diff options
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r-- | src/firejail/main.c | 56 |
1 files changed, 3 insertions, 53 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index fc86f9651..b6f3a7f59 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -851,9 +851,6 @@ int main(int argc, char **argv) { | |||
851 | int custom_profile = 0; // custom profile loaded | 851 | int custom_profile = 0; // custom profile loaded |
852 | char *custom_profile_dir = NULL; // custom profile directory | 852 | char *custom_profile_dir = NULL; // custom profile directory |
853 | int arg_noprofile = 0; // use default.profile if none other found/specified | 853 | int arg_noprofile = 0; // use default.profile if none other found/specified |
854 | #ifdef HAVE_SECCOMP | ||
855 | int highest_errno = errno_highest_nr(); | ||
856 | #endif | ||
857 | 854 | ||
858 | // build /run/firejail directory structure | 855 | // build /run/firejail directory structure |
859 | preproc_build_firejail_dir(); | 856 | preproc_build_firejail_dir(); |
@@ -1155,9 +1152,7 @@ int main(int argc, char **argv) { | |||
1155 | exit(1); | 1152 | exit(1); |
1156 | } | 1153 | } |
1157 | arg_seccomp = 1; | 1154 | arg_seccomp = 1; |
1158 | cfg.seccomp_list = strdup(argv[i] + 10); | 1155 | cfg.seccomp_list = seccomp_check_list(argv[i] + 10); |
1159 | if (!cfg.seccomp_list) | ||
1160 | errExit("strdup"); | ||
1161 | } | 1156 | } |
1162 | else { | 1157 | else { |
1163 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); | 1158 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); |
@@ -1171,9 +1166,7 @@ int main(int argc, char **argv) { | |||
1171 | exit(1); | 1166 | exit(1); |
1172 | } | 1167 | } |
1173 | arg_seccomp = 1; | 1168 | arg_seccomp = 1; |
1174 | cfg.seccomp_list_drop = strdup(argv[i] + 15); | 1169 | cfg.seccomp_list_drop = seccomp_check_list(argv[i] + 15); |
1175 | if (!cfg.seccomp_list_drop) | ||
1176 | errExit("strdup"); | ||
1177 | } | 1170 | } |
1178 | else { | 1171 | else { |
1179 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); | 1172 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); |
@@ -1187,43 +1180,7 @@ int main(int argc, char **argv) { | |||
1187 | exit(1); | 1180 | exit(1); |
1188 | } | 1181 | } |
1189 | arg_seccomp = 1; | 1182 | arg_seccomp = 1; |
1190 | cfg.seccomp_list_keep = strdup(argv[i] + 15); | 1183 | cfg.seccomp_list_keep = seccomp_check_list(argv[i] + 15); |
1191 | if (!cfg.seccomp_list_keep) | ||
1192 | errExit("strdup"); | ||
1193 | } | ||
1194 | else { | ||
1195 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); | ||
1196 | exit(1); | ||
1197 | } | ||
1198 | } | ||
1199 | else if (strncmp(argv[i], "--seccomp.e", 11) == 0 && strchr(argv[i], '=')) { | ||
1200 | if (checkcfg(CFG_SECCOMP)) { | ||
1201 | if (arg_seccomp && !cfg.seccomp_list_errno) { | ||
1202 | fprintf(stderr, "Error: seccomp already enabled\n"); | ||
1203 | exit(1); | ||
1204 | } | ||
1205 | char *eq = strchr(argv[i], '='); | ||
1206 | char *errnoname = strndup(argv[i] + 10, eq - (argv[i] + 10)); | ||
1207 | int nr = errno_find_name(errnoname); | ||
1208 | if (nr == -1) { | ||
1209 | fprintf(stderr, "Error: unknown errno %s\n", errnoname); | ||
1210 | free(errnoname); | ||
1211 | exit(1); | ||
1212 | } | ||
1213 | |||
1214 | if (!cfg.seccomp_list_errno) | ||
1215 | cfg.seccomp_list_errno = calloc(highest_errno+1, sizeof(cfg.seccomp_list_errno[0])); | ||
1216 | |||
1217 | if (cfg.seccomp_list_errno[nr]) { | ||
1218 | fprintf(stderr, "Error: errno %s already configured\n", errnoname); | ||
1219 | free(errnoname); | ||
1220 | exit(1); | ||
1221 | } | ||
1222 | arg_seccomp = 1; | ||
1223 | cfg.seccomp_list_errno[nr] = strdup(eq+1); | ||
1224 | if (!cfg.seccomp_list_errno[nr]) | ||
1225 | errExit("strdup"); | ||
1226 | free(errnoname); | ||
1227 | } | 1184 | } |
1228 | else { | 1185 | else { |
1229 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); | 1186 | fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n"); |
@@ -2606,13 +2563,6 @@ int main(int argc, char **argv) { | |||
2606 | waitpid(child, &status, 0); | 2563 | waitpid(child, &status, 0); |
2607 | 2564 | ||
2608 | // free globals | 2565 | // free globals |
2609 | #ifdef HAVE_SECCOMP | ||
2610 | if (cfg.seccomp_list_errno) { | ||
2611 | for (i = 0; i < highest_errno; i++) | ||
2612 | free(cfg.seccomp_list_errno[i]); | ||
2613 | free(cfg.seccomp_list_errno); | ||
2614 | } | ||
2615 | #endif | ||
2616 | if (cfg.profile) { | 2566 | if (cfg.profile) { |
2617 | ProfileEntry *prf = cfg.profile; | 2567 | ProfileEntry *prf = cfg.profile; |
2618 | while (prf != NULL) { | 2568 | while (prf != NULL) { |