simplify yes/no option parsing

author: Reiner Herrmann <reiner@reiner-h.de> 2019-02-05 19:59:52 +0100
committer: Reiner Herrmann <reiner@reiner-h.de> 2019-02-05 19:59:52 +0100
commit: a18be1a612505530e097faf14678088d5da748b7 (patch)
tree: 1dec094f455af80d0e8c7fd59a8a6539a375c069
parent: profiles: grant zoom access to its configuration (diff)
download: firejail-a18be1a612505530e097faf14678088d5da748b7.tar.gz
firejail-a18be1a612505530e097faf14678088d5da748b7.tar.zst
firejail-a18be1a612505530e097faf14678088d5da748b7.zip
1 files changed, 38 insertions, 230 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 0a3c5dd08..167bd591d 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -71,164 +71,48 @@ int checkcfg(int val) {
                        if (*buf == '#' || *buf == '\n')
                                continue;
+#define PARSE_YESNO(key, string) \
+                        else if (strncmp(ptr, string " ", strlen(string)+1) == 0) { \
+                                if (strcmp(ptr + strlen(string) + 1, "yes") == 0) \
+                                        cfg_val[key] = 1; \
+                                else if (strcmp(ptr + strlen(string) + 1, "no") == 0) \
+                                        cfg_val[key] = 0; \
+                                else \
+                                        goto errout; \
+                        }
                        // parse line
                        ptr = line_remove_spaces(buf);
                        if (!ptr)
                                continue;
+                        PARSE_YESNO(CFG_FILE_TRANSFER, "file-transfer")
+                        PARSE_YESNO(CFG_DBUS, "dbus")
+                        PARSE_YESNO(CFG_JOIN, "join")
+                        PARSE_YESNO(CFG_X11, "x11")
+                        PARSE_YESNO(CFG_APPARMOR, "apparmor")
+                        PARSE_YESNO(CFG_BIND, "bind")
+                        PARSE_YESNO(CFG_CGROUP, "cgroup")
+                        PARSE_YESNO(CFG_NAME_CHANGE, "name-change")
+                        PARSE_YESNO(CFG_USERNS, "userns")
+                        PARSE_YESNO(CFG_CHROOT, "chroot")
+                        PARSE_YESNO(CFG_FIREJAIL_PROMPT, "firejail-prompt")
+                        PARSE_YESNO(CFG_FOLLOW_SYMLINK_AS_USER, "follow-symlink-as-user")
+                        PARSE_YESNO(CFG_FORCE_NONEWPRIVS, "force-nonewprivs")
+                        PARSE_YESNO(CFG_SECCOMP, "seccomp")
+                        PARSE_YESNO(CFG_WHITELIST, "whitelist")
+                        PARSE_YESNO(CFG_NETWORK, "network")
+                        PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network")
+                        PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title")
+                        PARSE_YESNO(CFG_OVERLAYFS, "overlayfs")
+                        PARSE_YESNO(CFG_PRIVATE_HOME, "private-home")
+                        PARSE_YESNO(CFG_PRIVATE_CACHE, "private-cache")
+                        PARSE_YESNO(CFG_PRIVATE_LIB, "private-lib")
+                        PARSE_YESNO(CFG_PRIVATE_BIN_NO_LOCAL, "private-bin-no-local")
+                        PARSE_YESNO(CFG_DISABLE_MNT, "disable-mnt")
+                        PARSE_YESNO(CFG_XPRA_ATTACH, "xpra-attach")
+                        PARSE_YESNO(CFG_BROWSER_DISABLE_U2F, "browser-disable-u2f")
+#undef PARSE_YESNO
-                        // file transfer
-                        else if (strncmp(ptr, "file-transfer ", 14) == 0) {
-                                if (strcmp(ptr + 14, "yes") == 0)
-                                        cfg_val[CFG_FILE_TRANSFER] = 1;
-                                else if (strcmp(ptr + 14, "no") == 0)
-                                        cfg_val[CFG_FILE_TRANSFER] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // dbus
-                        else if (strncmp(ptr, "dbus ", 5) == 0) {
