removed --disable-seccomp from ./configure

16 files changed, 26 insertions, 151 deletions

diff --git a/Makefile.in b/Makefile.in
index 890ba1b0a..3e500413d 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -10,7 +10,6 @@ VERSION=@PACKAGE_VERSION@
 NAME=@PACKAGE_NAME@
 PACKAGE_TARNAME=@PACKAGE_TARNAME@
 DOCDIR=@docdir@
-HAVE_SECCOMP=@HAVE_SECCOMP@
 HAVE_APPARMOR=@HAVE_APPARMOR@
 HAVE_CONTRIB_INSTALL=@HAVE_CONTRIB_INSTALL@
 BUSYBOX_WORKAROUND=@BUSYBOX_WORKAROUND@
@@ -23,10 +22,8 @@ SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfil
 MYDIRS = src/lib
 MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so
 MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5
-ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
 SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp
 SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32
-endif
 ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS)
 
 .PHONY: all_items $(ALL_ITEMS)
@@ -45,7 +42,6 @@ $(MANPAGES): $(wildcard src/man/*.txt)
 man: $(MANPAGES)
 
 filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE)
-ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
 seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize
         src/fseccomp/fseccomp default seccomp
         src/fsec-optimize/fsec-optimize seccomp
@@ -66,7 +62,6 @@ seccomp.mdwx: src/fseccomp/fseccomp
 
 seccomp.mdwx.32: src/fseccomp/fseccomp
         src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32
-endif
 
 clean:
         for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \
@@ -248,9 +243,7 @@ test-environment:
         cd test/environment; ./environment.sh | grep TESTING
 
 test-filters:
-ifeq ($(HAVE_SECCOMP),-DHAVE_SECCOMP)
         cd test/filters; ./filters.sh | grep TESTING
-endif
 
 test-arguments:
         cd test/arguments; ./arguments.sh | grep TESTING
diff --git a/configure b/configure
index 12881fcaf..1a89499b2 100755
--- a/configure
+++ b/configure
@@ -624,7 +624,6 @@ ac_includes_default="\
 
 ac_subst_vars='LTLIBOBJS
 LIBOBJS
-HAVE_SECCOMP_H
 EGREP
 GREP
 CPP
@@ -641,7 +640,6 @@ HAVE_USERNS
 HAVE_NETWORK
 HAVE_GLOBALCFG
 HAVE_CHROOT
-HAVE_SECCOMP
 HAVE_PRIVATE_HOME
 HAVE_FIRETUNNEL
 HAVE_OVERLAYFS
@@ -710,7 +708,6 @@ enable_apparmor
 enable_overlayfs
 enable_firetunnel
 enable_private_home
-enable_seccomp
 enable_chroot
 enable_globalcfg
 enable_network
@@ -1363,7 +1360,6 @@ Optional Features:
   --disable-overlayfs     disable overlayfs
   --disable-firetunnel    disable firetunnel
   --disable-private-home  disable private home feature
-  --disable-seccomp       disable seccomp
   --disable-chroot        disable chroot
   --disable-globalcfg     if the global config file firejail.cfg is not
                           present, continue the program using defaults
@@ -3537,19 +3533,6 @@ if test "x$enable_private_home" != "xno"; then :
 
 fi
 
-HAVE_SECCOMP=""
-# Check whether --enable-seccomp was given.
-if test "${enable_seccomp+set}" = set; then :
-  enableval=$enable_seccomp;
-fi
-
-if test "x$enable_seccomp" != "xno"; then :
-
-        HAVE_SECCOMP="-DHAVE_SECCOMP"
-
-
-fi
-
 HAVE_CHROOT=""
 # Check whether --enable-chroot was given.
 if test "${enable_chroot+set}" = set; then :
@@ -4173,14 +4156,13 @@ fi
 
 ac_fn_c_check_header_mongrel "$LINENO" "linux/seccomp.h" "ac_cv_header_linux_seccomp_h" "$ac_includes_default"
 if test "x$ac_cv_header_linux_seccomp_h" = xyes; then :
-  HAVE_SECCOMP_H="-DHAVE_SECCOMP_H"
+
 else
-  HAVE_SECCOMP_H=""
+  as_fn_error $? "*** SECCOMP support is not installed (/usr/include/linux/seccomp.h missing) ***" "$LINENO" 5
 fi
 
