diff options
author | netblue30 <netblue30@yahoo.com> | 2018-10-17 08:03:37 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-17 08:03:37 -0500 |
commit | 1143be758d04e0fb5614806c6d062776e5b840b5 (patch) | |
tree | db1f1cbb21a2ebfb75a161cecc0d649f89c4507d | |
parent | Merge pull request #2201 from SkewedZeppelin/u2f-ap (diff) | |
parent | Do not override user provided seccomp lists when in chroot/overlay/appimage, ... (diff) | |
download | firejail-1143be758d04e0fb5614806c6d062776e5b840b5.tar.gz firejail-1143be758d04e0fb5614806c6d062776e5b840b5.tar.zst firejail-1143be758d04e0fb5614806c6d062776e5b840b5.zip |
Merge pull request #2199 from crass/fix-2142-firefox-sandbox-appimage
Fix #2142: Firefox appimage fails because it needs non-default seccomp
-rw-r--r-- | src/firejail/sandbox.c | 11 |
1 files changed, 1 insertions, 10 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 3abeb174e..95732b95e 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -530,14 +530,6 @@ static void enforce_filters(void) { | |||
530 | #ifdef HAVE_SECCOMP | 530 | #ifdef HAVE_SECCOMP |
531 | enforce_seccomp = 1; | 531 | enforce_seccomp = 1; |
532 | #endif | 532 | #endif |
533 | if (cfg.seccomp_list_drop) { | ||
534 | free(cfg.seccomp_list_drop); | ||
535 | cfg.seccomp_list_drop = NULL; | ||
536 | } | ||
537 | if (cfg.seccomp_list_keep) { | ||
538 | free(cfg.seccomp_list_keep); | ||
539 | cfg.seccomp_list_keep = NULL; | ||
540 | } | ||
541 | 533 | ||
542 | // disable all capabilities | 534 | // disable all capabilities |
543 | if (arg_caps_default_filter || arg_caps_list) | 535 | if (arg_caps_default_filter || arg_caps_list) |
@@ -547,8 +539,7 @@ static void enforce_filters(void) { | |||
547 | // drop all supplementary groups; /etc/group file inside chroot | 539 | // drop all supplementary groups; /etc/group file inside chroot |
548 | // is controlled by a regular usr | 540 | // is controlled by a regular usr |
549 | arg_nogroups = 1; | 541 | arg_nogroups = 1; |
550 | fmessage("\n** Warning: dropping all Linux capabilities and enforcing **\n"); | 542 | fmessage("\n** Warning: dropping all Linux capabilities **\n"); |
551 | fmessage("** default seccomp filter **\n\n"); | ||
552 | } | 543 | } |
553 | 544 | ||
554 | int sandbox(void* sandbox_arg) { | 545 | int sandbox(void* sandbox_arg) { |