-                                if (strcmp(ptr + 5, "yes") == 0)
-                                        cfg_val[CFG_DBUS] = 1;
-                                else if (strcmp(ptr + 5, "no") == 0)
-                                        cfg_val[CFG_DBUS] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // join
-                        else if (strncmp(ptr, "join ", 5) == 0) {
-                                if (strcmp(ptr + 5, "yes") == 0)
-                                        cfg_val[CFG_JOIN] = 1;
-                                else if (strcmp(ptr + 5, "no") == 0)
-                                        cfg_val[CFG_JOIN] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // x11
-                        else if (strncmp(ptr, "x11 ", 4) == 0) {
-                                if (strcmp(ptr + 4, "yes") == 0)
-                                        cfg_val[CFG_X11] = 1;
-                                else if (strcmp(ptr + 4, "no") == 0)
-                                        cfg_val[CFG_X11] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // apparmor
-                        else if (strncmp(ptr, "apparmor ", 9) == 0) {
-                                if (strcmp(ptr + 9, "yes") == 0)
-                                        cfg_val[CFG_APPARMOR] = 1;
-                                else if (strcmp(ptr + 9, "no") == 0)
-                                        cfg_val[CFG_APPARMOR] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // bind
-                        else if (strncmp(ptr, "bind ", 5) == 0) {
-                                if (strcmp(ptr + 5, "yes") == 0)
-                                        cfg_val[CFG_BIND] = 1;
-                                else if (strcmp(ptr + 5, "no") == 0)
-                                        cfg_val[CFG_BIND] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // cgroup
-                        else if (strncmp(ptr, "cgroup ", 7) == 0) {
-                                if (strcmp(ptr + 7, "yes") == 0)
-                                        cfg_val[CFG_CGROUP] = 1;
-                                else if (strcmp(ptr + 7, "no") == 0)
-                                        cfg_val[CFG_CGROUP] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // name change
-                        else if (strncmp(ptr, "name-change ", 12) == 0) {
-                                if (strcmp(ptr + 12, "yes") == 0)
-                                        cfg_val[CFG_NAME_CHANGE] = 1;
-                                else if (strcmp(ptr + 12, "no") == 0)
-                                        cfg_val[CFG_NAME_CHANGE] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // user namespace
-                        else if (strncmp(ptr, "userns ", 7) == 0) {
-                                if (strcmp(ptr + 7, "yes") == 0)
-                                        cfg_val[CFG_USERNS] = 1;
-                                else if (strcmp(ptr + 7, "no") == 0)
-                                        cfg_val[CFG_USERNS] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // chroot
-                        else if (strncmp(ptr, "chroot ", 7) == 0) {
-                                if (strcmp(ptr + 7, "yes") == 0)
-                                        cfg_val[CFG_CHROOT] = 1;
-                                else if (strcmp(ptr + 7, "no") == 0)
-                                        cfg_val[CFG_CHROOT] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // prompt
-                        else if (strncmp(ptr, "firejail-prompt ", 16) == 0) {
-                                if (strcmp(ptr + 16, "yes") == 0)
-                                        cfg_val[CFG_FIREJAIL_PROMPT] = 1;
-                                else if (strcmp(ptr + 16, "no") == 0)