 
 
-
 # set sysconfdir
 if test "$prefix" = /usr; then
         test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc"
@@ -5382,8 +5364,6 @@ echo
 echo "Configuration options:"
 echo "   prefix: $prefix"
 echo "   sysconfdir: $sysconfdir"
-echo "   seccomp: $HAVE_SECCOMP"
-echo "   <linux/seccomp.h>: $HAVE_SECCOMP_H"
 echo "   apparmor: $HAVE_APPARMOR"
 echo "   global config: $HAVE_GLOBALCFG"
 echo "   chroot: $HAVE_CHROOT"
diff --git a/configure.ac b/configure.ac
index feb0b38a6..0524651fb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -76,14 +76,6 @@ AS_IF([test "x$enable_private_home" != "xno"], [
         AC_SUBST(HAVE_PRIVATE_HOME)
 ])
 
-HAVE_SECCOMP=""
-AC_ARG_ENABLE([seccomp],
-    AS_HELP_STRING([--disable-seccomp], [disable seccomp]))
-AS_IF([test "x$enable_seccomp" != "xno"], [
-        HAVE_SECCOMP="-DHAVE_SECCOMP"
-        AC_SUBST(HAVE_SECCOMP)
-])
-
 HAVE_CHROOT=""
 AC_ARG_ENABLE([chroot],
     AS_HELP_STRING([--disable-chroot], [disable chroot]))
@@ -196,8 +188,7 @@ AS_IF([test "x$enable_selinux" = "xyes"], [
 # checking pthread library
 AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed ***]))
 AC_CHECK_HEADER(pthread.h,,AC_MSG_ERROR([*** POSIX thread support not installed ***]))
-AC_CHECK_HEADER([linux/seccomp.h], HAVE_SECCOMP_H="-DHAVE_SECCOMP_H", HAVE_SECCOMP_H="")
-AC_SUBST(HAVE_SECCOMP_H)
+AC_CHECK_HEADER([linux/seccomp.h],,AC_MSG_ERROR([*** SECCOMP support is not installed (/usr/include/linux/seccomp.h missing) ***]))
 
 # set sysconfdir
 if test "$prefix" = /usr; then
@@ -214,8 +205,6 @@ echo
 echo "Configuration options:"
 echo "   prefix: $prefix"
 echo "   sysconfdir: $sysconfdir"
-echo "   seccomp: $HAVE_SECCOMP"
-echo "   <linux/seccomp.h>: $HAVE_SECCOMP_H"
 echo "   apparmor: $HAVE_APPARMOR"
 echo "   global config: $HAVE_GLOBALCFG"
 echo "   chroot: $HAVE_CHROOT"
diff --git a/src/common.mk.in b/src/common.mk.in
index 8104bc258..4c4d0862c 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -9,8 +9,6 @@ sysconfdir=@sysconfdir@
 
 VERSION=@PACKAGE_VERSION@
 NAME=@PACKAGE_NAME@
-HAVE_SECCOMP_H=@HAVE_SECCOMP_H@
-HAVE_SECCOMP=@HAVE_SECCOMP@
 HAVE_CHROOT=@HAVE_CHROOT@
 HAVE_FATAL_WARNINGS=@HAVE_FATAL_WARNINGS@
 HAVE_NETWORK=@HAVE_NETWORK@
@@ -34,7 +32,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS = @CFLAGS@
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)
 CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'
-CFLAGS += $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
+CFLAGS += $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
 CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
 LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
 EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index f6b3b3252..fb19e8f5a 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -226,7 +226,6 @@ int checkcfg(int val) {
 
                         // seccomp error action
                         else if (strncmp(ptr, "seccomp-error-action ", 21) == 0) {
-#ifdef HAVE_SECCOMP
                                 if (strcmp(ptr + 21, "kill") == 0)
                                         cfg_val[CFG_SECCOMP_ERROR_ACTION] = SECCOMP_RET_KILL;
                                 else if (strcmp(ptr + 21, "log") == 0)
@@ -239,9 +238,6 @@ int checkcfg(int val) {
                                 config_seccomp_error_action_str = strdup(ptr + 21);
                                 if (!config_seccomp_error_action_str)
                                         errExit("strdup");
-#else
-                                warning_feature_disabled("seccomp");
-#endif
                         }
 
