclude-prefix=/dev;
a:0;35392;/sbin/iwconfig;lo;
a:0;125640;/bin/sh;-c;ip link set dev lo up;
a:0;691016;/usr/sbin/ip;link;set;dev;lo;up;
a:0;63976;/sbin/rpcbind;-f;-w;
a:0;18808;/lib/systemd/systemd-update-utmp;reboot;
a:0;125640;/bin/sh;-c;run-parts --exit-on-error /etc/network/if-up.d;
a:0;27560;/usr/bin/run-parts;--exit-on-error;/etc/network/if-up.d;
a:0;1345168;/usr/bin/systemctl;list-jobs;
a:0;203152;/usr/bin/grep;-q;network.target;
a:0;31544;/usr/sbin/haveged;--Foreground;--verbose=1;
a:0;147544;/usr/sbin/plymouthd;--mode=boot;--pid-file=/run/plymouth/pid;--attach-to-session;
a:0;31040;/sbin/sysctl;-q;--pattern;^fs.nfs;--system;
a:0;31040;/sbin/sysctl;-q;--pattern;^fs.nfs.n[sl]m;--system;
a:0;31040;/sbin/sysctl;-q;--pattern;^fs.nfs.(nfs_callback_tcpport|idmap_cache_timeout);--system;
a:0;31040;/sbin/sysctl;-q;--pattern;^sunrpc;--system;
a:0;1345168;/usr/bin/systemctl;is-enabled;systemd-resolved;
a:0;47936;/usr/bin/plymouth;show-splash;
a:0;125640;/bin/sh;-c;/usr/sbin/ethtool -i $1 |/usr/bin/sed -n 
s/^driver:\ //p;--;lo;
a:0;606664;/usr/sbin/ethtool;-i;lo;
a:0;126424;/usr/bin/sed;-n;s/^driver: //p;
a:0;88232;/sbin/ifquery;--allow;hotplug;-l;eth0;
a:0;23008;/lib/systemd/systemd-sysctl;--prefix=/net/ipv4/conf/eth0;--prefix=/net/ipv4/neigh/eth0;--prefix=/net/ipv6/conf/eth0;--prefix=/net/ipv6/neigh/eth0;
a:0;126424;/usr/bin/sed;-n;
/^IF_ETHERNET_PAUSE_[A-Za-z0-9_]*=/ {
     h;                             # hold line
     s/^IF_ETHERNET_PAUSE_//; s/=.*//; s/_/-/g;  # get name without prefix
     y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
     p;
     g;                             # restore line
     s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
     p;
};
a:0;126424;/usr/bin/sed;-n;
/^IF_HARDWARE_IRQ_COALESCE_[A-Za-z0-9_]*=/ {
     h;                             # hold line
     s/^IF_HARDWARE_IRQ_COALESCE_//; s/=.*//; s/_/-/g;  # get name 
without prefix
     y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
     p;
     g;                             # restore line
     s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
     p;
};
a:0;126424;/usr/bin/sed;-n;
/^IF_HARDWARE_DMA_RING_[A-Za-z0-9_]*=/ {
     h;                             # hold line
     s/^IF_HARDWARE_DMA_RING_//; s/=.*//; s/_/-/g;  # get name without 
prefix
     y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
     p;
     g;                             # restore line
     s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
     p;
};
a:0;126424;/usr/bin/sed;-n;
/^IF_OFFLOAD_[A-Za-z0-9_]*=/ {
     h;                             # hold line
     s/^IF_OFFLOAD_//; s/=.*//; s/_/-/g;  # get name without prefix
     y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;  # lower-case
     p;
     g;                             # restore line
     s/^[^=]*=//; s/^'\(.*\)'/\1/;  # get value
     p;
};
a:0;14576;/usr/sbin/obex-check-device;1d6b;0002;
a:0;14576;/usr/sbin/obex-check-device;1d6b;0003;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/pci0000:00/0000:00:14.0/usb1;
a:0;48144;/usr/bin/id;-u;
a:0;97552;/usr/bin/mkdir;-p;/run/tlp;
a:0;125640;/bin/sh;-c;if [ -f /run/network/restart-hotplug ]; then 
/sbin/ifup -a --read-environment --allow=hotplug; fi;
a:0;43952;/usr/bin/mktemp;-p;/run/tlp;tlp-run.conf_tmpXXXXXX;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpAXGiON;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.0/usb3;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/pci0000:00/0000:00:14.0/usb2;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpvASKAb;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.0/usb4;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.3/usb10;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/idVendor;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.3/usb9;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.2/usb8;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/idProduct;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.5/usb14;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmph0E8XB;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.4/usb11;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.1/usb6;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/busnum;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.1/usb5;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.4/usb12;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.5/usb13;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpBO72bI;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.2/usb7;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/idVendor;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpOu8p5V;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/idProduct;
