diff options
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r-- | src/firejail/main.c | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 15d42a4e0..e210ceb31 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -404,8 +404,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
404 | #ifdef HAVE_SECCOMP | 404 | #ifdef HAVE_SECCOMP |
405 | else if (strcmp(argv[i], "--debug-syscalls") == 0) { | 405 | else if (strcmp(argv[i], "--debug-syscalls") == 0) { |
406 | if (checkcfg(CFG_SECCOMP)) { | 406 | if (checkcfg(CFG_SECCOMP)) { |
407 | syscall_print(); | 407 | int rv = sbox_run(SBOX_USER | SBOX_CAPS | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-syscalls"); |
408 | exit(0); | 408 | exit(rv); |
409 | } | 409 | } |
410 | else { | 410 | else { |
411 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); | 411 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); |
@@ -414,7 +414,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
414 | } | 414 | } |
415 | else if (strcmp(argv[i], "--debug-errnos") == 0) { | 415 | else if (strcmp(argv[i], "--debug-errnos") == 0) { |
416 | if (checkcfg(CFG_SECCOMP)) { | 416 | if (checkcfg(CFG_SECCOMP)) { |
417 | errno_print(); | 417 | int rv = sbox_run(SBOX_USER | SBOX_CAPS | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-errnos"); |
418 | exit(rv); | ||
418 | } | 419 | } |
419 | else { | 420 | else { |
420 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); | 421 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); |
@@ -438,8 +439,8 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
438 | exit(0); | 439 | exit(0); |
439 | } | 440 | } |
440 | else if (strcmp(argv[i], "--debug-protocols") == 0) { | 441 | else if (strcmp(argv[i], "--debug-protocols") == 0) { |
441 | protocol_list(); | 442 | int rv = sbox_run(SBOX_USER | SBOX_CAPS | SBOX_SECCOMP, 2, PATH_FSECCOMP, "debug-protocols"); |
442 | exit(0); | 443 | exit(rv); |
443 | } | 444 | } |
444 | else if (strncmp(argv[i], "--protocol.print=", 17) == 0) { | 445 | else if (strncmp(argv[i], "--protocol.print=", 17) == 0) { |
445 | if (checkcfg(CFG_SECCOMP)) { | 446 | if (checkcfg(CFG_SECCOMP)) { |
@@ -1117,7 +1118,16 @@ int main(int argc, char **argv) { | |||
1117 | #ifdef HAVE_SECCOMP | 1118 | #ifdef HAVE_SECCOMP |
1118 | else if (strncmp(argv[i], "--protocol=", 11) == 0) { | 1119 | else if (strncmp(argv[i], "--protocol=", 11) == 0) { |
1119 | if (checkcfg(CFG_SECCOMP)) { | 1120 | if (checkcfg(CFG_SECCOMP)) { |
1120 | protocol_store(argv[i] + 11); | 1121 | if (cfg.protocol) { |
1122 | if (!arg_quiet) | ||
1123 | fprintf(stderr, "Warning: a protocol list is present, the new list \"%s\" will not be installed\n", argv[i] + 11); | ||
1124 | } | ||
1125 | else { | ||
1126 | // store list | ||
1127 | cfg.protocol = strdup(argv[i] + 11); | ||
1128 | if (!cfg.protocol) | ||
1129 | errExit("strdup"); | ||
1130 | } | ||
1121 | } | 1131 | } |
1122 | else { | 1132 | else { |
1123 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); | 1133 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); |