                         else
@@ -347,14 +343,6 @@ void print_compiletime_support(void) {
 #endif
                 );
 
-        printf("\t- seccomp-bpf support is %s\n",
-#ifdef HAVE_SECCOMP
-                "enabled"
-#else
-                "disabled"
-#endif
-                );
-
         printf("\t- SELinux support is %s\n",
 #ifdef HAVE_SELINUX
                 "enabled"
diff --git a/src/firejail/dbus.c b/src/firejail/dbus.c
index 36d110ac7..f0ba10afc 100644
--- a/src/firejail/dbus.c
+++ b/src/firejail/dbus.c
@@ -555,10 +555,8 @@ void dbus_apply_policy(void) {
                 return;
 
         // --protocol=unix
-#ifdef HAVE_SECCOMP
         if (cfg.protocol && !strstr(cfg.protocol, "unix"))
                 return;
-#endif
 
         fwarning("An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.\n");
 }
diff --git a/src/firejail/join.c b/src/firejail/join.c
index c7619ef3b..7fd5ec3d3 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -465,10 +465,8 @@ void join(pid_t pid, int argc, char **argv, int index) {
                 EUID_ROOT();
                 if (apply_caps == 1)    // not available for uid 0
                         caps_set(caps);
-#ifdef HAVE_SECCOMP
                 if (getuid() != 0)
                         seccomp_load_file_list();
-#endif
 
                 // mount user namespace or drop privileges
                 if (arg_noroot) {       // not available for uid 0
diff --git a/src/firejail/main.c b/src/firejail/main.c
index df890ecea..75324b66a 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -479,7 +479,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
         //*************************************
         // independent commands - the program will exit!
         //*************************************
-#ifdef HAVE_SECCOMP
         else if (strcmp(argv[i], "--debug-syscalls") == 0) {
                 if (checkcfg(CFG_SECCOMP)) {
                         int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls");
@@ -529,7 +528,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                         exit_err_feature("seccomp");
                 exit(0);
         }
-#endif
         else if (strncmp(argv[i], "--profile.print=", 16) == 0) {
                 pid_t pid = require_pid(argv[i] + 16);
 
@@ -950,7 +948,6 @@ void filter_add_blacklist_override(int fd, int syscall, int arg, void *ptrarg, b
         (void) native;
 }
 
-#ifdef HAVE_SECCOMP
 static int check_postexec(const char *list) {
         char *prelist, *postlist;
 
@@ -961,7 +958,6 @@ static int check_postexec(const char *list) {
         }
         return 0;
 }
-#endif
 
 //*******************************************
 // Main program
@@ -1264,7 +1260,6 @@ int main(int argc, char **argv, char **envp) {
                 else if (strcmp(argv[i], "--apparmor") == 0)
                         arg_apparmor = 1;
 #endif
-#ifdef HAVE_SECCOMP
                 else if (strncmp(argv[i], "--protocol=", 11) == 0) {
                         if (checkcfg(CFG_SECCOMP)) {
                                 if (cfg.protocol) {
@@ -1402,7 +1397,6 @@ int main(int argc, char **argv, char **envp) {
                         } else
                                 exit_err_feature("seccomp");
                 }
-#endif
                 else if (strcmp(argv[i], "--caps") == 0) {
                         arg_caps_default_filter = 1;
                         arg_caps_cmdline = 1;
@@ -2783,10 +2777,9 @@ int main(int argc, char **argv, char **envp) {
         // check network configuration options - it will exit if anything went wrong
         net_check_cfg();
 
-#ifdef HAVE_SECCOMP
         if (arg_seccomp)
                 arg_seccomp_postexec = check_postexec(cfg.seccomp_list) || check_postexec(cfg.seccomp_list_drop);
-#endif
+
         bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
         if (need_preload && (cfg.seccomp_list32 || cfg.seccomp_list_drop32 || cfg.seccomp_list_keep32))
                 fwarning("preload libraries (trace, tracelog, postexecseccomp due to seccomp.drop=execve etc.) are incompatible with 32 bit filters\n");
diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c
index c0b09e945..836526593 100644
--- a/src/firejail/preproc.c
+++ b/src/firejail/preproc.c
@@ -103,7 +103,6 @@ void preproc_mount_mnt_dir(void) {
                 if (arg_tracefile)
                         fs_tracefile();
 