-                                        cfg_val[CFG_FIREJAIL_PROMPT] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // follow symlink as user
-                        else if (strncmp(ptr, "follow-symlink-as-user ", 23) == 0) {
-                                if (strcmp(ptr + 23, "yes") == 0)
-                                        cfg_val[CFG_FOLLOW_SYMLINK_AS_USER] = 1;
-                                else if (strcmp(ptr + 23, "no") == 0)
-                                        cfg_val[CFG_FOLLOW_SYMLINK_AS_USER] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // nonewprivs
-                        else if (strncmp(ptr, "force-nonewprivs ", 17) == 0) {
-                                if (strcmp(ptr + 17, "yes") == 0)
-                                        cfg_val[CFG_FORCE_NONEWPRIVS] = 1;
-                                else if (strcmp(ptr + 17, "no") == 0)
-                                        cfg_val[CFG_FORCE_NONEWPRIVS] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // seccomp
-                        else if (strncmp(ptr, "seccomp ", 8) == 0) {
-                                if (strcmp(ptr + 8, "yes") == 0)
-                                        cfg_val[CFG_SECCOMP] = 1;
-                                else if (strcmp(ptr + 8, "no") == 0)
-                                        cfg_val[CFG_SECCOMP] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // whitelist
-                        else if (strncmp(ptr, "whitelist ", 10) == 0) {
-                                if (strcmp(ptr + 10, "yes") == 0)
-                                        cfg_val[CFG_WHITELIST] = 1;
-                                else if (strcmp(ptr + 10, "no") == 0)
-                                        cfg_val[CFG_WHITELIST] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // network
-                        else if (strncmp(ptr, "network ", 8) == 0) {
-                                if (strcmp(ptr + 8, "yes") == 0)
-                                        cfg_val[CFG_NETWORK] = 1;
-                                else if (strcmp(ptr + 8, "no") == 0)
-                                        cfg_val[CFG_NETWORK] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // network
-                        else if (strncmp(ptr, "restricted-network ", 19) == 0) {
-                                if (strcmp(ptr + 19, "yes") == 0)
-                                        cfg_val[CFG_RESTRICTED_NETWORK] = 1;
-                                else if (strcmp(ptr + 19, "no") == 0)
-                                        cfg_val[CFG_RESTRICTED_NETWORK] = 0;
-                                else
-                                        goto errout;
-                        }
                        // netfilter
                        else if (strncmp(ptr, "netfilter-default ", 18) == 0) {
                                char *fname = ptr + 18;
@@ -266,16 +150,6 @@ int checkcfg(int val) {
                                        errExit("asprintf");
                        }
-                        // xephyr window title
-                        else if (strncmp(ptr, "xephyr-window-title ", 20) == 0) {
-                                if (strcmp(ptr + 20, "yes") == 0)
-                                        cfg_val[CFG_XEPHYR_WINDOW_TITLE] = 1;
-                                else if (strcmp(ptr + 20, "no") == 0)
-                                        cfg_val[CFG_XEPHYR_WINDOW_TITLE] = 0;
-                                else
-                                        goto errout;
-                        }
                        // Xephyr command extra parameters
                        else if (strncmp(ptr, "xephyr-extra-params ", 20) == 0) {
                                if (*xephyr_extra_params != '\0')
@@ -295,7 +169,7 @@ int checkcfg(int val) {
                        }
                        // Xvfb screen size
