aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/profile.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/profile.c')
-rw-r--r--src/firejail/profile.c22
1 files changed, 0 insertions, 22 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 970033899..8eaae9a30 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -327,12 +327,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
327 return 0; 327 return 0;
328 } 328 }
329 else if (strcmp(ptr, "seccomp") == 0) { 329 else if (strcmp(ptr, "seccomp") == 0) {
330#ifdef HAVE_SECCOMP
331 if (checkcfg(CFG_SECCOMP)) 330 if (checkcfg(CFG_SECCOMP))
332 arg_seccomp = 1; 331 arg_seccomp = 1;
333 else 332 else
334 warning_feature_disabled("seccomp"); 333 warning_feature_disabled("seccomp");
335#endif
336 return 0; 334 return 0;
337 } 335 }
338 else if (strcmp(ptr, "caps") == 0) { 336 else if (strcmp(ptr, "caps") == 0) {
@@ -861,7 +859,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
861 } 859 }
862 860
863 if (strncmp(ptr, "protocol ", 9) == 0) { 861 if (strncmp(ptr, "protocol ", 9) == 0) {
864#ifdef HAVE_SECCOMP
865 if (checkcfg(CFG_SECCOMP)) { 862 if (checkcfg(CFG_SECCOMP)) {
866 if (cfg.protocol) { 863 if (cfg.protocol) {
867 fwarning("two protocol lists are present, \"%s\" will be installed\n", cfg.protocol); 864 fwarning("two protocol lists are present, \"%s\" will be installed\n", cfg.protocol);
@@ -875,7 +872,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
875 } 872 }
876 else 873 else
877 warning_feature_disabled("seccomp"); 874 warning_feature_disabled("seccomp");
878#endif
879 return 0; 875 return 0;
880 } 876 }
881 877
@@ -890,102 +886,85 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
890 886
891 // seccomp drop list on top of default list 887 // seccomp drop list on top of default list
892 if (strncmp(ptr, "seccomp ", 8) == 0) { 888 if (strncmp(ptr, "seccomp ", 8) == 0) {
893#ifdef HAVE_SECCOMP
894 if (checkcfg(CFG_SECCOMP)) { 889 if (checkcfg(CFG_SECCOMP)) {
895 arg_seccomp = 1; 890 arg_seccomp = 1;
896 cfg.seccomp_list = seccomp_check_list(ptr + 8); 891 cfg.seccomp_list = seccomp_check_list(ptr + 8);
897 } 892 }
898 else if (!arg_quiet) 893 else if (!arg_quiet)
899 warning_feature_disabled("seccomp"); 894 warning_feature_disabled("seccomp");
900#endif
901 895
902 return 0; 896 return 0;
903 } 897 }
904 if (strncmp(ptr, "seccomp.32 ", 11) == 0) { 898 if (strncmp(ptr, "seccomp.32 ", 11) == 0) {
905#ifdef HAVE_SECCOMP
906 if (checkcfg(CFG_SECCOMP)) { 899 if (checkcfg(CFG_SECCOMP)) {
907 arg_seccomp32 = 1; 900 arg_seccomp32 = 1;
908 cfg.seccomp_list32 = seccomp_check_list(ptr + 11); 901 cfg.seccomp_list32 = seccomp_check_list(ptr + 11);
909 } 902 }
910 else if (!arg_quiet) 903 else if (!arg_quiet)
911 warning_feature_disabled("seccomp"); 904 warning_feature_disabled("seccomp");
912#endif
913 905
914 return 0; 906 return 0;
915 } 907 }
916 908
917 if (strcmp(ptr, "seccomp.block-secondary") == 0) { 909 if (strcmp(ptr, "seccomp.block-secondary") == 0) {
918#ifdef HAVE_SECCOMP
919 if (checkcfg(CFG_SECCOMP)) { 910 if (checkcfg(CFG_SECCOMP)) {
920 arg_seccomp_block_secondary = 1; 911 arg_seccomp_block_secondary = 1;
921 } 912 }
922 else 913 else
923 warning_feature_disabled("seccomp"); 914 warning_feature_disabled("seccomp");
924#endif
925 return 0; 915 return 0;
926 } 916 }
927 // seccomp drop list without default list 917 // seccomp drop list without default list
