diff options
author | netblue30 <netblue30@yahoo.com> | 2017-05-31 20:42:19 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-05-31 20:42:19 -0400 |
commit | 687a429ddda387f40f163a45211345607ad96149 (patch) | |
tree | f2e5d745ef8b33a0406aabbba0bce7a9c38aab4f | |
parent | profile cleanup (diff) | |
download | firejail-687a429ddda387f40f163a45211345607ad96149.tar.gz firejail-687a429ddda387f40f163a45211345607ad96149.tar.zst firejail-687a429ddda387f40f163a45211345607ad96149.zip |
AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 8 |
2 files changed, 6 insertions, 4 deletions
@@ -1,5 +1,7 @@ | |||
1 | firejail (0.9.47) baseline; urgency=low | 1 | firejail (0.9.47) baseline; urgency=low |
2 | * work in progress | 2 | * work in progress |
3 | * modifs: AppArmor made optional; a warning is printed on the screen | ||
4 | if the sandbox fails to load the AppArmor profile | ||
3 | * added /etc/firejail/globals.local for global customizations | 5 | * added /etc/firejail/globals.local for global customizations |
4 | * whitelisted Transmission, Deluge, qBitTorrent, KTorrent | 6 | * whitelisted Transmission, Deluge, qBitTorrent, KTorrent |
5 | * new profiles: vym, darktable, Waterfox | 7 | * new profiles: vym, darktable, Waterfox |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 7f82e2253..b22a4c651 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -987,12 +987,12 @@ int sandbox(void* sandbox_arg) { | |||
987 | if (app_pid == 0) { | 987 | if (app_pid == 0) { |
988 | #ifdef HAVE_APPARMOR | 988 | #ifdef HAVE_APPARMOR |
989 | if (arg_apparmor) { | 989 | if (arg_apparmor) { |
990 | int done = 0; | ||
990 | errno = 0; | 991 | errno = 0; |
991 | if (aa_change_onexec("firejail-default")) { | 992 | if (aa_change_onexec("firejail-default")) { |
992 | fprintf(stderr, "Error: cannot confine the application using AppArmor.\n"); | 993 | fwarning("Cannot confine the application using AppArmor.\n" |
993 | fprintf(stderr, "Maybe firejail-default AppArmor profile is not loaded into the kernel.\n"); | 994 | "Maybe firejail-default AppArmor profile is not loaded into the kernel.\n" |
994 | fprintf(stderr, "As root, run \"aa-enforce firejail-default\" to load it.\n"); | 995 | "As root, run \"aa-enforce firejail-default\" to load it.\n"); |
995 | exit(1); | ||
996 | } | 996 | } |
997 | else if (arg_debug) | 997 | else if (arg_debug) |
998 | printf("AppArmor enabled\n"); | 998 | printf("AppArmor enabled\n"); |