diff options
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r-- | src/firejail/main.c | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index df890ecea..75324b66a 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -479,7 +479,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
479 | //************************************* | 479 | //************************************* |
480 | // independent commands - the program will exit! | 480 | // independent commands - the program will exit! |
481 | //************************************* | 481 | //************************************* |
482 | #ifdef HAVE_SECCOMP | ||
483 | else if (strcmp(argv[i], "--debug-syscalls") == 0) { | 482 | else if (strcmp(argv[i], "--debug-syscalls") == 0) { |
484 | if (checkcfg(CFG_SECCOMP)) { | 483 | if (checkcfg(CFG_SECCOMP)) { |
485 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls"); | 484 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls"); |
@@ -529,7 +528,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) { | |||
529 | exit_err_feature("seccomp"); | 528 | exit_err_feature("seccomp"); |
530 | exit(0); | 529 | exit(0); |
531 | } | 530 | } |
532 | #endif | ||
533 | else if (strncmp(argv[i], "--profile.print=", 16) == 0) { | 531 | else if (strncmp(argv[i], "--profile.print=", 16) == 0) { |
534 | pid_t pid = require_pid(argv[i] + 16); | 532 | pid_t pid = require_pid(argv[i] + 16); |
535 | 533 | ||
@@ -950,7 +948,6 @@ void filter_add_blacklist_override(int fd, int syscall, int arg, void *ptrarg, b | |||
950 | (void) native; | 948 | (void) native; |
951 | } | 949 | } |
952 | 950 | ||
953 | #ifdef HAVE_SECCOMP | ||
954 | static int check_postexec(const char *list) { | 951 | static int check_postexec(const char *list) { |
955 | char *prelist, *postlist; | 952 | char *prelist, *postlist; |
956 | 953 | ||
@@ -961,7 +958,6 @@ static int check_postexec(const char *list) { | |||
961 | } | 958 | } |
962 | return 0; | 959 | return 0; |
963 | } | 960 | } |
964 | #endif | ||
965 | 961 | ||
966 | //******************************************* | 962 | //******************************************* |
967 | // Main program | 963 | // Main program |
@@ -1264,7 +1260,6 @@ int main(int argc, char **argv, char **envp) { | |||
1264 | else if (strcmp(argv[i], "--apparmor") == 0) | 1260 | else if (strcmp(argv[i], "--apparmor") == 0) |
1265 | arg_apparmor = 1; | 1261 | arg_apparmor = 1; |
1266 | #endif | 1262 | #endif |
1267 | #ifdef HAVE_SECCOMP | ||
1268 | else if (strncmp(argv[i], "--protocol=", 11) == 0) { | 1263 | else if (strncmp(argv[i], "--protocol=", 11) == 0) { |
1269 | if (checkcfg(CFG_SECCOMP)) { | 1264 | if (checkcfg(CFG_SECCOMP)) { |
1270 | if (cfg.protocol) { | 1265 | if (cfg.protocol) { |
@@ -1402,7 +1397,6 @@ int main(int argc, char **argv, char **envp) { | |||
1402 | } else | 1397 | } else |
1403 | exit_err_feature("seccomp"); | 1398 | exit_err_feature("seccomp"); |
1404 | } | 1399 | } |
1405 | #endif | ||
1406 | else if (strcmp(argv[i], "--caps") == 0) { | 1400 | else if (strcmp(argv[i], "--caps") == 0) { |
1407 | arg_caps_default_filter = 1; | 1401 | arg_caps_default_filter = 1; |
1408 | arg_caps_cmdline = 1; | 1402 | arg_caps_cmdline = 1; |
@@ -2783,10 +2777,9 @@ int main(int argc, char **argv, char **envp) { | |||
2783 | // check network configuration options - it will exit if anything went wrong | 2777 | // check network configuration options - it will exit if anything went wrong |
2784 | net_check_cfg(); | 2778 | net_check_cfg(); |
2785 | 2779 | ||
2786 | #ifdef HAVE_SECCOMP | ||
2787 | if (arg_seccomp) | 2780 | if (arg_seccomp) |
2788 | arg_seccomp_postexec = check_postexec(cfg.seccomp_list) || check_postexec(cfg.seccomp_list_drop); | 2781 | arg_seccomp_postexec = check_postexec(cfg.seccomp_list) || check_postexec(cfg.seccomp_list_drop); |
2789 | #endif | 2782 | |
2790 | bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec; | 2783 | bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec; |
2791 | if (need_preload && (cfg.seccomp_list32 || cfg.seccomp_list_drop32 || cfg.seccomp_list_keep32)) | 2784 | if (need_preload && (cfg.seccomp_list32 || cfg.seccomp_list_drop32 || cfg.seccomp_list_keep32)) |
2792 | fwarning("preload libraries (trace, tracelog, postexecseccomp due to seccomp.drop=execve etc.) are incompatible with 32 bit filters\n"); | 2785 | fwarning("preload libraries (trace, tracelog, postexecseccomp due to seccomp.drop=execve etc.) are incompatible with 32 bit filters\n"); |