1 files changed, 3 insertions, 53 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index fc86f9651..b6f3a7f59 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -851,9 +851,6 @@ int main(int argc, char **argv) {
        int custom_profile = 0; // custom profile loaded
        char *custom_profile_dir = NULL; // custom profile directory
        int arg_noprofile = 0; // use default.profile if none other found/specified
-#ifdef HAVE_SECCOMP
-        int highest_errno = errno_highest_nr();
-#endif
        // build /run/firejail directory structure
        preproc_build_firejail_dir();
@@ -1155,9 +1152,7 @@ int main(int argc, char **argv) {
                                        exit(1);
                                }
                                arg_seccomp = 1;
-                                cfg.seccomp_list = strdup(argv[i] + 10);
+                                cfg.seccomp_list = seccomp_check_list(argv[i] + 10);
-                                if (!cfg.seccomp_list)
-                                        errExit("strdup");
                        }
                        else {
                                fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
@@ -1171,9 +1166,7 @@ int main(int argc, char **argv) {
                                        exit(1);
                                }
                                arg_seccomp = 1;
-                                cfg.seccomp_list_drop = strdup(argv[i] + 15);
+                                cfg.seccomp_list_drop = seccomp_check_list(argv[i] + 15);
-                                if (!cfg.seccomp_list_drop)
-                                        errExit("strdup");
                        }
                        else {
                                fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
@@ -1187,43 +1180,7 @@ int main(int argc, char **argv) {
                                        exit(1);
                                }
                                arg_seccomp = 1;
-                                cfg.seccomp_list_keep = strdup(argv[i] + 15);
+                                cfg.seccomp_list_keep = seccomp_check_list(argv[i] + 15);
-                                if (!cfg.seccomp_list_keep)
-                                        errExit("strdup");
-                        }
-                        else {
-                                fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
-                                exit(1);
-                        }
-                }
-                else if (strncmp(argv[i], "--seccomp.e", 11) == 0 && strchr(argv[i], '=')) {
-                        if (checkcfg(CFG_SECCOMP)) {
-                                if (arg_seccomp && !cfg.seccomp_list_errno) {
-                                        fprintf(stderr, "Error: seccomp already enabled\n");
-                                        exit(1);
-                                }
-                                char *eq = strchr(argv[i], '=');
-                                char *errnoname = strndup(argv[i] + 10, eq - (argv[i] + 10));
-                                int nr = errno_find_name(errnoname);
-                                if (nr == -1) {
-                                        fprintf(stderr, "Error: unknown errno %s\n", errnoname);
-                                        free(errnoname);
-                                        exit(1);
-                                }
-        
-                                if (!cfg.seccomp_list_errno)
-                                        cfg.seccomp_list_errno = calloc(highest_errno+1, sizeof(cfg.seccomp_list_errno[0]));
-        
-                                if (cfg.seccomp_list_errno[nr]) {
-                                        fprintf(stderr, "Error: errno %s already configured\n", errnoname);
-                                        free(errnoname);
-                                        exit(1);
-                                }
-                                arg_seccomp = 1;
-                                cfg.seccomp_list_errno[nr] = strdup(eq+1);
-                                if (!cfg.seccomp_list_errno[nr])
-                                        errExit("strdup");
-                                free(errnoname);
                        }
                        else {
                                fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
