diff options
Diffstat (limited to 'src/faudit/seccomp.c')
-rw-r--r-- | src/faudit/seccomp.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/faudit/seccomp.c b/src/faudit/seccomp.c index 9cc1a20f6..099e0e420 100644 --- a/src/faudit/seccomp.c +++ b/src/faudit/seccomp.c | |||
@@ -46,18 +46,17 @@ void seccomp_test(void) { | |||
46 | int rv = extract_seccomp(&seccomp_status); | 46 | int rv = extract_seccomp(&seccomp_status); |
47 | 47 | ||
48 | if (rv) { | 48 | if (rv) { |
49 | printf("SKIP: cannot extract seccomp configuration on this platform\n"); | 49 | printf("INFO: cannot extract seccomp configuration on this platform.\n"); |
50 | return; | 50 | return; |
51 | } | 51 | } |
52 | 52 | ||
53 | if (seccomp_status == 0) { | 53 | if (seccomp_status == 0) { |
54 | printf("BAD: seccomp disabled\n"); | 54 | printf("BAD: seccomp disabled. Use \"firejail --seccomp\" to enable it.\n"); |
55 | printf("Use \"firejail --seccomp\" to fix it.\n"); | ||
56 | } | 55 | } |
57 | else if (seccomp_status == 1) | 56 | else if (seccomp_status == 1) |
58 | printf("GOOD: seccomp strict mode - only read, write, _exit, and sigreturn are allowd\n"); | 57 | printf("GOOD: seccomp strict mode - only read, write, _exit, and sigreturn are allowd.\n"); |
59 | else if (seccomp_status == 2) { | 58 | else if (seccomp_status == 2) { |
60 | printf("GOOD: seccomp BPF enababled\n"); | 59 | printf("GOOD: seccomp BPF enabled.\n"); |
61 | 60 | ||
62 | printf("checking syscalls: "); fflush(0); | 61 | printf("checking syscalls: "); fflush(0); |
63 | printf("mount... "); fflush(0); | 62 | printf("mount... "); fflush(0); |