-                                else if (strncmp(ptr, "xvfb-screen ", 12) == 0) {
+                        else if (strncmp(ptr, "xvfb-screen ", 12) == 0) {
                                // expecting three numbers separated by x's
                                unsigned int n1;
                                unsigned int n2;
@@ -325,54 +199,6 @@ int checkcfg(int val) {
                                else
                                        goto errout;
                        }
-                        else if (strncmp(ptr, "overlayfs ", 10) == 0) {
-                                if (strcmp(ptr + 10, "yes") == 0)
-                                        cfg_val[CFG_OVERLAYFS] = 1;
-                                else if (strcmp(ptr + 10, "no") == 0)
-                                        cfg_val[CFG_OVERLAYFS] = 0;
-                                else
-                                        goto errout;
-                        }
-                        else if (strncmp(ptr, "private-home ", 13) == 0) {
-                                if (strcmp(ptr + 13, "yes") == 0)
-                                        cfg_val[CFG_PRIVATE_HOME] = 1;
-                                else if (strcmp(ptr + 13, "no") == 0)
-                                        cfg_val[CFG_PRIVATE_HOME] = 0;
-                                else
-                                        goto errout;
-                        }
-                        else if (strncmp(ptr, "private-cache ", 14) == 0) {
-                                if (strcmp(ptr + 14, "yes") == 0)
-                                        cfg_val[CFG_PRIVATE_CACHE] = 1;
-                                else if (strcmp(ptr + 14, "no") == 0)
-                                        cfg_val[CFG_PRIVATE_CACHE] = 0;
-                                else
-                                        goto errout;
-                        }
-                        else if (strncmp(ptr, "private-lib ", 12) == 0) {
-                                if (strcmp(ptr + 12, "yes") == 0)
-                                        cfg_val[CFG_PRIVATE_LIB] = 1;
-                                else if (strcmp(ptr + 12, "no") == 0)
-                                        cfg_val[CFG_PRIVATE_LIB] = 0;
-                                else
-                                        goto errout;
-                        }
-                        else if (strncmp(ptr, "private-bin-no-local ", 21) == 0) {
-                                if (strcmp(ptr + 21, "yes") == 0)
-                                        cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 1;
-                                else if (strcmp(ptr + 21, "no") == 0)
-                                        cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0;
-                                else
-                                        goto errout;
-                        }
-                        else if (strncmp(ptr, "disable-mnt ", 12) == 0) {
-                                if (strcmp(ptr + 12, "yes") == 0)
-                                        cfg_val[CFG_DISABLE_MNT] = 1;
-                                else if (strcmp(ptr + 12, "no") == 0)
-                                        cfg_val[CFG_DISABLE_MNT] = 0;
-                                else
-                                        goto errout;
-                        }
                        // arp probes
                        else if (strncmp(ptr, "arp-probes ", 11) == 0) {
                                int arp_probes = atoi(ptr + 11);
@@ -380,24 +206,6 @@ int checkcfg(int val) {
                                        goto errout;
                                cfg_val[CFG_ARP_PROBES] = arp_probes;
                        }
-                        // xpra-attach
-                        else if (strncmp(ptr, "xpra-attach ", 12) == 0) {
