diff options
author | netblue30 <netblue30@yahoo.com> | 2020-04-05 09:57:34 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-04-05 09:57:34 -0400 |
commit | 0dc883bfcb1e4c2bfec41bef4f7a4001e6aa983d (patch) | |
tree | e527e7b2e802ad7e5d6ea577c417f99d74863ec9 | |
parent | fixing my previous commit (diff) | |
download | firejail-0dc883bfcb1e4c2bfec41bef4f7a4001e6aa983d.tar.gz firejail-0dc883bfcb1e4c2bfec41bef4f7a4001e6aa983d.tar.zst firejail-0dc883bfcb1e4c2bfec41bef4f7a4001e6aa983d.zip |
compile cleanup
-rw-r--r-- | src/firejail/main.c | 10 | ||||
-rw-r--r-- | src/firejail/seccomp.c | 4 | ||||
-rw-r--r-- | src/fsec-print/main.c | 8 | ||||
-rwxr-xr-x | test/compile/compile.sh | 19 |
4 files changed, 35 insertions, 6 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 922ba2edb..d550e8df9 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -966,8 +966,15 @@ static void run_builder(int argc, char **argv) { | |||
966 | exit(1); | 966 | exit(1); |
967 | } | 967 | } |
968 | 968 | ||
969 | void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) {} | 969 | void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) { |
970 | (void) fd; | ||
971 | (void) syscall; | ||
972 | (void) arg; | ||
973 | (void) ptrarg; | ||
974 | (void) native; | ||
975 | } | ||
970 | 976 | ||
977 | #ifdef HAVE_SECCOMP | ||
971 | static int check_postexec(const char *list) { | 978 | static int check_postexec(const char *list) { |
972 | char *prelist, *postlist; | 979 | char *prelist, *postlist; |
973 | 980 | ||
@@ -978,6 +985,7 @@ static int check_postexec(const char *list) { | |||
978 | } | 985 | } |
979 | return 0; | 986 | return 0; |
980 | } | 987 | } |
988 | #endif | ||
981 | 989 | ||
982 | //******************************************* | 990 | //******************************************* |
983 | // Main program | 991 | // Main program |
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index b0a48591e..612ece85d 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -324,14 +324,12 @@ int seccomp_filter_keep(bool native) { | |||
324 | if (arg_debug) | 324 | if (arg_debug) |
325 | printf("Build keep seccomp filter\n"); | 325 | printf("Build keep seccomp filter\n"); |
326 | 326 | ||
327 | const char *command, *filter, *postexec_filter, *list; | 327 | const char *filter, *postexec_filter, *list; |
328 | if (native) { | 328 | if (native) { |
329 | command = "keep"; | ||
330 | filter = RUN_SECCOMP_CFG; | 329 | filter = RUN_SECCOMP_CFG; |
331 | postexec_filter = RUN_SECCOMP_POSTEXEC; | 330 | postexec_filter = RUN_SECCOMP_POSTEXEC; |
332 | list = cfg.seccomp_list_keep; | 331 | list = cfg.seccomp_list_keep; |
333 | } else { | 332 | } else { |
334 | command = "keep32"; | ||
335 | filter = RUN_SECCOMP_32; | 333 | filter = RUN_SECCOMP_32; |
336 | postexec_filter = RUN_SECCOMP_POSTEXEC_32; | 334 | postexec_filter = RUN_SECCOMP_POSTEXEC_32; |
337 | list = cfg.seccomp_list_keep32; | 335 | list = cfg.seccomp_list_keep32; |
diff --git a/src/fsec-print/main.c b/src/fsec-print/main.c index 7bb4fd0cd..8b7c68434 100644 --- a/src/fsec-print/main.c +++ b/src/fsec-print/main.c | |||
@@ -25,7 +25,13 @@ static void usage(void) { | |||
25 | } | 25 | } |
26 | 26 | ||
27 | int arg_quiet = 0; | 27 | int arg_quiet = 0; |
28 | void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) {} | 28 | void filter_add_errno(int fd, int syscall, int arg, void *ptrarg, bool native) { |
29 | (void) fd; | ||
30 | (void) syscall; | ||
31 | (void) arg; | ||
32 | (void) ptrarg; | ||
33 | (void) native; | ||
34 | } | ||
29 | 35 | ||
30 | int main(int argc, char **argv) { | 36 | int main(int argc, char **argv) { |
31 | #if 0 | 37 | #if 0 |
diff --git a/test/compile/compile.sh b/test/compile/compile.sh index ccf37dc40..2f9e0ece6 100755 --- a/test/compile/compile.sh +++ b/test/compile/compile.sh | |||
@@ -10,7 +10,7 @@ arr[4]="TEST 4: compile firetunnel disabled" | |||
10 | arr[5]="TEST 5: compile user namespace disabled" | 10 | arr[5]="TEST 5: compile user namespace disabled" |
11 | arr[6]="TEST 6: compile network disabled" | 11 | arr[6]="TEST 6: compile network disabled" |
12 | arr[7]="TEST 7: compile X11 disabled" | 12 | arr[7]="TEST 7: compile X11 disabled" |
13 | arr[8]="deprecated: TEST 8: compile network restricted" | 13 | arr[8]="TEST 8: compile selinux" |
14 | arr[9]="TEST 9: compile file transfer disabled" | 14 | arr[9]="TEST 9: compile file transfer disabled" |
15 | arr[10]="TEST 10: compile disable whitelist" | 15 | arr[10]="TEST 10: compile disable whitelist" |
16 | arr[11]="TEST 11: compile disable global config" | 16 | arr[11]="TEST 11: compile disable global config" |
@@ -183,6 +183,23 @@ cp output-configure oc7 | |||
183 | cp output-make om7 | 183 | cp output-make om7 |
184 | rm output-configure output-make | 184 | rm output-configure output-make |
185 | 185 | ||
186 | #***************************************************************** | ||
187 | # TEST 8 | ||
188 | #***************************************************************** | ||
189 | # - enable selinux | ||
190 | #***************************************************************** | ||
191 | print_title "${arr[8]}" | ||
192 | # seccomp | ||
193 | cd firejail | ||
194 | make distclean | ||
195 | ./configure --prefix=/usr --enable-selinux --enable-fatal-warnings 2>&1 | tee ../output-configure | ||
196 | make -j4 2>&1 | tee ../output-make | ||
197 | cd .. | ||
198 | grep Warning output-configure output-make > ./report-test8 | ||
199 | grep Error output-configure output-make >> ./report-test8 | ||
200 | cp output-configure oc8 | ||
201 | cp output-make om8 | ||
202 | rm output-configure output-make | ||
186 | 203 | ||
187 | #***************************************************************** | 204 | #***************************************************************** |
188 | # TEST 9 | 205 | # TEST 9 |