1 files changed, 1 insertions, 8 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index df890ecea..75324b66a 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -479,7 +479,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
        //*************************************
        // independent commands - the program will exit!
        //*************************************
-#ifdef HAVE_SECCOMP
        else if (strcmp(argv[i], "--debug-syscalls") == 0) {
                if (checkcfg(CFG_SECCOMP)) {
                        int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls");
@@ -529,7 +528,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
                        exit_err_feature("seccomp");
                exit(0);
        }
-#endif
        else if (strncmp(argv[i], "--profile.print=", 16) == 0) {
                pid_t pid = require_pid(argv[i] + 16);
@@ -950,7 +948,6 @@ void filter_add_blacklist_override(int fd, int syscall, int arg, void *ptrarg, b
        (void) native;
 }
-#ifdef HAVE_SECCOMP
 static int check_postexec(const char *list) {
        char *prelist, *postlist;
@@ -961,7 +958,6 @@ static int check_postexec(const char *list) {
        }
        return 0;
 }
-#endif
 //*******************************************
 // Main program
@@ -1264,7 +1260,6 @@ int main(int argc, char **argv, char **envp) {
                else if (strcmp(argv[i], "--apparmor") == 0)
                        arg_apparmor = 1;
 #endif
-#ifdef HAVE_SECCOMP
                else if (strncmp(argv[i], "--protocol=", 11) == 0) {
                        if (checkcfg(CFG_SECCOMP)) {
                                if (cfg.protocol) {
@@ -1402,7 +1397,6 @@ int main(int argc, char **argv, char **envp) {
                        } else
                                exit_err_feature("seccomp");
                }
-#endif
                else if (strcmp(argv[i], "--caps") == 0) {
                        arg_caps_default_filter = 1;
                        arg_caps_cmdline = 1;
@@ -2783,10 +2777,9 @@ int main(int argc, char **argv, char **envp) {
        // check network configuration options - it will exit if anything went wrong
        net_check_cfg();
-#ifdef HAVE_SECCOMP
        if (arg_seccomp)
                arg_seccomp_postexec = check_postexec(cfg.seccomp_list) || check_postexec(cfg.seccomp_list_drop);
-#endif
        bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
        if (need_preload && (cfg.seccomp_list32 || cfg.seccomp_list_drop32 || cfg.seccomp_list_keep32))
                fwarning("preload libraries (trace, tracelog, postexecseccomp due to seccomp.drop=execve etc.) are incompatible with 32 bit filters\n");

diff --git a/src/firejail/main.c b/src/firejail/main.c index df890ecea..75324b66a 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -479,7 +479,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
479	//*************************************	479	//*************************************
480	// independent commands - the program will exit!	480	// independent commands - the program will exit!
481	//*************************************	481	//*************************************
482	#ifdef HAVE_SECCOMP
483	else if (strcmp(argv[i], "--debug-syscalls") == 0) {	482	else if (strcmp(argv[i], "--debug-syscalls") == 0) {
484	if (checkcfg(CFG_SECCOMP)) {	483	if (checkcfg(CFG_SECCOMP)) {
485	int rv = sbox_run(SBOX_USER \| SBOX_CAPS_NONE \| SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls");	484	int rv = sbox_run(SBOX_USER \| SBOX_CAPS_NONE \| SBOX_SECCOMP, 2, PATH_FSECCOMP_MAIN, "debug-syscalls");
@@ -529,7 +528,6 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
529	exit_err_feature("seccomp");	528	exit_err_feature("seccomp");
530	exit(0);	529	exit(0);
531	}	530	}
532	#endif
533	else if (strncmp(argv[i], "--profile.print=", 16) == 0) {	531	else if (strncmp(argv[i], "--profile.print=", 16) == 0) {
534	pid_t pid = require_pid(argv[i] + 16);	532	pid_t pid = require_pid(argv[i] + 16);
535		533
@@ -950,7 +948,6 @@ void filter_add_blacklist_override(int fd, int syscall, int arg, void *ptrarg, b
950	(void) native;	948	(void) native;
951	}	949	}
952		950
953	#ifdef HAVE_SECCOMP
954	static int check_postexec(const char *list) {	951	static int check_postexec(const char *list) {
955	char prelist, postlist;	952	char prelist, postlist;
956		953
@@ -961,7 +958,6 @@ static int check_postexec(const char *list) {
961	}	958	}
962	return 0;	959	return 0;
963	}	960	}
964	#endif
965		961
966	//*******************************************	962	//*******************************************
967	// Main program	963	// Main program
@@ -1264,7 +1260,6 @@ int main(int argc, char argv, char envp) {
1264	else if (strcmp(argv[i], "--apparmor") == 0)	1260	else if (strcmp(argv[i], "--apparmor") == 0)
1265	arg_apparmor = 1;	1261	arg_apparmor = 1;
1266	#endif	1262	#endif
1267	#ifdef HAVE_SECCOMP
1268	else if (strncmp(argv[i], "--protocol=", 11) == 0) {	1263	else if (strncmp(argv[i], "--protocol=", 11) == 0) {
1269	if (checkcfg(CFG_SECCOMP)) {	1264	if (checkcfg(CFG_SECCOMP)) {
1270	if (cfg.protocol) {	1265	if (cfg.protocol) {
@@ -1402,7 +1397,6 @@ int main(int argc, char argv, char envp) {
1402	} else	1397	} else
1403	exit_err_feature("seccomp");	1398	exit_err_feature("seccomp");
1404	}	1399	}
1405	#endif
1406	else if (strcmp(argv[i], "--caps") == 0) {	1400	else if (strcmp(argv[i], "--caps") == 0) {
1407	arg_caps_default_filter = 1;	1401	arg_caps_default_filter = 1;
1408	arg_caps_cmdline = 1;	1402	arg_caps_cmdline = 1;
@@ -2783,10 +2777,9 @@ int main(int argc, char argv, char envp) {
2783	// check network configuration options - it will exit if anything went wrong	2777	// check network configuration options - it will exit if anything went wrong
2784	net_check_cfg();	2778	net_check_cfg();
2785		2779
2786	#ifdef HAVE_SECCOMP
2787	if (arg_seccomp)	2780	if (arg_seccomp)
2788	arg_seccomp_postexec = check_postexec(cfg.seccomp_list) \|\| check_postexec(cfg.seccomp_list_drop);	2781	arg_seccomp_postexec = check_postexec(cfg.seccomp_list) \|\| check_postexec(cfg.seccomp_list_drop);
2789	#endif	2782
2790	bool need_preload = arg_trace \|\| arg_tracelog \|\| arg_seccomp_postexec;	2783	bool need_preload = arg_trace \|\| arg_tracelog \|\| arg_seccomp_postexec;
2791	if (need_preload && (cfg.seccomp_list32 \|\| cfg.seccomp_list_drop32 \|\| cfg.seccomp_list_keep32))	2784	if (need_preload && (cfg.seccomp_list32 \|\| cfg.seccomp_list_drop32 \|\| cfg.seccomp_list_keep32))
2792	fwarning("preload libraries (trace, tracelog, postexecseccomp due to seccomp.drop=execve etc.) are incompatible with 32 bit filters\n");	2785	fwarning("preload libraries (trace, tracelog, postexecseccomp due to seccomp.drop=execve etc.) are incompatible with 32 bit filters\n");