diff options
Diffstat (limited to 'src/firejail/checkcfg.c')
| -rw-r--r-- | src/firejail/checkcfg.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 430b0c5a6..4fdbe1897 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
| @@ -36,7 +36,9 @@ int checkcfg(int val) { | |||
| 36 | int i; | 36 | int i; |
| 37 | for (i = 0; i < CFG_MAX; i++) | 37 | for (i = 0; i < CFG_MAX; i++) |
| 38 | cfg_val[i] = 1; // most of them are enabled by default | 38 | cfg_val[i] = 1; // most of them are enabled by default |
| 39 | |||
| 39 | cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default | 40 | cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default |
| 41 | cfg_val[CFG_FORCE_NONEWPRIVS ] = 0; // disabled by default | ||
| 40 | 42 | ||
| 41 | // open configuration file | 43 | // open configuration file |
| 42 | char *fname; | 44 | char *fname; |
| @@ -106,6 +108,15 @@ int checkcfg(int val) { | |||
| 106 | else | 108 | else |
| 107 | goto errout; | 109 | goto errout; |
| 108 | } | 110 | } |
| 111 | // nonewprivs | ||
| 112 | else if (strncmp(ptr, "force-nonewprivs ", 17) == 0) { | ||
| 113 | if (strcmp(ptr + 17, "yes") == 0) | ||
| 114 | cfg_val[CFG_SECCOMP] = 1; | ||
| 115 | else if (strcmp(ptr + 17, "no") == 0) | ||
| 116 | cfg_val[CFG_SECCOMP] = 0; | ||
| 117 | else | ||
| 118 | goto errout; | ||
| 119 | } | ||
| 109 | // seccomp | 120 | // seccomp |
| 110 | else if (strncmp(ptr, "seccomp ", 8) == 0) { | 121 | else if (strncmp(ptr, "seccomp ", 8) == 0) { |
| 111 | if (strcmp(ptr + 8, "yes") == 0) | 122 | if (strcmp(ptr + 8, "yes") == 0) |