a:0;59704;/bin/mount;binfmt_misc;/proc/sys/fs/binfmt_misc;-t;binfmt_misc;-o;nosuid,nodev,noexec;
a:0;59704;/bin/mount;sunrpc;/run/rpc_pipefs;-t;rpc_pipefs;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/bDeviceClass;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpLY7DFp;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/idVendor;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmps9izAx;
a:0;43888;/usr/bin/sleep;0.5;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpXsv0Da;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpRlWl45;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/idVendor;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmp77J3rz;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/idProduct;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpnHCpKm;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/idProduct;
a:0;34920;/usr/sbin/anacron;-d;-q;-s;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/busnum;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmp04cAHX;
a:0;2489;/etc/init.d/cpufrequtils;start;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/idVendor;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmp6smPtl;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/bDeviceClass;
a:0;149944;/usr/sbin/avahi-daemon;-s;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpXZ4weg;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/busnum;
a:0;5394;/sbin/e2scrub_all;-A;-r;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/devnum;
a:0;51776;/usr/sbin/cron;-f;
a:0;244288;/usr/bin/dbus-daemon;--system;--address=systemd:;--nofork;--nopidfile;--systemd-activation;--syslog-only;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/idVendor;
a:0;1748;/etc/init.d/hwclock.sh;start;
a:0;27560;/bin/run-parts;--lsbsysinit;--list;/lib/lsb/init-functions.d;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/busnum;
a:0;117272;/usr/lib/polkit-1/polkitd;--no-debug;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/idProduct;
a:0;749352;/usr/sbin/rsyslogd;-n;-iNONE;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/devnum;
a:0;1345168;/bin/systemctl;-p;LoadState;--value;show;cpufrequtils.service;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/busnum;
a:0;100520;/usr/sbin/logrotate;/etc/logrotate.conf;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/devnum;
a:0;3364352;/sbin/wpa_supplicant;-u;-s;-O;DIR=/run/wpa_supplicant 
GROUP=netdev;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/bDeviceClass;
a:0;52112;/bin/readlink;-q;-s;-e;/dev/mapper/*.e2scrub*;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/bDeviceClass;
a:0;3366144;/usr/sbin/NetworkManager;--no-daemon;
a:0;47936;/bin/plymouth;--ping;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/busnum;
a:0;44016;/bin/cat;/proc/stat;
a:0;126424;/bin/sed;-ne;s/^cpu\([[:digit:]]\+\).*/\1/p;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/busnum;
a:0;47936;/usr/bin/plymouth;update;--status=CPUFreq Utilities: Setting 
ondemand CPUFreq governor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/devnum;
a:0;203152;/bin/grep;-q;\<ondemand\>;/sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/bDeviceClass;
a:0;14640;/lib/systemd/systemd-user-sessions;start;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/devnum;
a:0;22760;/usr/bin/nm-online;-s;-q;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/bDeviceClass;
a:0;252;/usr/lib/udev/hwclock-set;/dev/rtc0;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.6/usb15;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.7/usb18;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.6/usb16;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/platform/vhci_hcd.7/usb17;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-0:1.0/bInterfaceClass;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpnHpWTM;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpIl52Lj;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpW3lz9N;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/power/control;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;none;hostname;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpAXGiON;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;none;hostname;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpIvt7EG;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/idVendor;
a:0;39264;/usr/libexec/nfsrahead;1:1;
a:0;39264;/usr/libexec/nfsrahead;179:0;
a:0;39264;/usr/libexec/nfsrahead;1:0;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/idProduct;
a:0;97552;/usr/bin/mkdir;-p;/run/chrony-dhcp;