-                                if (strcmp(ptr + 12, "yes") == 0)
-                                        cfg_val[CFG_XPRA_ATTACH] = 1;
-                                else if (strcmp(ptr + 12, "no") == 0)
-                                        cfg_val[CFG_XPRA_ATTACH] = 0;
-                                else
-                                        goto errout;
-                        }
-                        // browser-disable-u2f
-                        else if (strncmp(ptr, "browser-disable-u2f ", 20) == 0) {
-                                if (strcmp(ptr + 20, "yes") == 0)
-                                        cfg_val[CFG_BROWSER_DISABLE_U2F] = 1;
-                                else if (strcmp(ptr + 20, "no") == 0)
-                                        cfg_val[CFG_BROWSER_DISABLE_U2F] = 0;
-                                else
-                                        goto errout;
-                        }
                        else
                                goto errout;
author	Reiner Herrmann <reiner@reiner-h.de>	2019-02-05 19:59:52 +0100
committer	Reiner Herrmann <reiner@reiner-h.de>	2019-02-05 19:59:52 +0100
commit	a18be1a612505530e097faf14678088d5da748b7 (patch)
tree	1dec094f455af80d0e8c7fd59a8a6539a375c069
parent	profiles: grant zoom access to its configuration (diff)
download	firejail-a18be1a612505530e097faf14678088d5da748b7.tar.gz firejail-a18be1a612505530e097faf14678088d5da748b7.tar.zst firejail-a18be1a612505530e097faf14678088d5da748b7.zip

diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 0a3c5dd08..167bd591d 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c
@@ -71,164 +71,48 @@ int checkcfg(int val) {
71	if (buf == '#' \|\| buf == '\n')	71	if (buf == '#' \|\| buf == '\n')
72	continue;	72	continue;
73		73
		74	#define PARSE_YESNO(key, string) \
		75	else if (strncmp(ptr, string " ", strlen(string)+1) == 0) { \
		76	if (strcmp(ptr + strlen(string) + 1, "yes") == 0) \
		77	cfg_val[key] = 1; \
		78	else if (strcmp(ptr + strlen(string) + 1, "no") == 0) \
		79	cfg_val[key] = 0; \
		80	else \
		81	goto errout; \
		82	}
		83
74	// parse line	84	// parse line
75	ptr = line_remove_spaces(buf);	85	ptr = line_remove_spaces(buf);
76	if (!ptr)	86	if (!ptr)
77	continue;	87	continue;
		88	PARSE_YESNO(CFG_FILE_TRANSFER, "file-transfer")
		89	PARSE_YESNO(CFG_DBUS, "dbus")
		90	PARSE_YESNO(CFG_JOIN, "join")
		91	PARSE_YESNO(CFG_X11, "x11")
		92	PARSE_YESNO(CFG_APPARMOR, "apparmor")
		93	PARSE_YESNO(CFG_BIND, "bind")
		94	PARSE_YESNO(CFG_CGROUP, "cgroup")
		95	PARSE_YESNO(CFG_NAME_CHANGE, "name-change")
		96	PARSE_YESNO(CFG_USERNS, "userns")
		97	PARSE_YESNO(CFG_CHROOT, "chroot")
		98	PARSE_YESNO(CFG_FIREJAIL_PROMPT, "firejail-prompt")
		99	PARSE_YESNO(CFG_FOLLOW_SYMLINK_AS_USER, "follow-symlink-as-user")
		100	PARSE_YESNO(CFG_FORCE_NONEWPRIVS, "force-nonewprivs")
		101	PARSE_YESNO(CFG_SECCOMP, "seccomp")
		102	PARSE_YESNO(CFG_WHITELIST, "whitelist")
		103	PARSE_YESNO(CFG_NETWORK, "network")
		104	PARSE_YESNO(CFG_RESTRICTED_NETWORK, "restricted-network")
		105	PARSE_YESNO(CFG_XEPHYR_WINDOW_TITLE, "xephyr-window-title")
		106	PARSE_YESNO(CFG_OVERLAYFS, "overlayfs")
		107	PARSE_YESNO(CFG_PRIVATE_HOME, "private-home")
		108	PARSE_YESNO(CFG_PRIVATE_CACHE, "private-cache")
		109	PARSE_YESNO(CFG_PRIVATE_LIB, "private-lib")
		110	PARSE_YESNO(CFG_PRIVATE_BIN_NO_LOCAL, "private-bin-no-local")
		111	PARSE_YESNO(CFG_DISABLE_MNT, "disable-mnt")
		112	PARSE_YESNO(CFG_XPRA_ATTACH, "xpra-attach")
		113	PARSE_YESNO(CFG_BROWSER_DISABLE_U2F, "browser-disable-u2f")
		114	#undef PARSE_YESNO
78		115
79	// file transfer
80	else if (strncmp(ptr, "file-transfer ", 14) == 0) {
81	if (strcmp(ptr + 14, "yes") == 0)
82	cfg_val[CFG_FILE_TRANSFER] = 1;
83	else if (strcmp(ptr + 14, "no") == 0)
84	cfg_val[CFG_FILE_TRANSFER] = 0;
85	else
86	goto errout;
87	}
88	// dbus
