diff options
author | startx2017 <vradu.startx@protonmail.com> | 2021-02-28 07:49:20 -0500 |
---|---|---|
committer | startx2017 <vradu.startx@protonmail.com> | 2021-02-28 07:49:20 -0500 |
commit | 72ba0b7e5e5baf79fa4f33000e45d2ad48d54708 (patch) | |
tree | dea7d33b9075fcc3aef7bbbf9060b06e7d896ce7 /src | |
parent | dbus.c: check_object_path: Allow /StatusNotifierWatcher (#4015) (diff) | |
download | firejail-72ba0b7e5e5baf79fa4f33000e45d2ad48d54708.tar.gz firejail-72ba0b7e5e5baf79fa4f33000e45d2ad48d54708.tar.zst firejail-72ba0b7e5e5baf79fa4f33000e45d2ad48d54708.zip |
compile time: disable --output
Diffstat (limited to 'src')
-rw-r--r-- | src/common.mk.in | 3 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 8 | ||||
-rw-r--r-- | src/firejail/main.c | 2 | ||||
-rw-r--r-- | src/firejail/output.c | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
5 files changed, 16 insertions, 1 deletions
diff --git a/src/common.mk.in b/src/common.mk.in index b8a13cd1b..77d8539ef 100644 --- a/src/common.mk.in +++ b/src/common.mk.in | |||
@@ -25,6 +25,7 @@ HAVE_GCOV=@HAVE_GCOV@ | |||
25 | HAVE_SELINUX=@HAVE_SELINUX@ | 25 | HAVE_SELINUX=@HAVE_SELINUX@ |
26 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ | 26 | HAVE_DBUSPROXY=@HAVE_DBUSPROXY@ |
27 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ | 27 | HAVE_USERTMPFS=@HAVE_USERTMPFS@ |
28 | HAVE_OUTPUT=@HAVE_OUTPUT@ | ||
28 | 29 | ||
29 | H_FILE_LIST = $(sort $(wildcard *.[h])) | 30 | H_FILE_LIST = $(sort $(wildcard *.[h])) |
30 | C_FILE_LIST = $(sort $(wildcard *.c)) | 31 | C_FILE_LIST = $(sort $(wildcard *.c)) |
@@ -34,7 +35,7 @@ BINOBJS = $(foreach file, $(OBJS), $file) | |||
34 | CFLAGS = @CFLAGS@ | 35 | CFLAGS = @CFLAGS@ |
35 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) | 36 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) |
36 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' | 37 | CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"' |
37 | MANFLAGS = $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) | 38 | MANFLAGS = $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX) |
38 | CFLAGS += $(MANFLAGS) | 39 | CFLAGS += $(MANFLAGS) |
39 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security | 40 | CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security |
40 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread | 41 | LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 71dc364c9..9d327933f 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -380,4 +380,12 @@ void print_compiletime_support(void) { | |||
380 | "disabled" | 380 | "disabled" |
381 | #endif | 381 | #endif |
382 | ); | 382 | ); |
383 | |||
384 | printf("\t- output logging is %s\n", | ||
385 | #ifdef HAVE_OUTPUT | ||
386 | "enabled" | ||
387 | #else | ||
388 | "disabled" | ||
389 | #endif | ||
390 | ); | ||
383 | } | 391 | } |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 9b4f2bc60..fe806dcdb 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1233,10 +1233,12 @@ int main(int argc, char **argv, char **envp) { | |||
1233 | #endif | 1233 | #endif |
1234 | } | 1234 | } |
1235 | } | 1235 | } |
1236 | #ifdef HAVE_OUTPUT | ||
1236 | else { | 1237 | else { |
1237 | // check --output option and execute it; | 1238 | // check --output option and execute it; |
1238 | check_output(argc, argv); // the function will not return if --output or --output-stderr option was found | 1239 | check_output(argc, argv); // the function will not return if --output or --output-stderr option was found |
1239 | } | 1240 | } |
1241 | #endif | ||
1240 | EUID_ASSERT(); | 1242 | EUID_ASSERT(); |
1241 | 1243 | ||
1242 | // check for force-nonewprivs in /etc/firejail/firejail.config file | 1244 | // check for force-nonewprivs in /etc/firejail/firejail.config file |
diff --git a/src/firejail/output.c b/src/firejail/output.c index db9728a3d..835dff2db 100644 --- a/src/firejail/output.c +++ b/src/firejail/output.c | |||
@@ -22,6 +22,7 @@ | |||
22 | #include <sys/stat.h> | 22 | #include <sys/stat.h> |
23 | #include <unistd.h> | 23 | #include <unistd.h> |
24 | 24 | ||
25 | #ifdef HAVE_OUTPUT | ||
25 | void check_output(int argc, char **argv) { | 26 | void check_output(int argc, char **argv) { |
26 | EUID_ASSERT(); | 27 | EUID_ASSERT(); |
27 | 28 | ||
@@ -149,3 +150,4 @@ void check_output(int argc, char **argv) { | |||
149 | perror("execvp"); | 150 | perror("execvp"); |
150 | exit(1); | 151 | exit(1); |
151 | } | 152 | } |
153 | #endif | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 81bd5a049..b251f8191 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1642,6 +1642,7 @@ Disable video devices. | |||
1642 | \fB\-\-nowhitelist=dirname_or_filename | 1642 | \fB\-\-nowhitelist=dirname_or_filename |
1643 | Disable whitelist for this directory or file. | 1643 | Disable whitelist for this directory or file. |
1644 | 1644 | ||
1645 | #ifdef HAVE_OUTPUT | ||
1645 | .TP | 1646 | .TP |
1646 | \fB\-\-output=logfile | 1647 | \fB\-\-output=logfile |
1647 | stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log | 1648 | stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log |
@@ -1672,6 +1673,7 @@ $ ls -l sandboxlog* | |||
1672 | .TP | 1673 | .TP |
1673 | \fB\-\-output-stderr=logfile | 1674 | \fB\-\-output-stderr=logfile |
1674 | Similar to \-\-output, but stderr is also stored. | 1675 | Similar to \-\-output, but stderr is also stored. |
1676 | #endif | ||
1675 | 1677 | ||
1676 | #ifdef HAVE_OVERLAYFS | 1678 | #ifdef HAVE_OVERLAYFS |
1677 | .TP | 1679 | .TP |