a:0;39264;/usr/libexec/nfsrahead;1:10;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/idVendor;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;none;hostname;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/idProduct;
a:0;39264;/usr/libexec/nfsrahead;1:11;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/busnum;
a:0;14576;/usr/sbin/obex-check-device;8087;0a2b;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/idVendor;
a:0;39264;/usr/libexec/nfsrahead;1:12;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/idProduct;
a:0;39264;/usr/libexec/nfsrahead;1:13;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/10-0:1.0/bInterfaceClass;
a:0;1998;/lib/udev/tlp-usb-udev;usb;/devices/pci0000:00/0000:00:14.0/usb1/1-7;
a:0;39264;/usr/libexec/nfsrahead;1:14;
a:0;39264;/usr/libexec/nfsrahead;1:15;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/devnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/bDeviceClass;
a:0;39264;/usr/libexec/nfsrahead;1:2;
a:0;39264;/usr/libexec/nfsrahead;1:3;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb10/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpBO72bI;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmp5ZPFA0;
a:0;39264;/usr/libexec/nfsrahead;1:4;
a:0;39264;/usr/libexec/nfsrahead;1:5;
a:0;39264;/usr/libexec/nfsrahead;1:6;
a:0;39264;/usr/libexec/nfsrahead;1:7;
a:0;39264;/usr/libexec/nfsrahead;1:8;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;;connectivity-change;
a:0;39264;/usr/libexec/nfsrahead;1:9;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;;connectivity-change;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;;connectivity-change;
a:0;109672;/usr/bin/chronyc;onoffline;
a:0;39264;/usr/libexec/nfsrahead;251:0;
a:0;39264;/usr/libexec/nfsrahead;252:0;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;lo;up;
a:0;27560;/usr/bin/run-parts;/etc/network/if-up.d;
a:0;39264;/usr/libexec/nfsrahead;259:0;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/3-0:1.0/bInterfaceClass;
a:0;39264;/usr/libexec/nfsrahead;43:0;
a:0;39264;/usr/libexec/nfsrahead;43:192;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/9-0:1.0/bInterfaceClass;
a:0;39264;/usr/libexec/nfsrahead;43:224;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/6-0:1.0/bInterfaceClass;
a:0;39264;/usr/libexec/nfsrahead;43:160;
a:0;39264;/usr/libexec/nfsrahead;43:128;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/idVendor;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/11-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/14-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/2-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/idProduct;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb3/power/control;
a:0;44016;/bin/cat;/proc/cmdline;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/8-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/5-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/busnum;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb14/power/control;
a:0;39264;/usr/libexec/nfsrahead;43:256;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/7-0:1.0/bInterfaceClass;
a:0;1345168;/bin/systemctl;-p;LoadState;--value;show;mountnfs.service;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/12-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/13-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/4-0:1.0/bInterfaceClass;
a:0;39264;/usr/libexec/nfsrahead;43:384;
a:0;39264;/usr/libexec/nfsrahead;43:288;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb8/power/control;
a:0;39264;/usr/libexec/nfsrahead;43:32;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb6/power/control;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb2/power/control;
a:0;39264;/usr/libexec/nfsrahead;43:320;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpvASKAb;
a:0;39264;/usr/libexec/nfsrahead;43:352;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/devnum;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmp77J3rz;
a:0;39264;/usr/libexec/nfsrahead;43:416;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.1/usb5/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpRlWl45;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmph0E8XB;
a:0;39264;/usr/libexec/nfsrahead;43:64;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/bDeviceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.3/usb9/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpOu8p5V;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.0/usb4/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmp04cAHX;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.5/usb13/power/control;
a:0;39264;/usr/libexec/nfsrahead;7:0;
a:0;39264;/usr/libexec/nfsrahead;43:448;
a:0;39264;/usr/libexec/nfsrahead;43:480;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb11/power/control;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.2/usb7/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpXsv0Da;