-#ifdef HAVE_SECCOMP
                 create_empty_dir_as_root(RUN_SECCOMP_DIR, 0755);
 
                 if (arg_seccomp_block_secondary)
@@ -132,7 +131,6 @@ void preproc_mount_mnt_dir(void) {
                 create_empty_file_as_root(RUN_SECCOMP_POSTEXEC_32, 0644);
                 if (set_perms(RUN_SECCOMP_POSTEXEC_32, getuid(), getgid(), 0644))
                         errExit("set_perms");
-#endif
         }
 }
 
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 970033899..8eaae9a30 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -327,12 +327,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 return 0;
         }
         else if (strcmp(ptr, "seccomp") == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP))
                         arg_seccomp = 1;
                 else
                         warning_feature_disabled("seccomp");
-#endif
                 return 0;
         }
         else if (strcmp(ptr, "caps") == 0) {
@@ -861,7 +859,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
         }
 
         if (strncmp(ptr, "protocol ", 9) == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP)) {
                         if (cfg.protocol) {
                                 fwarning("two protocol lists are present, \"%s\" will be installed\n", cfg.protocol);
@@ -875,7 +872,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                 }
                 else
                         warning_feature_disabled("seccomp");
-#endif
                 return 0;
         }
 
@@ -890,102 +886,85 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 
         // seccomp drop list on top of default list
         if (strncmp(ptr, "seccomp ", 8) == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP)) {
                         arg_seccomp = 1;
                         cfg.seccomp_list = seccomp_check_list(ptr + 8);
                 }
                 else if (!arg_quiet)
                         warning_feature_disabled("seccomp");
-#endif
 
                 return 0;
         }
         if (strncmp(ptr, "seccomp.32 ", 11) == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP)) {
                         arg_seccomp32 = 1;
                         cfg.seccomp_list32 = seccomp_check_list(ptr + 11);
                 }
                 else if (!arg_quiet)
                         warning_feature_disabled("seccomp");
-#endif
 
                 return 0;
         }
 
         if (strcmp(ptr, "seccomp.block-secondary") == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP)) {
                         arg_seccomp_block_secondary = 1;
                 }
                 else
                         warning_feature_disabled("seccomp");
-#endif
                 return 0;
         }
         // seccomp drop list without default list
         if (strncmp(ptr, "seccomp.drop ", 13) == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP)) {
                         arg_seccomp = 1;
                         cfg.seccomp_list_drop = seccomp_check_list(ptr + 13);
                 }
                 else
                         warning_feature_disabled("seccomp");
-#endif
                 return 0;
         }
         if (strncmp(ptr, "seccomp.32.drop ", 13) == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP)) {
                         arg_seccomp32 = 1;
                         cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 13);
                 }
                 else
                         warning_feature_disabled("seccomp");
-#endif
                 return 0;
         }
 
         // seccomp keep list
         if (strncmp(ptr, "seccomp.keep ", 13) == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP)) {
                         arg_seccomp = 1;
                         cfg.seccomp_list_keep= seccomp_check_list(ptr + 13);
                 }
                 else
                         warning_feature_disabled("seccomp");
-#endif
                 return 0;
         }
         if (strncmp(ptr, "seccomp.32.keep ", 13) == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP)) {
                         arg_seccomp32 = 1;
                         cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 13);
                 }
                 else
                         warning_feature_disabled("seccomp");
-#endif
                 return 0;
         }
 
         // memory deny write&execute
         if (strcmp(ptr, "memory-deny-write-execute") == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP))
                         arg_memory_deny_write_execute = 1;
                 else
                         warning_feature_disabled("seccomp");
-#endif
                 return 0;
         }
 
         // seccomp error action
         if (strncmp(ptr, "seccomp-error-action ", 21) == 0) {
-#ifdef HAVE_SECCOMP
                 if (checkcfg(CFG_SECCOMP)) {
                         int config_seccomp_error_action = checkcfg(CFG_SECCOMP_ERROR_ACTION);
                         if (config_seccomp_error_action == -1) {
@@ -1008,7 +987,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                         }
                 } else
                         warning_feature_disabled("seccomp");
-#endif
                 return 0;
         }
 
