Merge pull request #6305 from kmk3/landlock-amend-empty

landlock: amend empty functions and comments
author: netblue30 <netblue30@protonmail.com> 2024-04-11 09:38:22 -0400
committer: GitHub <noreply@github.com> 2024-04-11 09:38:22 -0400
commit: 442a2f8f377ec159f3f2c1c667f25cf8fbc07b7e (patch)
tree: 819eab457f934430a05dc45bf34b65a25d41eb1e
parent: profiles: mov-cli: remove ffmpeg & allow more paths (#6304) (diff)
parent: landlock: amend empty functions and comments (diff)
download: firejail-442a2f8f377ec159f3f2c1c667f25cf8fbc07b7e.tar.gz
firejail-442a2f8f377ec159f3f2c1c667f25cf8fbc07b7e.tar.zst
firejail-442a2f8f377ec159f3f2c1c667f25cf8fbc07b7e.zip
3 files changed, 17 insertions, 5 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 4e018476e..b8ec4d474 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -966,10 +966,8 @@ void run_ids(int argc, char **argv);
 void oom_set(const char *oom_string);
 // landlock.c
-#ifdef HAVE_LANDLOCK
 int ll_get_fd(void);
 int ll_restrict(uint32_t flags);
 void ll_add_profile(int type, const char *data);
-#endif /* HAVE_LANDLOCK */
 #endif
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c
index 44d7eeafa..a360f155b 100644
--- a/src/firejail/landlock.c
+++ b/src/firejail/landlock.c
@@ -18,7 +18,6 @@
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
-#ifdef HAVE_LANDLOCK
 #include "firejail.h"
 #include <linux/landlock.h>
 #include <sys/prctl.h>
@@ -27,6 +26,8 @@
 #include <errno.h>
 #include <fcntl.h>
+#ifdef HAVE_LANDLOCK
 static int ll_ruleset_fd = -1;
 static int ll_abi = -1;
@@ -295,6 +296,17 @@ void ll_add_profile(int type, const char *data) {
 }
 #else
+int ll_get_fd(void) {
+        return -1;
+}
+int ll_restrict(uint32_t flags) {
+        (void) flags;
+        return 0;
+}
 void ll_add_profile(int type, const char *data) {
        (void) type;
        (void) data;
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 62767f8dc..4c6830250 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1074,8 +1074,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
        }
 //#ifdef HAVE_LANDLOCK
-// landlock_connon.inc included by derfault in landlock.profile
+// landlock-common.inc is included by default.profile, so the entries of the
-// all landlcok functions are empty in case landlock is not available in the kernel
+// former should be processed or ignored instead of aborting.
+// Note that all landlock functions are empty when building without landlock
+// support.
        if (strncmp(ptr, "landlock.enforce", 16) == 0) {
                arg_landlock_enforce = 1;
                return 0;
author	netblue30 <netblue30@protonmail.com>	2024-04-11 09:38:22 -0400
committer	GitHub <noreply@github.com>	2024-04-11 09:38:22 -0400
commit	442a2f8f377ec159f3f2c1c667f25cf8fbc07b7e (patch)
tree	819eab457f934430a05dc45bf34b65a25d41eb1e
parent	profiles: mov-cli: remove ffmpeg & allow more paths (#6304) (diff)
parent	landlock: amend empty functions and comments (diff)
download	firejail-442a2f8f377ec159f3f2c1c667f25cf8fbc07b7e.tar.gz firejail-442a2f8f377ec159f3f2c1c667f25cf8fbc07b7e.tar.zst firejail-442a2f8f377ec159f3f2c1c667f25cf8fbc07b7e.zip