a:0;39264;/usr/libexec/nfsrahead;43:96;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpLY7DFp;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.4/usb12/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmps9izAx;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpnHCpKm;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmp6smPtl;
a:0;39264;/usr/libexec/nfsrahead;7:5;
a:0;39264;/usr/libexec/nfsrahead;7:1;
a:0;39264;/usr/libexec/nfsrahead;7:2;
a:0;39264;/usr/libexec/nfsrahead;7:6;
a:0;39264;/usr/libexec/nfsrahead;7:7;
a:0;39264;/usr/libexec/nfsrahead;7:3;
a:0;39264;/usr/libexec/nfsrahead;7:4;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpXZ4weg;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;lo;up;
a:0;72752;/usr/bin/rm;-f;/run/chrony-dhcp/lo.sources;
a:0;109672;/usr/bin/chronyc;reload;sources;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;lo;up;
a:0;60312;/usr/bin/setfont;/usr/share/consolefonts/Uni2-Fixed16.psf.gz;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/18-0:1.0/bInterfaceClass;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/platform/i8042/serio0/input/input0/event0;
a:0;125640;/bin/sh;-c;gzip -d -c 
/usr/share/consolefonts/Uni2-Fixed16.psf.gz;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0D:00/input/input4/event3;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input6/event5;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0E:00/input/input5/event4;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/platform/i8042/serio1/input/input2/event1;
a:0;14734;/usr/sbin/tlp;auto;
a:0;98136;/usr/bin/gzip;-d;-c;/usr/share/consolefonts/Uni2-Fixed16.psf.gz;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/17-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/16-0:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb18/power/control;
a:0;23192;/lib/udev/libinput-fuzz-extract;/sys/devices/platform/i8042/serio1/input/input2/event1;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.7/usb17/power/control;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb16/power/control;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpntLREV;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/15-0:1.0/bInterfaceClass;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpnHpWTM;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpW3lz9N;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpIl52Lj;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmpFE1hF4;
a:0;44016;/usr/bin/cat;/sys/devices/platform/vhci_hcd.6/usb15/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpIvt7EG;
a:0;6757;/usr/share/tlp/tlp-readconfs;--outfile;/run/tlp/tlp-run.conf_tmp4dKnD1;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/LNXVIDEO:00/input/input8/event7;
a:0;14760;/lib/udev/libinput-fuzz-to-zero;/sys/devices/platform/i8042/serio1/input/input2/event1;
a:0;88232;/sbin/ifquery;--allow;hotplug;-l;wlan0;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/platform/thinkpad_acpi/input/input7/event6;
a:0;56208;/usr/bin/tr;[:lower:];[:upper:];
a:0;130584;/usr/sbin/alsactl;-E;HOME=/run/alsa;-E;XDG_RUNTIME_DIR=/run/alsa/runtime;restore;0;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input14/event13;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input15/event14;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input12/event11;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input10/event9;
a:0;203152;/usr/bin/grep;-E;-q;sbs-charger|hidpp_battery|hid-;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input9/event8;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input13/event12;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input11/event10;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/pci0000:00/0000:00:1f.3/sound/card0/input16/event15;
a:0;23008;/lib/systemd/systemd-sysctl;--prefix=/net/ipv4/conf/wlan0;--prefix=/net/ipv4/neigh/wlan0;--prefix=/net/ipv6/conf/wlan0;--prefix=/net/ipv6/neigh/wlan0;
a:0;44016;/usr/bin/cat;/sys/class/power_supply/AC/type;
a:0;44016;/usr/bin/cat;/sys/class/power_supply/AC/online;
a:0;1345168;/usr/bin/systemctl;is-enabled;tlp.service;
a:0;19040;/lib/udev/libinput-device-group;/sys/devices/platform/i8042/serio1/serio2/input/input3/event2;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/1-7:1.0/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/1-7:1.1/bInterfaceClass;
a:0;44016;/usr/bin/cat;/sys/devices/pci0000:00/0000:00:14.0/usb1/1-7/power/control;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmp5ZPFA0;
a:0;31096;/lib/systemd/systemd-backlight;load;leds:tpacpi::kbd_backlight;