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c
index a1594d6b9..cd54eb72d 100644
--- a/src/firejail/protocol.c
+++ b/src/firejail/protocol.c
@@ -18,7 +18,6 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
-#ifdef HAVE_SECCOMP
 #include "firejail.h"
 #include "../include/seccomp.h"
 
@@ -93,6 +92,3 @@ void protocol_print_filter(pid_t pid) {
         exit(1);
 #endif
 }
-
-
-#endif // HAVE_SECCOMP
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 5a4741a56..3bb4858c9 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -141,7 +141,6 @@ void set_apparmor(void) {
 }
 #endif
 
-#ifdef HAVE_SECCOMP
 void seccomp_debug(void) {
         if (arg_debug == 0)
                 return;
@@ -158,7 +157,6 @@ void seccomp_debug(void) {
                 printf("No active seccomp files\n");
         EUID_ROOT();
 }
-#endif
 
 static void save_nogroups(void) {
         if (arg_nogroups == 0)
@@ -497,9 +495,7 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
 #ifdef HAVE_GCOV
                 __gcov_dump();
 #endif
-#ifdef HAVE_SECCOMP
                 seccomp_install_filters();
-#endif
                 if (set_sandbox_status)
                         *set_sandbox_status = SANDBOX_DONE;
                 execl(arg_audit_prog, arg_audit_prog, NULL);
@@ -536,9 +532,8 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
 #ifdef HAVE_GCOV
                 __gcov_dump();
 #endif
-#ifdef HAVE_SECCOMP
                 seccomp_install_filters();
-#endif
+
                 if (set_sandbox_status)
                         *set_sandbox_status = SANDBOX_DONE;
                 execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]);
@@ -591,9 +586,8 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
 #ifdef HAVE_GCOV
                 __gcov_dump();
 #endif
-#ifdef HAVE_SECCOMP
                 seccomp_install_filters();
-#endif
+
                 if (set_sandbox_status)
                         *set_sandbox_status = SANDBOX_DONE;
                 execvp(arg[0], arg);
@@ -797,7 +791,6 @@ int sandbox(void* sandbox_arg) {
         //  - build seccomp filters
         //  - create an empty /etc/ld.so.preload
         //****************************
-#ifdef HAVE_SECCOMP
         if (cfg.protocol) {
                 if (arg_debug)
                         printf("Build protocol filter: %s\n", cfg.protocol);
@@ -808,7 +801,6 @@ int sandbox(void* sandbox_arg) {
                 if (rv)
                         exit(rv);
         }
-#endif
 
         // need ld.so.preload if tracing or seccomp with any non-default lists
         bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
@@ -1107,7 +1099,6 @@ int sandbox(void* sandbox_arg) {
         save_cgroup();
 
         // set seccomp
-#ifdef HAVE_SECCOMP
         // install protocol filter
 #ifdef SYS_socket
         if (cfg.protocol) {
@@ -1151,7 +1142,6 @@ int sandbox(void* sandbox_arg) {
         // make seccomp filters read-only
         fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0);
         seccomp_debug();
-#endif
 
