diff options
Diffstat (limited to 'src/firejail/profile.c')
| -rw-r--r-- | src/firejail/profile.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index f7d5e87e6..f3a7eb727 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
| @@ -529,9 +529,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 529 | #ifdef HAVE_SECCOMP | 529 | #ifdef HAVE_SECCOMP |
| 530 | if (checkcfg(CFG_SECCOMP)) { | 530 | if (checkcfg(CFG_SECCOMP)) { |
| 531 | arg_seccomp = 1; | 531 | arg_seccomp = 1; |
| 532 | cfg.seccomp_list = strdup(ptr + 8); | 532 | cfg.seccomp_list = seccomp_check_list(ptr + 8); |
| 533 | if (!cfg.seccomp_list) | ||
| 534 | errExit("strdup"); | ||
| 535 | } | 533 | } |
| 536 | else | 534 | else |
| 537 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); | 535 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); |
| @@ -545,9 +543,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 545 | #ifdef HAVE_SECCOMP | 543 | #ifdef HAVE_SECCOMP |
| 546 | if (checkcfg(CFG_SECCOMP)) { | 544 | if (checkcfg(CFG_SECCOMP)) { |
| 547 | arg_seccomp = 1; | 545 | arg_seccomp = 1; |
| 548 | cfg.seccomp_list_drop = strdup(ptr + 13); | 546 | cfg.seccomp_list_drop = seccomp_check_list(ptr + 13); |
| 549 | if (!cfg.seccomp_list_drop) | ||
| 550 | errExit("strdup"); | ||
| 551 | } | 547 | } |
| 552 | else | 548 | else |
| 553 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); | 549 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); |
| @@ -560,9 +556,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 560 | #ifdef HAVE_SECCOMP | 556 | #ifdef HAVE_SECCOMP |
| 561 | if (checkcfg(CFG_SECCOMP)) { | 557 | if (checkcfg(CFG_SECCOMP)) { |
| 562 | arg_seccomp = 1; | 558 | arg_seccomp = 1; |
| 563 | cfg.seccomp_list_keep= strdup(ptr + 13); | 559 | cfg.seccomp_list_keep= seccomp_check_list(ptr + 13); |
| 564 | if (!cfg.seccomp_list_keep) | ||
| 565 | errExit("strdup"); | ||
| 566 | } | 560 | } |
| 567 | else | 561 | else |
| 568 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); | 562 | fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n"); |
| @@ -576,7 +570,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 576 | arg_caps_list = strdup(ptr + 10); | 570 | arg_caps_list = strdup(ptr + 10); |
| 577 | if (!arg_caps_list) | 571 | if (!arg_caps_list) |
| 578 | errExit("strdup"); | 572 | errExit("strdup"); |
| 579 | // verify seccomp list and exit if problems | 573 | // verify caps list and exit if problems |
| 580 | if (caps_check_list(arg_caps_list, NULL)) | 574 | if (caps_check_list(arg_caps_list, NULL)) |
| 581 | exit(1); | 575 | exit(1); |
| 582 | return 0; | 576 | return 0; |
| @@ -588,7 +582,7 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
| 588 | arg_caps_list = strdup(ptr + 10); | 582 | arg_caps_list = strdup(ptr + 10); |
| 589 | if (!arg_caps_list) | 583 | if (!arg_caps_list) |
| 590 | errExit("strdup"); | 584 | errExit("strdup"); |
| 591 | // verify seccomp list and exit if problems | 585 | // verify caps list and exit if problems |
| 592 | if (caps_check_list(arg_caps_list, NULL)) | 586 | if (caps_check_list(arg_caps_list, NULL)) |
| 593 | exit(1); | 587 | exit(1); |
| 594 | return 0; | 588 | return 0; |