@@ -2606,13 +2563,6 @@ int main(int argc, char **argv) {
        waitpid(child, &status, 0);
        // free globals
-#ifdef HAVE_SECCOMP
-        if (cfg.seccomp_list_errno) {
-                for (i = 0; i < highest_errno; i++)
-                        free(cfg.seccomp_list_errno[i]);
-                free(cfg.seccomp_list_errno);
-        }
-#endif
        if (cfg.profile) {
                ProfileEntry *prf = cfg.profile;
                while (prf != NULL) {

diff --git a/src/firejail/main.c b/src/firejail/main.c index fc86f9651..b6f3a7f59 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -851,9 +851,6 @@ int main(int argc, char **argv) {
851	int custom_profile = 0; // custom profile loaded	851	int custom_profile = 0; // custom profile loaded
852	char *custom_profile_dir = NULL; // custom profile directory	852	char *custom_profile_dir = NULL; // custom profile directory
853	int arg_noprofile = 0; // use default.profile if none other found/specified	853	int arg_noprofile = 0; // use default.profile if none other found/specified
854	#ifdef HAVE_SECCOMP
855	int highest_errno = errno_highest_nr();
856	#endif
857		854
858	// build /run/firejail directory structure	855	// build /run/firejail directory structure
859	preproc_build_firejail_dir();	856	preproc_build_firejail_dir();
@@ -1155,9 +1152,7 @@ int main(int argc, char **argv) {
1155	exit(1);	1152	exit(1);
1156	}	1153	}
1157	arg_seccomp = 1;	1154	arg_seccomp = 1;
1158	cfg.seccomp_list = strdup(argv[i] + 10);	1155	cfg.seccomp_list = seccomp_check_list(argv[i] + 10);
1159	if (!cfg.seccomp_list)
1160	errExit("strdup");
1161	}	1156	}
1162	else {	1157	else {
1163	fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");	1158	fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
@@ -1171,9 +1166,7 @@ int main(int argc, char **argv) {
1171	exit(1);	1166	exit(1);
1172	}	1167	}
1173	arg_seccomp = 1;	1168	arg_seccomp = 1;
1174	cfg.seccomp_list_drop = strdup(argv[i] + 15);	1169	cfg.seccomp_list_drop = seccomp_check_list(argv[i] + 15);
1175	if (!cfg.seccomp_list_drop)
1176	errExit("strdup");
1177	}	1170	}
1178	else {	1171	else {
1179	fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");	1172	fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
@@ -1187,43 +1180,7 @@ int main(int argc, char **argv) {
1187	exit(1);	1180	exit(1);
1188	}	1181	}
1189	arg_seccomp = 1;	1182	arg_seccomp = 1;
1190	cfg.seccomp_list_keep = strdup(argv[i] + 15);	1183	cfg.seccomp_list_keep = seccomp_check_list(argv[i] + 15);
1191	if (!cfg.seccomp_list_keep)
1192	errExit("strdup");
1193	}
1194	else {
1195	fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
1196	exit(1);
1197	}
1198	}
1199	else if (strncmp(argv[i], "--seccomp.e", 11) == 0 && strchr(argv[i], '=')) {
1200	if (checkcfg(CFG_SECCOMP)) {
1201	if (arg_seccomp && !cfg.seccomp_list_errno) {
1202	fprintf(stderr, "Error: seccomp already enabled\n");
1203	exit(1);
1204	}
1205	char *eq = strchr(argv[i], '=');
1206	char *errnoname = strndup(argv[i] + 10, eq - (argv[i] + 10));
1207	int nr = errno_find_name(errnoname);
1208	if (nr == -1) {
1209	fprintf(stderr, "Error: unknown errno %s\n", errnoname);
1210	free(errnoname);
1211	exit(1);
1212	}
1213
1214	if (!cfg.seccomp_list_errno)
1215	cfg.seccomp_list_errno = calloc(highest_errno+1, sizeof(cfg.seccomp_list_errno[0]));
1216
1217	if (cfg.seccomp_list_errno[nr]) {
1218	fprintf(stderr, "Error: errno %s already configured\n", errnoname);
1219	free(errnoname);
1220	exit(1);
1221	}
1222	arg_seccomp = 1;
1223	cfg.seccomp_list_errno[nr] = strdup(eq+1);
1224	if (!cfg.seccomp_list_errno[nr])
1225	errExit("strdup");
1226	free(errnoname);
1227	}	1184	}
1228	else {	1185	else {
1229	fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");	1186	fprintf(stderr, "Error: seccomp feature is disabled in Firejail configuration file\n");
@@ -2606,13 +2563,6 @@ int main(int argc, char **argv) {
2606	waitpid(child, &status, 0);	2563	waitpid(child, &status, 0);
2607		2564
2608	// free globals	2565	// free globals
2609	#ifdef HAVE_SECCOMP
2610	if (cfg.seccomp_list_errno) {
2611	for (i = 0; i < highest_errno; i++)
2612	free(cfg.seccomp_list_errno[i]);
2613	free(cfg.seccomp_list_errno);
2614	}
2615	#endif
2616	if (cfg.profile) {	2566	if (cfg.profile) {
2617	ProfileEntry *prf = cfg.profile;	2567	ProfileEntry *prf = cfg.profile;
2618	while (prf != NULL) {	2568	while (prf != NULL) {