1 files changed, 29 insertions, 0 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 2200fec01..d709a7951 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -18,6 +18,8 @@
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #include "firejail.h"
+#include "../include/seccomp.h"
+#include "../include/syscall.h"
 #include <dirent.h>
 #include <sys/stat.h>
 extern char *xephyr_screen;
@@ -870,6 +872,33 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
+        // seccomp error action
+        if (strncmp(ptr, "seccomp-error-action ", 21) == 0) {
+#ifdef HAVE_SECCOMP
+                if (checkcfg(CFG_SECCOMP)) {
+                        int config_seccomp_error_action = checkcfg(CFG_SECCOMP_ERROR_ACTION);
+                        if (config_seccomp_error_action == -1) {
+                                if (strcmp(ptr + 21, "kill") == 0)
+                                        arg_seccomp_error_action = SECCOMP_RET_KILL;
+                                else {
+                                        arg_seccomp_error_action = errno_find_name(ptr + 21);
+                                        if (arg_seccomp_error_action == -1)
+                                                errExit("seccomp-error-action: unknown errno");
+                                }
+                                cfg.seccomp_error_action = strdup(ptr + 21);
+                                if (!cfg.seccomp_error_action)
+                                        errExit("strdup");
+                        } else {
+                                arg_seccomp_error_action = config_seccomp_error_action;
+                                cfg.seccomp_error_action = config_seccomp_error_action_str;
+                                warning_feature_disabled("seccomp-error-action");
+                        }
+                } else
+                        warning_feature_disabled("seccomp");
+#endif
+                return 0;
+        }
        // caps drop list
        if (strncmp(ptr, "caps.drop ", 10) == 0) {
                arg_caps_drop = 1;

diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 2200fec01..d709a7951 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -18,6 +18,8 @@
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/	19	*/
20	#include "firejail.h"	20	#include "firejail.h"
		21	#include "../include/seccomp.h"
		22	#include "../include/syscall.h"
21	#include <dirent.h>	23	#include <dirent.h>
22	#include <sys/stat.h>	24	#include <sys/stat.h>
23	extern char *xephyr_screen;	25	extern char *xephyr_screen;
@@ -870,6 +872,33 @@ int profile_check_line(char ptr, int lineno, const char fname) {
870	return 0;	872	return 0;
871	}	873	}
872		874
		875	// seccomp error action
		876	if (strncmp(ptr, "seccomp-error-action ", 21) == 0) {
		877	#ifdef HAVE_SECCOMP
		878	if (checkcfg(CFG_SECCOMP)) {
		879	int config_seccomp_error_action = checkcfg(CFG_SECCOMP_ERROR_ACTION);
		880	if (config_seccomp_error_action == -1) {
		881	if (strcmp(ptr + 21, "kill") == 0)
		882	arg_seccomp_error_action = SECCOMP_RET_KILL;
		883	else {
		884	arg_seccomp_error_action = errno_find_name(ptr + 21);
		885	if (arg_seccomp_error_action == -1)
		886	errExit("seccomp-error-action: unknown errno");
		887	}
		888	cfg.seccomp_error_action = strdup(ptr + 21);
		889	if (!cfg.seccomp_error_action)
		890	errExit("strdup");
		891	} else {
		892	arg_seccomp_error_action = config_seccomp_error_action;
		893	cfg.seccomp_error_action = config_seccomp_error_action_str;
		894	warning_feature_disabled("seccomp-error-action");
		895	}
		896	} else
		897	warning_feature_disabled("seccomp");
		898	#endif
		899	return 0;
		900	}
		901
873	// caps drop list	902	// caps drop list
874	if (strncmp(ptr, "caps.drop ", 10) == 0) {	903	if (strncmp(ptr, "caps.drop ", 10) == 0) {
875	arg_caps_drop = 1;	904	arg_caps_drop = 1;