diff options
Diffstat (limited to 'src/firejail/main.c')
| -rw-r--r-- | src/firejail/main.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index 089d80a68..d46a56627 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
| @@ -961,7 +961,7 @@ void filter_add_blacklist_override(int fd, int syscall, int arg, void *ptrarg, b | |||
| 961 | static int check_postexec(const char *list) { | 961 | static int check_postexec(const char *list) { |
| 962 | char *prelist, *postlist; | 962 | char *prelist, *postlist; |
| 963 | 963 | ||
| 964 | if (list) { | 964 | if (list && list[0]) { |
| 965 | syscalls_in_list(list, "@default-keep", -1, &prelist, &postlist, true); | 965 | syscalls_in_list(list, "@default-keep", -1, &prelist, &postlist, true); |
| 966 | if (postlist) | 966 | if (postlist) |
| 967 | return 1; | 967 | return 1; |
| @@ -2855,6 +2855,15 @@ int main(int argc, char **argv, char **envp) { | |||
| 2855 | // check network configuration options - it will exit if anything went wrong | 2855 | // check network configuration options - it will exit if anything went wrong |
| 2856 | net_check_cfg(); | 2856 | net_check_cfg(); |
| 2857 | 2857 | ||
| 2858 | // customization of default seccomp filter | ||
| 2859 | if (config_seccomp_filter_add) { | ||
| 2860 | if (arg_seccomp && !cfg.seccomp_list_keep && !cfg.seccomp_list_drop) | ||
| 2861 | profile_list_augment(&cfg.seccomp_list, config_seccomp_filter_add); | ||
| 2862 | |||
| 2863 | if (arg_seccomp32 && !cfg.seccomp_list_keep32 && !cfg.seccomp_list_drop32) | ||
| 2864 | profile_list_augment(&cfg.seccomp_list32, config_seccomp_filter_add); | ||
| 2865 | } | ||
| 2866 | |||
| 2858 | if (arg_seccomp) | 2867 | if (arg_seccomp) |
| 2859 | arg_seccomp_postexec = check_postexec(cfg.seccomp_list) || check_postexec(cfg.seccomp_list_drop); | 2868 | arg_seccomp_postexec = check_postexec(cfg.seccomp_list) || check_postexec(cfg.seccomp_list_drop); |
| 2860 | 2869 | ||