aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/checkcfg.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/checkcfg.c')
-rw-r--r--src/firejail/checkcfg.c22
1 files changed, 22 insertions, 0 deletions
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index fbe150b34..eb4841210 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -18,6 +18,8 @@
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19*/ 19*/
20#include "firejail.h" 20#include "firejail.h"
21#include "../include/seccomp.h"
22#include "../include/syscall.h"
21#include <sys/stat.h> 23#include <sys/stat.h>
22#include <linux/loop.h> 24#include <linux/loop.h>
23 25
@@ -32,6 +34,7 @@ char *xvfb_screen = "800x600x24";
32char *xvfb_extra_params = ""; 34char *xvfb_extra_params = "";
33char *netfilter_default = NULL; 35char *netfilter_default = NULL;
34unsigned long join_timeout = 5000000; // microseconds 36unsigned long join_timeout = 5000000; // microseconds
37char *config_seccomp_error_action_str = "EPERM";
35 38
36int checkcfg(int val) { 39int checkcfg(int val) {
37 assert(val < CFG_MAX); 40 assert(val < CFG_MAX);
@@ -51,6 +54,7 @@ int checkcfg(int val) {
51 cfg_val[CFG_DISABLE_MNT] = 0; 54 cfg_val[CFG_DISABLE_MNT] = 0;
52 cfg_val[CFG_ARP_PROBES] = DEFAULT_ARP_PROBES; 55 cfg_val[CFG_ARP_PROBES] = DEFAULT_ARP_PROBES;
53 cfg_val[CFG_XPRA_ATTACH] = 0; 56 cfg_val[CFG_XPRA_ATTACH] = 0;
57 cfg_val[CFG_SECCOMP_ERROR_ACTION] = -1;
54 58
55 // open configuration file 59 // open configuration file
56 const char *fname = SYSCONFDIR "/firejail.config"; 60 const char *fname = SYSCONFDIR "/firejail.config";
@@ -219,6 +223,24 @@ int checkcfg(int val) {
219 else if (strncmp(ptr, "join-timeout ", 13) == 0) 223 else if (strncmp(ptr, "join-timeout ", 13) == 0)
220 join_timeout = strtoul(ptr + 13, NULL, 10) * 1000000; // seconds to microseconds 224 join_timeout = strtoul(ptr + 13, NULL, 10) * 1000000; // seconds to microseconds
221 225
226 // seccomp error action
227 else if (strncmp(ptr, "seccomp-error-action ", 21) == 0) {
228#ifdef HAVE_SECCOMP
229 if (strcmp(ptr + 21, "kill") == 0)
230 cfg_val[CFG_SECCOMP_ERROR_ACTION] = SECCOMP_RET_KILL;
231 else {
232 cfg_val[CFG_SECCOMP_ERROR_ACTION] = errno_find_name(ptr + 21);
233 if (cfg_val[CFG_SECCOMP_ERROR_ACTION] == -1)
234 errExit("seccomp-error-action: unknown errno");
235 }
236 config_seccomp_error_action_str = strdup(ptr + 21);
237 if (!config_seccomp_error_action_str)
238 errExit("strdup");
239#else
240 warning_feature_disabled("seccomp");
241#endif
242 }
243
222 else 244 else
223 goto errout; 245 goto errout;
224 246
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-03 16:42:59 +0000