1 files changed, 12 insertions, 0 deletions

diff --git a/src/firejail/main.c b/src/firejail/main.c
index 71a37beb7..3f805a7e0 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -57,6 +57,7 @@ int arg_overlay_reuse = 0;			// allow the reuse of overlays
 
 int arg_seccomp = 0;                            // enable default seccomp filter
 int arg_seccomp_postexec = 0;                   // need postexec ld.preload library?
+int arg_seccomp_block_secondary = 0;            // block any secondary architectures
 
 int arg_caps_default_filter = 0;                        // enable default capabilities filter
 int arg_caps_drop = 0;                          // drop list
@@ -1147,6 +1148,13 @@ int main(int argc, char **argv) {
                         else
                                 exit_err_feature("seccomp");
                 }
+                else if (strcmp(argv[i], "--seccomp.block-secondary") == 0) {
+                        if (checkcfg(CFG_SECCOMP)) {
+                                arg_seccomp_block_secondary = 1;
+                        }
+                        else
+                                exit_err_feature("seccomp");
+                }
                 else if (strcmp(argv[i], "--memory-deny-write-execute") == 0) {
                         if (checkcfg(CFG_SECCOMP))
                                 arg_memory_deny_write_execute = 1;
@@ -2239,6 +2247,10 @@ int main(int argc, char **argv) {
                 }
         }
 
+        // enable seccomp if only seccomp.block-secondary was specified
+        if (arg_seccomp_block_secondary)
+                arg_seccomp = 1;
+
         // log command
         logargs(argc, argv);
         if (fullargc) {