7 files changed, 42 insertions, 1 deletions

diff --git a/configure b/configure
index 84bcafaf7..fc8048ffb 100755
--- a/configure
+++ b/configure
@@ -645,6 +645,7 @@ HAVE_FIRETUNNEL
 HAVE_GAWK
 HAVE_MAN
 HAVE_USERTMPFS
+HAVE_OUTPUT
 HAVE_OVERLAYFS
 HAVE_DBUSPROXY
 EXTRA_LDFLAGS
@@ -711,6 +712,7 @@ enable_option_checking
 enable_analyzer
 enable_apparmor
 enable_dbusproxy
+enable_output
 enable_usertmpfs
 enable_man
 enable_firetunnel
@@ -1366,6 +1368,7 @@ Optional Features:
   --enable-analyzer       enable GCC 10 static analyzer
   --enable-apparmor       enable apparmor
   --disable-dbusproxy     disable dbus proxy
+  --disable-output        disable --output logging
   --disable-usertmpfs     disable tmpfs as regular user
   --disable-man           disable man pages
   --disable-firetunnel    disable firetunnel
@@ -3539,6 +3542,19 @@ HAVE_OVERLAYFS=""
 #       AC_SUBST(HAVE_OVERLAYFS)
 #])
 
+HAVE_OUTPUT=""
+# Check whether --enable-output was given.
+if test "${enable_output+set}" = set; then :
+  enableval=$enable_output;
+fi
+
+if test "x$enable_output" != "xno"; then :
+
+        HAVE_OUTPUT="-DHAVE_OUTPUT"
+
+
+fi
+
 HAVE_USERTMPFS=""
 # Check whether --enable-usertmpfs was given.
 if test "${enable_usertmpfs+set}" = set; then :
@@ -5480,6 +5496,7 @@ echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   overlayfs support: $HAVE_OVERLAYFS"
 echo "   DBUS proxy support: $HAVE_DBUSPROXY"
 echo "   allow tmpfs as regular user: $HAVE_USERTMPFS"
+echo "   enable --ouput logging: $HAVE_OUTPUT"
 echo "   Manpage support: $HAVE_MAN"
 echo "   firetunnel support: $HAVE_FIRETUNNEL"
 echo "   busybox workaround: $BUSYBOX_WORKAROUND"
diff --git a/configure.ac b/configure.ac
index b2e9a7b86..0556da374 100644
--- a/configure.ac
+++ b/configure.ac
@@ -77,6 +77,14 @@ AC_SUBST(HAVE_OVERLAYFS)
 #       AC_SUBST(HAVE_OVERLAYFS)
 #])
 
+HAVE_OUTPUT=""
+AC_ARG_ENABLE([output],
+    AS_HELP_STRING([--disable-output], [disable --output logging]))
+AS_IF([test "x$enable_output" != "xno"], [
+        HAVE_OUTPUT="-DHAVE_OUTPUT"
+        AC_SUBST(HAVE_OUTPUT)
+])
+
 HAVE_USERTMPFS=""
 AC_ARG_ENABLE([usertmpfs],
     AS_HELP_STRING([--disable-usertmpfs], [disable tmpfs as regular user]))
@@ -253,6 +261,7 @@ echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   overlayfs support: $HAVE_OVERLAYFS"
 echo "   DBUS proxy support: $HAVE_DBUSPROXY"
 echo "   allow tmpfs as regular user: $HAVE_USERTMPFS"
+echo "   enable --ouput logging: $HAVE_OUTPUT"
 echo "   Manpage support: $HAVE_MAN"
 echo "   firetunnel support: $HAVE_FIRETUNNEL"
 echo "   busybox workaround: $BUSYBOX_WORKAROUND"
diff --git a/src/common.mk.in b/src/common.mk.in
index b8a13cd1b..77d8539ef 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -25,6 +25,7 @@ HAVE_GCOV=@HAVE_GCOV@
 HAVE_SELINUX=@HAVE_SELINUX@
 HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
 HAVE_USERTMPFS=@HAVE_USERTMPFS@
+HAVE_OUTPUT=@HAVE_OUTPUT@
 
 H_FILE_LIST       = $(sort $(wildcard *.[h]))
 C_FILE_LIST       = $(sort $(wildcard *.c))
@@ -34,7 +35,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS = @CFLAGS@
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)
 CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'
-MANFLAGS = $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
+MANFLAGS = $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
 CFLAGS += $(MANFLAGS)
 CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 71dc364c9..9d327933f 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -380,4 +380,12 @@ void print_compiletime_support(void) {
                 "disabled"
 #endif
                 );
+
+        printf("\t- output logging is %s\n",
+#ifdef HAVE_OUTPUT
+                "enabled"
+#else
+                "disabled"
+#endif
+                );
 }
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 9b4f2bc60..fe806dcdb 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1233,10 +1233,12 @@ int main(int argc, char **argv, char **envp) {
 #endif
                 }
         }
+#ifdef HAVE_OUTPUT
         else {
                 // check --output option and execute it;
                 check_output(argc, argv); // the function will not return if --output or --output-stderr option was found
         }
+#endif
         EUID_ASSERT();
 
         // check for force-nonewprivs in /etc/firejail/firejail.config file
diff --git a/src/firejail/output.c b/src/firejail/output.c
index db9728a3d..835dff2db 100644
--- a/src/firejail/output.c
+++ b/src/firejail/output.c
@@ -22,6 +22,7 @@
 #include <sys/stat.h>
 #include <unistd.h>
 
+#ifdef HAVE_OUTPUT
 void check_output(int argc, char **argv) {
         EUID_ASSERT();
 
@@ -149,3 +150,4 @@ void check_output(int argc, char **argv) {
         perror("execvp");
         exit(1);
 }
+#endif
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 81bd5a049..b251f8191 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1642,6 +1642,7 @@ Disable video devices.
 \fB\-\-nowhitelist=dirname_or_filename
 Disable whitelist for this directory or file.
 
+#ifdef HAVE_OUTPUT
 .TP
 \fB\-\-output=logfile
 stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log
@@ -1672,6 +1673,7 @@ $ ls -l sandboxlog*
 .TP
 \fB\-\-output-stderr=logfile
 Similar to \-\-output, but stderr is also stored.
+#endif
 
 #ifdef HAVE_OVERLAYFS
 .TP