         // set capabilities
         set_caps();
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index 7f55ccc0e..e47e6c910 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -18,7 +18,6 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
-#ifdef HAVE_SECCOMP
 #include "firejail.h"
 #include "../include/seccomp.h"
 #include <sys/mman.h>
@@ -445,5 +444,3 @@ errexit:
         printf("Cannot access seccomp filter.\n");
         exit(1);
 }
-
-#endif // HAVE_SECCOMP
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 2390706f2..d58bbb409 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -123,10 +123,8 @@ static char *usage_str =
         "    --mac=xx:xx:xx:xx:xx:xx - set interface MAC address.\n"
 #endif
         "    --machine-id - preserve /etc/machine-id\n"
-#ifdef HAVE_SECCOMP
         "    --memory-deny-write-execute - seccomp filter to block attempts to create\n"
         "\tmemory mappings that are both writable and executable.\n"
-#endif
 #ifdef HAVE_NETWORK
         "    --mtu=number - set interface MTU.\n"
 #endif
@@ -215,7 +213,6 @@ static char *usage_str =
 #ifdef HAVE_NETWORK
         "    --scan - ARP-scan all the networks from inside a network namespace.\n"
 #endif
-#ifdef HAVE_SECCOMP
         "    --seccomp - enable seccomp filter and apply the default blacklist.\n"
         "    --seccomp=syscall,syscall,syscall - enable seccomp filter, blacklist the\n"
         "\tdefault syscall list and the syscalls specified by the command.\n"
@@ -229,7 +226,6 @@ static char *usage_str =
         "    --seccomp.32[.drop,.keep][=syscall] - like above but for 32 bit architecture.\n"
         "    --seccomp-error-action=errno|kill|log - change error code, kill process\n"
         "\tor log the attempt.\n"
-#endif
         "    --shell=none - run the program directly without a user shell.\n"
         "    --shell=program - set default user shell.\n"
         "    --shutdown=name|pid - shutdown the sandbox identified by name or PID.\n"
diff --git a/src/include/seccomp.h b/src/include/seccomp.h
index 29b858c70..90db16d39 100644
--- a/src/include/seccomp.h
+++ b/src/include/seccomp.h
@@ -96,24 +96,7 @@
 # define PR_SET_NO_NEW_PRIVS 38
 #endif
 
-#if HAVE_SECCOMP_H
 #include <linux/seccomp.h>
-#else
-#define SECCOMP_MODE_FILTER     2
-#define SECCOMP_RET_KILL        0x00000000U
-#define SECCOMP_RET_TRAP        0x00030000U
-#define SECCOMP_RET_ALLOW       0x7fff0000U
-#define SECCOMP_RET_ERRNO       0x00050000U
-#define SECCOMP_RET_DATA        0x0000ffffU
-
-struct seccomp_data {
-    int nr;
-    __u32 arch;
-    __u64 instruction_pointer;
-    __u64 args[6];
-};
-#endif
-
 #ifndef SECCOMP_RET_LOG
 #define SECCOMP_RET_LOG         0x7ffc0000U
 #endif
diff --git a/test/compile/compile.sh b/test/compile/compile.sh
index 2f9e0ece6..3d334e0fa 100755
--- a/test/compile/compile.sh
+++ b/test/compile/compile.sh
@@ -4,7 +4,7 @@
 # License GPL v2
 
 arr[1]="TEST 1: standard compilation"
-arr[2]="TEST 2: compile seccomp disabled"
+arr[2]="deprecated"
 arr[3]="TEST 3: compile chroot disabled"
 arr[4]="TEST 4: compile firetunnel disabled"
 arr[5]="TEST 5: compile user namespace disabled"
@@ -74,23 +74,23 @@ cp output-make om1
 rm output-configure output-make
 
 
-#*****************************************************************
-# TEST 2
-#*****************************************************************
-# - disable seccomp configuration
-#*****************************************************************
-print_title "${arr[2]}"
-# seccomp
-cd firejail
-make distclean
-./configure --prefix=/usr --disable-seccomp  --enable-fatal-warnings 2>&1 | tee ../output-configure
-make -j4 2>&1 | tee ../output-make
-cd ..
-grep Warning output-configure output-make > ./report-test2
-grep Error output-configure output-make >> ./report-test2
-cp output-configure oc2
-cp output-make om2
-rm output-configure output-make
+##*****************************************************************
+## TEST 2
+##*****************************************************************
+## - disable seccomp configuration
+##*****************************************************************
+#print_title "${arr[2]}"
+## seccomp
+#cd firejail
+#make distclean
+#./configure --prefix=/usr --disable-seccomp  --enable-fatal-warnings 2>&1 | tee ../output-configure
+#make -j4 2>&1 | tee ../output-make
+#cd ..
+#grep Warning output-configure output-make > ./report-test2
+#grep Error output-configure output-make >> ./report-test2
+#cp output-configure oc2
+#cp output-make om2
+#rm output-configure output-make
 
 #*****************************************************************
 # TEST 3
@@ -342,7 +342,7 @@ wc -l report-test*
 echo
 echo  "Legend:"
 echo ${arr[1]}
-echo ${arr[2]}
+#echo ${arr[2]}
 echo ${arr[3]}
 echo ${arr[4]}
 echo ${arr[5]}