diff options
Diffstat (limited to 'src/firejail/profile.c')
-rw-r--r-- | src/firejail/profile.c | 57 |
1 files changed, 39 insertions, 18 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 1c843a460..723889dd2 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -132,7 +132,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
132 | return 0; | 132 | return 0; |
133 | } | 133 | } |
134 | else if (strcmp(ptr, "seccomp") == 0) { | 134 | else if (strcmp(ptr, "seccomp") == 0) { |
135 | arg_seccomp = 1; | 135 | #ifdef HAVE_SECCOMP |
136 | if (checkcfg(CFG_SECCOMP)) | ||
137 | arg_seccomp = 1; | ||
138 | else | ||
139 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); | ||
140 | #endif | ||
136 | return 0; | 141 | return 0; |
137 | } | 142 | } |
138 | else if (strcmp(ptr, "caps") == 0) { | 143 | else if (strcmp(ptr, "caps") == 0) { |
@@ -209,12 +214,15 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
209 | return 0; | 214 | return 0; |
210 | } | 215 | } |
211 | 216 | ||
212 | #ifdef HAVE_SECCOMP | ||
213 | if (strncmp(ptr, "protocol ", 9) == 0) { | 217 | if (strncmp(ptr, "protocol ", 9) == 0) { |
214 | protocol_store(ptr + 9); | 218 | #ifdef HAVE_SECCOMP |
219 | if (checkcfg(CFG_SECCOMP)) | ||
220 | protocol_store(ptr + 9); | ||
221 | else | ||
222 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); | ||
223 | #endif | ||
215 | return 0; | 224 | return 0; |
216 | } | 225 | } |
217 | #endif | ||
218 | 226 | ||
219 | if (strncmp(ptr, "env ", 4) == 0) { | 227 | if (strncmp(ptr, "env ", 4) == 0) { |
220 | env_store(ptr + 4); | 228 | env_store(ptr + 4); |
@@ -223,34 +231,47 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
223 | 231 | ||
224 | // seccomp drop list on top of default list | 232 | // seccomp drop list on top of default list |
225 | if (strncmp(ptr, "seccomp ", 8) == 0) { | 233 | if (strncmp(ptr, "seccomp ", 8) == 0) { |
226 | arg_seccomp = 1; | ||
227 | #ifdef HAVE_SECCOMP | 234 | #ifdef HAVE_SECCOMP |
228 | cfg.seccomp_list = strdup(ptr + 8); | 235 | if (checkcfg(CFG_SECCOMP)) { |
229 | if (!cfg.seccomp_list) | 236 | arg_seccomp = 1; |
230 | errExit("strdup"); | 237 | cfg.seccomp_list = strdup(ptr + 8); |
238 | if (!cfg.seccomp_list) | ||
239 | errExit("strdup"); | ||
240 | } | ||
241 | else | ||
242 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); | ||
231 | #endif | 243 | #endif |
244 | |||
232 | return 0; | 245 | return 0; |
233 | } | 246 | } |
234 | 247 | ||
235 | // seccomp drop list without default list | 248 | // seccomp drop list without default list |
236 | if (strncmp(ptr, "seccomp.drop ", 13) == 0) { | 249 | if (strncmp(ptr, "seccomp.drop ", 13) == 0) { |
237 | arg_seccomp = 1; | ||
238 | #ifdef HAVE_SECCOMP | 250 | #ifdef HAVE_SECCOMP |
239 | cfg.seccomp_list_drop = strdup(ptr + 13); | 251 | if (checkcfg(CFG_SECCOMP)) { |
240 | if (!cfg.seccomp_list_drop) | 252 | arg_seccomp = 1; |
241 | errExit("strdup"); | 253 | cfg.seccomp_list_drop = strdup(ptr + 13); |
242 | #endif | 254 | if (!cfg.seccomp_list_drop) |
255 | errExit("strdup"); | ||
256 | } | ||
257 | else | ||
258 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); | ||
259 | #endif | ||
243 | return 0; | 260 | return 0; |
244 | } | 261 | } |
245 | 262 | ||
246 | // seccomp keep list | 263 | // seccomp keep list |
247 | if (strncmp(ptr, "seccomp.keep ", 13) == 0) { | 264 | if (strncmp(ptr, "seccomp.keep ", 13) == 0) { |
248 | arg_seccomp = 1; | ||
249 | #ifdef HAVE_SECCOMP | 265 | #ifdef HAVE_SECCOMP |
250 | cfg.seccomp_list_keep= strdup(ptr + 13); | 266 | if (checkcfg(CFG_SECCOMP)) { |
251 | if (!cfg.seccomp_list_keep) | 267 | arg_seccomp = 1; |
252 | errExit("strdup"); | 268 | cfg.seccomp_list_keep= strdup(ptr + 13); |
253 | #endif | 269 | if (!cfg.seccomp_list_keep) |
270 | errExit("strdup"); | ||
271 | } | ||
272 | else | ||
273 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); | ||
274 | #endif | ||
254 | return 0; | 275 | return 0; |
255 | } | 276 | } |
256 | 277 | ||