aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/main.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r--src/firejail/main.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 15d42a4e0..e210ceb31 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -404,8 +404,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
404#ifdef HAVE_SECCOMP 404#ifdef HAVE_SECCOMP
405 else if (strcmp(argv[i], "--debug-syscalls") == 0) { 405 else if (strcmp(argv[i], "--debug-syscalls") == 0) {
406 if (checkcfg(CFG_SECCOMP)) { 406 if (checkcfg(CFG_SECCOMP)) {
407 syscall_print(); 407 int rv = sbox_run(SBOX_USER | SBOX_CAPS | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-syscalls");
408 exit(0); 408 exit(rv);
409 } 409 }
410 else { 410 else {
411 fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); 411 fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
@@ -414,7 +414,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
414 } 414 }
415 else if (strcmp(argv[i], "--debug-errnos") == 0) { 415 else if (strcmp(argv[i], "--debug-errnos") == 0) {
416 if (checkcfg(CFG_SECCOMP)) { 416 if (checkcfg(CFG_SECCOMP)) {
417 errno_print(); 417 int rv = sbox_run(SBOX_USER | SBOX_CAPS | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-errnos");
418 exit(rv);
418 } 419 }
419 else { 420 else {
420 fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); 421 fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
@@ -438,8 +439,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
438 exit(0); 439 exit(0);
439 } 440 }
440 else if (strcmp(argv[i], "--debug-protocols") == 0) { 441 else if (strcmp(argv[i], "--debug-protocols") == 0) {
441 protocol_list(); 442 int rv = sbox_run(SBOX_USER | SBOX_CAPS | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-protocols");
442 exit(0); 443 exit(rv);
443 } 444 }
444 else if (strncmp(argv[i], "--protocol.print=", 17) == 0) { 445 else if (strncmp(argv[i], "--protocol.print=", 17) == 0) {
445 if (checkcfg(CFG_SECCOMP)) { 446 if (checkcfg(CFG_SECCOMP)) {
@@ -1117,7 +1118,16 @@ int main(int argc, char **argv) {
1117#ifdef HAVE_SECCOMP 1118#ifdef HAVE_SECCOMP
1118 else if (strncmp(argv[i], "--protocol=", 11) == 0) { 1119 else if (strncmp(argv[i], "--protocol=", 11) == 0) {
1119 if (checkcfg(CFG_SECCOMP)) { 1120 if (checkcfg(CFG_SECCOMP)) {
1120 protocol_store(argv[i] + 11); 1121 if (cfg.protocol) {
1122 if (!arg_quiet)
1123 fprintf(stderr, "Warning: a protocol list is present, the new list \"%s\" will not be installed\n", argv[i] + 11);
1124 }
1125 else {
1126 // store list
1127 cfg.protocol = strdup(argv[i] + 11);
1128 if (!cfg.protocol)
1129 errExit("strdup");
1130 }
1121 } 1131 }
1122 else { 1132 else {
1123 fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); 1133 fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-03 15:16:18 +0000