928 if (strncmp(ptr, "seccomp.drop ", 13) == 0) { 918 if (strncmp(ptr, "seccomp.drop ", 13) == 0) {
929#ifdef HAVE_SECCOMP
930 if (checkcfg(CFG_SECCOMP)) { 919 if (checkcfg(CFG_SECCOMP)) {
931 arg_seccomp = 1; 920 arg_seccomp = 1;
932 cfg.seccomp_list_drop = seccomp_check_list(ptr + 13); 921 cfg.seccomp_list_drop = seccomp_check_list(ptr + 13);
933 } 922 }
934 else 923 else
935 warning_feature_disabled("seccomp"); 924 warning_feature_disabled("seccomp");
936#endif
937 return 0; 925 return 0;
938 } 926 }
939 if (strncmp(ptr, "seccomp.32.drop ", 13) == 0) { 927 if (strncmp(ptr, "seccomp.32.drop ", 13) == 0) {
940#ifdef HAVE_SECCOMP
941 if (checkcfg(CFG_SECCOMP)) { 928 if (checkcfg(CFG_SECCOMP)) {
942 arg_seccomp32 = 1; 929 arg_seccomp32 = 1;
943 cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 13); 930 cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 13);
944 } 931 }
945 else 932 else
946 warning_feature_disabled("seccomp"); 933 warning_feature_disabled("seccomp");
947#endif
948 return 0; 934 return 0;
949 } 935 }
950 936
951 // seccomp keep list 937 // seccomp keep list
952 if (strncmp(ptr, "seccomp.keep ", 13) == 0) { 938 if (strncmp(ptr, "seccomp.keep ", 13) == 0) {
953#ifdef HAVE_SECCOMP
954 if (checkcfg(CFG_SECCOMP)) { 939 if (checkcfg(CFG_SECCOMP)) {
955 arg_seccomp = 1; 940 arg_seccomp = 1;
956 cfg.seccomp_list_keep= seccomp_check_list(ptr + 13); 941 cfg.seccomp_list_keep= seccomp_check_list(ptr + 13);
957 } 942 }
958 else 943 else
959 warning_feature_disabled("seccomp"); 944 warning_feature_disabled("seccomp");
960#endif
961 return 0; 945 return 0;
962 } 946 }
963 if (strncmp(ptr, "seccomp.32.keep ", 13) == 0) { 947 if (strncmp(ptr, "seccomp.32.keep ", 13) == 0) {
964#ifdef HAVE_SECCOMP
965 if (checkcfg(CFG_SECCOMP)) { 948 if (checkcfg(CFG_SECCOMP)) {
966 arg_seccomp32 = 1; 949 arg_seccomp32 = 1;
967 cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 13); 950 cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 13);
968 } 951 }
969 else 952 else
970 warning_feature_disabled("seccomp"); 953 warning_feature_disabled("seccomp");
971#endif
972 return 0; 954 return 0;
973 } 955 }
974 956
975 // memory deny write&execute 957 // memory deny write&execute
976 if (strcmp(ptr, "memory-deny-write-execute") == 0) { 958 if (strcmp(ptr, "memory-deny-write-execute") == 0) {
977#ifdef HAVE_SECCOMP
978 if (checkcfg(CFG_SECCOMP)) 959 if (checkcfg(CFG_SECCOMP))
979 arg_memory_deny_write_execute = 1; 960 arg_memory_deny_write_execute = 1;
980 else 961 else
981 warning_feature_disabled("seccomp"); 962 warning_feature_disabled("seccomp");
982#endif
983 return 0; 963 return 0;
984 } 964 }
985 965
986 // seccomp error action 966 // seccomp error action
987 if (strncmp(ptr, "seccomp-error-action ", 21) == 0) { 967 if (strncmp(ptr, "seccomp-error-action ", 21) == 0) {
988#ifdef HAVE_SECCOMP
989 if (checkcfg(CFG_SECCOMP)) { 968 if (checkcfg(CFG_SECCOMP)) {
990 int config_seccomp_error_action = checkcfg(CFG_SECCOMP_ERROR_ACTION); 969 int config_seccomp_error_action = checkcfg(CFG_SECCOMP_ERROR_ACTION);
991 if (config_seccomp_error_action == -1) { 970 if (config_seccomp_error_action == -1) {
@@ -1008,7 +987,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
1008 } 987 }
1009 } else 988 } else
1010 warning_feature_disabled("seccomp"); 989 warning_feature_disabled("seccomp");
1011#endif
1012 return 0; 990 return 0;
1013 } 991 }
1014 992
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-06-17 13:14:32 +0000