landlock fix for old kernel versions

2 files changed, 10 insertions, 2 deletions

diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c
index 453ad8f10..44d7eeafa 100644
--- a/src/firejail/landlock.c
+++ b/src/firejail/landlock.c
@@ -294,4 +294,10 @@ void ll_add_profile(int type, const char *data) {
         ptr->next = entry;
 }
 
+#else
+void ll_add_profile(int type, const char *data) {
+        (void) type;
+        (void) data;
+}
+
 #endif /* HAVE_LANDLOCK */
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 4e0b17a8c..62767f8dc 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1073,7 +1073,9 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 return 0;
         }
 
-#ifdef HAVE_LANDLOCK
+//#ifdef HAVE_LANDLOCK
+// landlock_connon.inc included by derfault in landlock.profile
+// all landlcok functions are empty in case landlock is not available in the kernel
         if (strncmp(ptr, "landlock.enforce", 16) == 0) {
                 arg_landlock_enforce = 1;
                 return 0;
@@ -1098,7 +1100,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 ll_add_profile(LL_FS_EXEC, ptr + 20);
                 return 0;
         }
-#endif
+//#endif
 
         // memory deny write&execute
         if (strcmp(ptr, "memory-deny-write-execute") == 0) {