diff options
| author |  netblue30 <netblue30@yahoo.com> | 2017-05-31 20:42:19 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2017-05-31 20:42:19 -0400 |
| commit | 687a429ddda387f40f163a45211345607ad96149 (patch) | |
| tree | f2e5d745ef8b33a0406aabbba0bce7a9c38aab4f /src | |
| parent | profile cleanup (diff) | |
| download | firejail-687a429ddda387f40f163a45211345607ad96149.tar.gz firejail-687a429ddda387f40f163a45211345607ad96149.tar.zst firejail-687a429ddda387f40f163a45211345607ad96149.zip | |
AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/sandbox.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 7f82e2253..b22a4c651 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -987,12 +987,12 @@ int sandbox(void* sandbox_arg) { | |||
| 987 | if (app_pid == 0) { | 987 | if (app_pid == 0) { |
| 988 | #ifdef HAVE_APPARMOR | 988 | #ifdef HAVE_APPARMOR |
| 989 | if (arg_apparmor) { | 989 | if (arg_apparmor) { |
| 990 | int done = 0; | ||
| 990 | errno = 0; | 991 | errno = 0; |
| 991 | if (aa_change_onexec("firejail-default")) { | 992 | if (aa_change_onexec("firejail-default")) { |
| 992 | fprintf(stderr, "Error: cannot confine the application using AppArmor.\n"); | 993 | fwarning("Cannot confine the application using AppArmor.\n" |
| 993 | fprintf(stderr, "Maybe firejail-default AppArmor profile is not loaded into the kernel.\n"); | 994 | "Maybe firejail-default AppArmor profile is not loaded into the kernel.\n" |
| 994 | fprintf(stderr, "As root, run \"aa-enforce firejail-default\" to load it.\n"); | 995 | "As root, run \"aa-enforce firejail-default\" to load it.\n"); |
| 995 | exit(1); | ||
| 996 | } | 996 | } |
| 997 | else if (arg_debug) | 997 | else if (arg_debug) |
| 998 | printf("AppArmor enabled\n"); | 998 | printf("AppArmor enabled\n"); |