aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/main.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r--src/firejail/main.c9
1 files changed, 1 insertions, 8 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index df890ecea..75324b66a 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -479,7 +479,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
479 //************************************* 479 //*************************************
480 // independent commands - the program will exit! 480 // independent commands - the program will exit!
481 //************************************* 481 //*************************************
482#ifdef HAVE_SECCOMP
483 else if (strcmp(argv[i], "--debug-syscalls") == 0) { 482 else if (strcmp(argv[i], "--debug-syscalls") == 0) {
484 if (checkcfg(CFG_SECCOMP)) { 483 if (checkcfg(CFG_SECCOMP)) {
485 int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls"); 484 int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls");
@@ -529,7 +528,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
529 exit_err_feature("seccomp"); 528 exit_err_feature("seccomp");
530 exit(0); 529 exit(0);
531 } 530 }
532#endif
533 else if (strncmp(argv[i], "--profile.print=", 16) == 0) { 531 else if (strncmp(argv[i], "--profile.print=", 16) == 0) {
534 pid_t pid = require_pid(argv[i] + 16); 532 pid_t pid = require_pid(argv[i] + 16);
535 533
@@ -950,7 +948,6 @@ void filter_add_blacklist_override(int fd, int syscall, int arg, void *ptrarg, b
950 (void) native; 948 (void) native;
951} 949}
952 950
953#ifdef HAVE_SECCOMP
954static int check_postexec(const char *list) { 951static int check_postexec(const char *list) {
955 char *prelist, *postlist; 952 char *prelist, *postlist;
956 953
@@ -961,7 +958,6 @@ static int check_postexec(const char *list) {
961 } 958 }
962 return 0; 959 return 0;
963} 960}
964#endif
965 961
966//******************************************* 962//*******************************************
967// Main program 963// Main program
@@ -1264,7 +1260,6 @@ int main(int argc, char **argv, char **envp) {
1264 else if (strcmp(argv[i], "--apparmor") == 0) 1260 else if (strcmp(argv[i], "--apparmor") == 0)
1265 arg_apparmor = 1; 1261 arg_apparmor = 1;
1266#endif 1262#endif
1267#ifdef HAVE_SECCOMP
1268 else if (strncmp(argv[i], "--protocol=", 11) == 0) { 1263 else if (strncmp(argv[i], "--protocol=", 11) == 0) {
1269 if (checkcfg(CFG_SECCOMP)) { 1264 if (checkcfg(CFG_SECCOMP)) {
1270 if (cfg.protocol) { 1265 if (cfg.protocol) {
@@ -1402,7 +1397,6 @@ int main(int argc, char **argv, char **envp) {
1402 } else 1397 } else
1403 exit_err_feature("seccomp"); 1398 exit_err_feature("seccomp");
1404 } 1399 }
1405#endif
1406 else if (strcmp(argv[i], "--caps") == 0) { 1400 else if (strcmp(argv[i], "--caps") == 0) {
1407 arg_caps_default_filter = 1; 1401 arg_caps_default_filter = 1;
1408 arg_caps_cmdline = 1; 1402 arg_caps_cmdline = 1;
@@ -2783,10 +2777,9 @@ int main(int argc, char **argv, char **envp) {
2783 // check network configuration options - it will exit if anything went wrong 2777 // check network configuration options - it will exit if anything went wrong
2784 net_check_cfg(); 2778 net_check_cfg();
2785 2779
2786#ifdef HAVE_SECCOMP
2787 if (arg_seccomp) 2780 if (arg_seccomp)
2788 arg_seccomp_postexec = check_postexec(cfg.seccomp_list) || check_postexec(cfg.seccomp_list_drop); 2781 arg_seccomp_postexec = check_postexec(cfg.seccomp_list) || check_postexec(cfg.seccomp_list_drop);
2789#endif 2782
2790 bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec; 2783 bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
2791 if (need_preload && (cfg.seccomp_list32 || cfg.seccomp_list_drop32 || cfg.seccomp_list_keep32)) 2784 if (need_preload && (cfg.seccomp_list32 || cfg.seccomp_list_drop32 || cfg.seccomp_list_keep32))
2792 fwarning("preload libraries (trace, tracelog, postexecseccomp due to seccomp.drop=execve etc.) are incompatible with 32 bit filters\n"); 2785 fwarning("preload libraries (trace, tracelog, postexecseccomp due to seccomp.drop=execve etc.) are incompatible with 32 bit filters\n");