aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/profile.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/profile.c')
-rw-r--r--src/firejail/profile.c57
1 files changed, 39 insertions, 18 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 1c843a460..723889dd2 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -132,7 +132,12 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
132 return 0; 132 return 0;
133 } 133 }
134 else if (strcmp(ptr, "seccomp") == 0) { 134 else if (strcmp(ptr, "seccomp") == 0) {
135 arg_seccomp = 1; 135#ifdef HAVE_SECCOMP
136 if (checkcfg(CFG_SECCOMP))
137 arg_seccomp = 1;
138 else
139 fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n");
140#endif
136 return 0; 141 return 0;
137 } 142 }
138 else if (strcmp(ptr, "caps") == 0) { 143 else if (strcmp(ptr, "caps") == 0) {
@@ -209,12 +214,15 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
209 return 0; 214 return 0;
210 } 215 }
211 216
212#ifdef HAVE_SECCOMP
213 if (strncmp(ptr, "protocol ", 9) == 0) { 217 if (strncmp(ptr, "protocol ", 9) == 0) {
214 protocol_store(ptr + 9); 218#ifdef HAVE_SECCOMP
219 if (checkcfg(CFG_SECCOMP))
220 protocol_store(ptr + 9);
221 else
222 fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n");
223#endif
215 return 0; 224 return 0;
216 } 225 }
217#endif
218 226
219 if (strncmp(ptr, "env ", 4) == 0) { 227 if (strncmp(ptr, "env ", 4) == 0) {
220 env_store(ptr + 4); 228 env_store(ptr + 4);
@@ -223,34 +231,47 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
223 231
224 // seccomp drop list on top of default list 232 // seccomp drop list on top of default list
225 if (strncmp(ptr, "seccomp ", 8) == 0) { 233 if (strncmp(ptr, "seccomp ", 8) == 0) {
226 arg_seccomp = 1;
227#ifdef HAVE_SECCOMP 234#ifdef HAVE_SECCOMP
228 cfg.seccomp_list = strdup(ptr + 8); 235 if (checkcfg(CFG_SECCOMP)) {
229 if (!cfg.seccomp_list) 236 arg_seccomp = 1;
230 errExit("strdup"); 237 cfg.seccomp_list = strdup(ptr + 8);
238 if (!cfg.seccomp_list)
239 errExit("strdup");
240 }
241 else
242 fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n");
231#endif 243#endif
244
232 return 0; 245 return 0;
233 } 246 }
234 247
235 // seccomp drop list without default list 248 // seccomp drop list without default list
236 if (strncmp(ptr, "seccomp.drop ", 13) == 0) { 249 if (strncmp(ptr, "seccomp.drop ", 13) == 0) {
237 arg_seccomp = 1;
238#ifdef HAVE_SECCOMP 250#ifdef HAVE_SECCOMP
239 cfg.seccomp_list_drop = strdup(ptr + 13); 251 if (checkcfg(CFG_SECCOMP)) {
240 if (!cfg.seccomp_list_drop) 252 arg_seccomp = 1;
241 errExit("strdup"); 253 cfg.seccomp_list_drop = strdup(ptr + 13);
242#endif 254 if (!cfg.seccomp_list_drop)
255 errExit("strdup");
256 }
257 else
258 fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n");
259#endif
243 return 0; 260 return 0;
244 } 261 }
245 262
246 // seccomp keep list 263 // seccomp keep list
247 if (strncmp(ptr, "seccomp.keep ", 13) == 0) { 264 if (strncmp(ptr, "seccomp.keep ", 13) == 0) {
248 arg_seccomp = 1;
249#ifdef HAVE_SECCOMP 265#ifdef HAVE_SECCOMP
250 cfg.seccomp_list_keep= strdup(ptr + 13); 266 if (checkcfg(CFG_SECCOMP)) {
251 if (!cfg.seccomp_list_keep) 267 arg_seccomp = 1;
252 errExit("strdup"); 268 cfg.seccomp_list_keep= strdup(ptr + 13);
253#endif 269 if (!cfg.seccomp_list_keep)
270 errExit("strdup");
271 }
272 else
273 fprintf(stderr, "Warning: user seccomp feature is disabled in Firejail configuration file\n");
274#endif
254 return 0; 275 return 0;
255 } 276 }
256 277
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-15 01:11:06 +0000