89	else if (strncmp(ptr, "dbus ", 5) == 0) {
90	if (strcmp(ptr + 5, "yes") == 0)
91	cfg_val[CFG_DBUS] = 1;
92	else if (strcmp(ptr + 5, "no") == 0)
93	cfg_val[CFG_DBUS] = 0;
94	else
95	goto errout;
96	}
97	// join
98	else if (strncmp(ptr, "join ", 5) == 0) {
99	if (strcmp(ptr + 5, "yes") == 0)
100	cfg_val[CFG_JOIN] = 1;
101	else if (strcmp(ptr + 5, "no") == 0)
102	cfg_val[CFG_JOIN] = 0;
103	else
104	goto errout;
105	}
106	// x11
107	else if (strncmp(ptr, "x11 ", 4) == 0) {
108	if (strcmp(ptr + 4, "yes") == 0)
109	cfg_val[CFG_X11] = 1;
110	else if (strcmp(ptr + 4, "no") == 0)
111	cfg_val[CFG_X11] = 0;
112	else
113	goto errout;
114	}
115	// apparmor
116	else if (strncmp(ptr, "apparmor ", 9) == 0) {
117	if (strcmp(ptr + 9, "yes") == 0)
118	cfg_val[CFG_APPARMOR] = 1;
119	else if (strcmp(ptr + 9, "no") == 0)
120	cfg_val[CFG_APPARMOR] = 0;
121	else
122	goto errout;
123	}
124	// bind
125	else if (strncmp(ptr, "bind ", 5) == 0) {
126	if (strcmp(ptr + 5, "yes") == 0)
127	cfg_val[CFG_BIND] = 1;
128	else if (strcmp(ptr + 5, "no") == 0)
129	cfg_val[CFG_BIND] = 0;
130	else
131	goto errout;
132	}
133	// cgroup
134	else if (strncmp(ptr, "cgroup ", 7) == 0) {
135	if (strcmp(ptr + 7, "yes") == 0)
136	cfg_val[CFG_CGROUP] = 1;
137	else if (strcmp(ptr + 7, "no") == 0)
138	cfg_val[CFG_CGROUP] = 0;
139	else
140	goto errout;
141	}
142	// name change
143	else if (strncmp(ptr, "name-change ", 12) == 0) {
144	if (strcmp(ptr + 12, "yes") == 0)
145	cfg_val[CFG_NAME_CHANGE] = 1;
146	else if (strcmp(ptr + 12, "no") == 0)
147	cfg_val[CFG_NAME_CHANGE] = 0;
148	else
149	goto errout;
150	}
151	// user namespace
152	else if (strncmp(ptr, "userns ", 7) == 0) {
153	if (strcmp(ptr + 7, "yes") == 0)
154	cfg_val[CFG_USERNS] = 1;
155	else if (strcmp(ptr + 7, "no") == 0)
156	cfg_val[CFG_USERNS] = 0;
157	else
158	goto errout;
159	}
160	// chroot
161	else if (strncmp(ptr, "chroot ", 7) == 0) {
162	if (strcmp(ptr + 7, "yes") == 0)
163	cfg_val[CFG_CHROOT] = 1;
164	else if (strcmp(ptr + 7, "no") == 0)
165	cfg_val[CFG_CHROOT] = 0;
166	else
167	goto errout;
168	}
169	// prompt
170	else if (strncmp(ptr, "firejail-prompt ", 16) == 0) {
171	if (strcmp(ptr + 16, "yes") == 0)
172	cfg_val[CFG_FIREJAIL_PROMPT] = 1;
173	else if (strcmp(ptr + 16, "no") == 0)
174	cfg_val[CFG_FIREJAIL_PROMPT] = 0;
175	else
176	goto errout;
177	}
178	// follow symlink as user
179	else if (strncmp(ptr, "follow-symlink-as-user ", 23) == 0) {
180	if (strcmp(ptr + 23, "yes") == 0)
181	cfg_val[CFG_FOLLOW_SYMLINK_AS_USER] = 1;
182	else if (strcmp(ptr + 23, "no") == 0)
183	cfg_val[CFG_FOLLOW_SYMLINK_AS_USER] = 0;
184	else
185	goto errout;
186	}
187	// nonewprivs
188	else if (strncmp(ptr, "force-nonewprivs ", 17) == 0) {
189	if (strcmp(ptr + 17, "yes") == 0)
190	cfg_val[CFG_FORCE_NONEWPRIVS] = 1;
191	else if (strcmp(ptr + 17, "no") == 0)
192	cfg_val[CFG_FORCE_NONEWPRIVS] = 0;
193	else
194	goto errout;
195	}
196	// seccomp
197	else if (strncmp(ptr, "seccomp ", 8) == 0) {
198	if (strcmp(ptr + 8, "yes") == 0)
199	cfg_val[CFG_SECCOMP] = 1;
200	else if (strcmp(ptr + 8, "no") == 0)
201	cfg_val[CFG_SECCOMP] = 0;
202	else
203	goto errout;
204	}
205	// whitelist
206	else if (strncmp(ptr, "whitelist ", 10) == 0) {
207	if (strcmp(ptr + 10, "yes") == 0)
208	cfg_val[CFG_WHITELIST] = 1;
209	else if (strcmp(ptr + 10, "no") == 0)
210	cfg_val[CFG_WHITELIST] = 0;
211	else
212	goto errout;
213	}
214	// network
215	else if (strncmp(ptr, "network ", 8) == 0) {
216	if (strcmp(ptr + 8, "yes") == 0)
217	cfg_val[CFG_NETWORK] = 1;
218	else if (strcmp(ptr + 8, "no") == 0)
219	cfg_val[CFG_NETWORK] = 0;
220	else
221	goto errout;
222	}
223	// network
224	else if (strncmp(ptr, "restricted-network ", 19) == 0) {
225	if (strcmp(ptr + 19, "yes") == 0)
226	cfg_val[CFG_RESTRICTED_NETWORK] = 1;
227	else if (strcmp(ptr + 19, "no") == 0)
228	cfg_val[CFG_RESTRICTED_NETWORK] = 0;
229	else
230	goto errout;
231	}