a:0;151344;/usr/bin/ls;/dev/fb0;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1620;--;Error: tlp.service 
is not enabled, power saving will not apply on boot.;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1620;--;>>> Invoke 
'systemctl enable tlp.service' to correct this!;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1636;--;Error: tlp.service 
is not enabled, power saving will not apply on boot.;
a:0;1345168;/usr/bin/systemctl;is-enabled;power-profiles-daemon.service;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1636;--;>>> Invoke 
'systemctl enable tlp.service' to correct this!;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1637;--;Error: tlp.service 
is not enabled, power saving will not apply on boot.;
a:0;56216;/usr/bin/logger;-p;err;-t;tlp;--id=1637;--;>>> Invoke 
'systemctl enable tlp.service' to correct this!;
a:0;130584;/usr/sbin/alsactl;-E;HOME=/run/alsa;-E;XDG_RUNTIME_DIR=/run/alsa/runtime;restore;
a:0;203152;/usr/bin/grep;-q;-v;masked;
a:0;31096;/lib/systemd/systemd-backlight;load;backlight:intel_backlight;
a:0;1345168;/usr/bin/systemctl;is-enabled;systemd-rfkill.service;
a:0;1345168;/usr/bin/systemctl;is-enabled;systemd-rfkill.socket;
a:0;35216;/usr/bin/flock;-x;-n;9;
a:0;44016;/usr/bin/cat;/run/tlp/last_pwr;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpFE1hF4;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmp4dKnD1;
a:0;203152;/usr/bin/grep;-E;^[0-9]+$;
a:0;203152;/usr/bin/grep;-E;-q;-m;1;^flags.+hwp_epp;/proc/cpuinfo;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:00.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:02.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:08.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:14.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:14.2/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:16.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1c.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1c.2/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1c.4/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1f.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1f.2/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1f.3/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1f.4/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:00:1f.6/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:02:00.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:04:00.0/class;
a:0;44016;/usr/bin/cat;/sys/bus/pci/devices/0000:05:00.0/class;
a:0;52112;/usr/bin/readlink;/dev/disk/by-id/nvme-SPCC_M.2_PCIe_SSD_AA230718NV02KG00581;
a:0;1336848;/usr/bin/udevadm;info;-q;property;/dev/nvme0n1;
a:0;203152;/usr/bin/grep;-E;^(DEVPATH|ID_BUS|ID_PATH|ID_ATA_FEATURE_SET_PM_ENABLED)=;
a:0;52112;/usr/bin/readlink;/sys/class/drm/card0/device/driver;
a:0;203152;/usr/bin/grep;-q;-s;DEVTYPE=wlan;/sys/class/net/eth0/uevent;
a:0;203152;/usr/bin/grep;-q;-s;DEVTYPE=wlan;/sys/class/net/lo/uevent;
a:0;203152;/usr/bin/grep;-q;-s;DEVTYPE=wlan;/sys/class/net/wlan0/uevent;
a:0;290072;/usr/sbin/iw;dev;wlan0;set;power_save;off;
a:0;44016;/usr/bin/cat;/sys/class/net/eth0/device/class;
a:0;44016;/usr/bin/cat;/sys/class/net/wlan0/device/class;
a:0;606664;/usr/sbin/ethtool;-s;eth0;wol;d;
a:0;72752;/usr/bin/rm;-f;/var/lib/tlp/rfkill_saved;
a:0;151152;/usr/bin/cp;--preserve=timestamps;/run/tlp/tlp-run.conf_tmpntLREV;/run/tlp/run.conf;
a:0;64496;/usr/bin/chmod;664;/run/tlp/tlp-run.conf_tmpntLREV;/run/tlp/run.conf;
a:0;72752;/usr/bin/rm;-f;/run/tlp/lock_tlp;
a:0;72752;/usr/bin/rm;-f;--;/run/tlp/tlp-run.conf_tmpntLREV;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;eth0;dhcp4-change;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;eth0;dhcp4-change;
a:0;72752;/usr/bin/rm;-f;/run/chrony-dhcp/eth0.sources;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;eth0;dhcp4-change;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;eth0;up;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;eth0;up;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;eth0;up;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;wlan0;dhcp4-change;
a:0;1339;/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp;wlan0;dhcp4-change;
a:0;72752;/usr/bin/rm;-f;/run/chrony-dhcp/wlan0.sources;
a:0;623;/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline;wlan0;dhcp4-change;
a:0;2293;/etc/NetworkManager/dispatcher.d/01-ifupdown;wlan0;up;
a:0;1774;/etc/rc.local;start;
a:0;14872;/usr/bin/setlogcons;N;
a:0;88656;/bin/dmesg;-D;
a:0;47424;/usr/bin/setterm;-blength;0;
a:0;35248;/usr/bin/pkill;tracker*;
a:0;31792;/usr/bin/setxkbmap;-option;terminate:;ctrl_alt_bksp;
a:0;691016;/bin/ip;link;set;dev;lo;down;
a:0;691016;/bin/ip;-4;addr;del;dev;lo;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