diff options
Diffstat (limited to 'src/firejail/checkcfg.c')
-rw-r--r-- | src/firejail/checkcfg.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index 430b0c5a6..4fdbe1897 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -36,7 +36,9 @@ int checkcfg(int val) { | |||
36 | int i; | 36 | int i; |
37 | for (i = 0; i < CFG_MAX; i++) | 37 | for (i = 0; i < CFG_MAX; i++) |
38 | cfg_val[i] = 1; // most of them are enabled by default | 38 | cfg_val[i] = 1; // most of them are enabled by default |
39 | |||
39 | cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default | 40 | cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default |
41 | cfg_val[CFG_FORCE_NONEWPRIVS ] = 0; // disabled by default | ||
40 | 42 | ||
41 | // open configuration file | 43 | // open configuration file |
42 | char *fname; | 44 | char *fname; |
@@ -106,6 +108,15 @@ int checkcfg(int val) { | |||
106 | else | 108 | else |
107 | goto errout; | 109 | goto errout; |
108 | } | 110 | } |
111 | // nonewprivs | ||
112 | else if (strncmp(ptr, "force-nonewprivs ", 17) == 0) { | ||
113 | if (strcmp(ptr + 17, "yes") == 0) | ||
114 | cfg_val[CFG_SECCOMP] = 1; | ||
115 | else if (strcmp(ptr + 17, "no") == 0) | ||
116 | cfg_val[CFG_SECCOMP] = 0; | ||
117 | else | ||
118 | goto errout; | ||
119 | } | ||
109 | // seccomp | 120 | // seccomp |
110 | else if (strncmp(ptr, "seccomp ", 8) == 0) { | 121 | else if (strncmp(ptr, "seccomp ", 8) == 0) { |
111 | if (strcmp(ptr + 8, "yes") == 0) | 122 | if (strcmp(ptr + 8, "yes") == 0) |