232	// netfilter	116	// netfilter
233	else if (strncmp(ptr, "netfilter-default ", 18) == 0) {	117	else if (strncmp(ptr, "netfilter-default ", 18) == 0) {
234	char *fname = ptr + 18;	118	char *fname = ptr + 18;
@@ -266,16 +150,6 @@ int checkcfg(int val) {
266	errExit("asprintf");	150	errExit("asprintf");
267	}	151	}
268		152
269	// xephyr window title
270	else if (strncmp(ptr, "xephyr-window-title ", 20) == 0) {
271	if (strcmp(ptr + 20, "yes") == 0)
272	cfg_val[CFG_XEPHYR_WINDOW_TITLE] = 1;
273	else if (strcmp(ptr + 20, "no") == 0)
274	cfg_val[CFG_XEPHYR_WINDOW_TITLE] = 0;
275	else
276	goto errout;
277	}
278
279	// Xephyr command extra parameters	153	// Xephyr command extra parameters
280	else if (strncmp(ptr, "xephyr-extra-params ", 20) == 0) {	154	else if (strncmp(ptr, "xephyr-extra-params ", 20) == 0) {
281	if (*xephyr_extra_params != '\0')	155	if (*xephyr_extra_params != '\0')
@@ -295,7 +169,7 @@ int checkcfg(int val) {
295	}	169	}
296		170
297	// Xvfb screen size	171	// Xvfb screen size
298	else if (strncmp(ptr, "xvfb-screen ", 12) == 0) {	172	else if (strncmp(ptr, "xvfb-screen ", 12) == 0) {
299	// expecting three numbers separated by x's	173	// expecting three numbers separated by x's
300	unsigned int n1;	174	unsigned int n1;
301	unsigned int n2;	175	unsigned int n2;
@@ -325,54 +199,6 @@ int checkcfg(int val) {
325	else	199	else
326	goto errout;	200	goto errout;
327	}	201	}
328	else if (strncmp(ptr, "overlayfs ", 10) == 0) {
329	if (strcmp(ptr + 10, "yes") == 0)
330	cfg_val[CFG_OVERLAYFS] = 1;
331	else if (strcmp(ptr + 10, "no") == 0)
332	cfg_val[CFG_OVERLAYFS] = 0;
333	else
334	goto errout;
335	}
336	else if (strncmp(ptr, "private-home ", 13) == 0) {
337	if (strcmp(ptr + 13, "yes") == 0)
338	cfg_val[CFG_PRIVATE_HOME] = 1;
339	else if (strcmp(ptr + 13, "no") == 0)
340	cfg_val[CFG_PRIVATE_HOME] = 0;
341	else
342	goto errout;
343	}
344	else if (strncmp(ptr, "private-cache ", 14) == 0) {
345	if (strcmp(ptr + 14, "yes") == 0)
346	cfg_val[CFG_PRIVATE_CACHE] = 1;
347	else if (strcmp(ptr + 14, "no") == 0)
348	cfg_val[CFG_PRIVATE_CACHE] = 0;
349	else
350	goto errout;
351	}
352	else if (strncmp(ptr, "private-lib ", 12) == 0) {
353	if (strcmp(ptr + 12, "yes") == 0)
354	cfg_val[CFG_PRIVATE_LIB] = 1;
355	else if (strcmp(ptr + 12, "no") == 0)
356	cfg_val[CFG_PRIVATE_LIB] = 0;
357	else
358	goto errout;
359	}
360	else if (strncmp(ptr, "private-bin-no-local ", 21) == 0) {
361	if (strcmp(ptr + 21, "yes") == 0)
362	cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 1;
363	else if (strcmp(ptr + 21, "no") == 0)
364	cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0;
365	else
366	goto errout;
367	}
368	else if (strncmp(ptr, "disable-mnt ", 12) == 0) {
369	if (strcmp(ptr + 12, "yes") == 0)
370	cfg_val[CFG_DISABLE_MNT] = 1;
371	else if (strcmp(ptr + 12, "no") == 0)
372	cfg_val[CFG_DISABLE_MNT] = 0;
373	else
374	goto errout;
375	}
376	// arp probes	202	// arp probes
377	else if (strncmp(ptr, "arp-probes ", 11) == 0) {	203	else if (strncmp(ptr, "arp-probes ", 11) == 0) {
378	int arp_probes = atoi(ptr + 11);	204	int arp_probes = atoi(ptr + 11);
@@ -380,24 +206,6 @@ int checkcfg(int val) {
380	goto errout;	206	goto errout;
381	cfg_val[CFG_ARP_PROBES] = arp_probes;	207	cfg_val[CFG_ARP_PROBES] = arp_probes;
382	}	208	}
383	// xpra-attach
384	else if (strncmp(ptr, "xpra-attach ", 12) == 0) {
385	if (strcmp(ptr + 12, "yes") == 0)
386	cfg_val[CFG_XPRA_ATTACH] = 1;
387	else if (strcmp(ptr + 12, "no") == 0)
388	cfg_val[CFG_XPRA_ATTACH] = 0;
389	else
390	goto errout;
391	}
392	// browser-disable-u2f
393	else if (strncmp(ptr, "browser-disable-u2f ", 20) == 0) {
394	if (strcmp(ptr + 20, "yes") == 0)
395	cfg_val[CFG_BROWSER_DISABLE_U2F] = 1;
396	else if (strcmp(ptr + 20, "no") == 0)
397	cfg_val[CFG_BROWSER_DISABLE_U2F] = 0;
398	else
399	goto errout;
400	}
401	else	209	else
402	goto errout;	210	goto errout;
403		211