AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile

2 files changed, 6 insertions, 4 deletions

diff --git a/RELNOTES b/RELNOTES
index 24e340e01..7fb5dea64 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,5 +1,7 @@
 firejail (0.9.47) baseline; urgency=low
   * work in progress
+  * modifs: AppArmor made optional; a warning is printed on the screen
+    if the sandbox fails to load the AppArmor profile
   * added /etc/firejail/globals.local for global customizations
   * whitelisted Transmission, Deluge, qBitTorrent, KTorrent
   * new profiles: vym, darktable, Waterfox
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 7f82e2253..b22a4c651 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -987,12 +987,12 @@ int sandbox(void* sandbox_arg) {
         if (app_pid == 0) {
 #ifdef HAVE_APPARMOR
                 if (arg_apparmor) {
+                        int done = 0;
                         errno = 0;
                         if (aa_change_onexec("firejail-default")) {
-                                fprintf(stderr, "Error: cannot confine the application using AppArmor.\n");
-                                fprintf(stderr, "Maybe firejail-default AppArmor profile is not loaded into the kernel.\n");
-                                fprintf(stderr, "As root, run \"aa-enforce firejail-default\" to load it.\n");
-                                exit(1);
+                                fwarning("Cannot confine the application using AppArmor.\n"
+                                        "Maybe firejail-default AppArmor profile is not loaded into the kernel.\n"
+                                        "As root, run \"aa-enforce firejail-default\" to load it.\n");
                         }
                         else if (arg_debug)
                                 printf("AppArmor enabled\n");