diff options
Diffstat (limited to 'src/firejail/profile.c')
-rw-r--r-- | src/firejail/profile.c | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 970033899..8eaae9a30 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -327,12 +327,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
327 | return 0; | 327 | return 0; |
328 | } | 328 | } |
329 | else if (strcmp(ptr, "seccomp") == 0) { | 329 | else if (strcmp(ptr, "seccomp") == 0) { |
330 | #ifdef HAVE_SECCOMP | ||
331 | if (checkcfg(CFG_SECCOMP)) | 330 | if (checkcfg(CFG_SECCOMP)) |
332 | arg_seccomp = 1; | 331 | arg_seccomp = 1; |
333 | else | 332 | else |
334 | warning_feature_disabled("seccomp"); | 333 | warning_feature_disabled("seccomp"); |
335 | #endif | ||
336 | return 0; | 334 | return 0; |
337 | } | 335 | } |
338 | else if (strcmp(ptr, "caps") == 0) { | 336 | else if (strcmp(ptr, "caps") == 0) { |
@@ -861,7 +859,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
861 | } | 859 | } |
862 | 860 | ||
863 | if (strncmp(ptr, "protocol ", 9) == 0) { | 861 | if (strncmp(ptr, "protocol ", 9) == 0) { |
864 | #ifdef HAVE_SECCOMP | ||
865 | if (checkcfg(CFG_SECCOMP)) { | 862 | if (checkcfg(CFG_SECCOMP)) { |
866 | if (cfg.protocol) { | 863 | if (cfg.protocol) { |
867 | fwarning("two protocol lists are present, \"%s\" will be installed\n", cfg.protocol); | 864 | fwarning("two protocol lists are present, \"%s\" will be installed\n", cfg.protocol); |
@@ -875,7 +872,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
875 | } | 872 | } |
876 | else | 873 | else |
877 | warning_feature_disabled("seccomp"); | 874 | warning_feature_disabled("seccomp"); |
878 | #endif | ||
879 | return 0; | 875 | return 0; |
880 | } | 876 | } |
881 | 877 | ||
@@ -890,102 +886,85 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
890 | 886 | ||
891 | // seccomp drop list on top of default list | 887 | // seccomp drop list on top of default list |
892 | if (strncmp(ptr, "seccomp ", 8) == 0) { | 888 | if (strncmp(ptr, "seccomp ", 8) == 0) { |
893 | #ifdef HAVE_SECCOMP | ||
894 | if (checkcfg(CFG_SECCOMP)) { | 889 | if (checkcfg(CFG_SECCOMP)) { |
895 | arg_seccomp = 1; | 890 | arg_seccomp = 1; |
896 | cfg.seccomp_list = seccomp_check_list(ptr + 8); | 891 | cfg.seccomp_list = seccomp_check_list(ptr + 8); |
897 | } | 892 | } |
898 | else if (!arg_quiet) | 893 | else if (!arg_quiet) |
899 | warning_feature_disabled("seccomp"); | 894 | warning_feature_disabled("seccomp"); |
900 | #endif | ||
901 | 895 | ||
902 | return 0; | 896 | return 0; |
903 | } | 897 | } |
904 | if (strncmp(ptr, "seccomp.32 ", 11) == 0) { | 898 | if (strncmp(ptr, "seccomp.32 ", 11) == 0) { |
905 | #ifdef HAVE_SECCOMP | ||
906 | if (checkcfg(CFG_SECCOMP)) { | 899 | if (checkcfg(CFG_SECCOMP)) { |
907 | arg_seccomp32 = 1; | 900 | arg_seccomp32 = 1; |
908 | cfg.seccomp_list32 = seccomp_check_list(ptr + 11); | 901 | cfg.seccomp_list32 = seccomp_check_list(ptr + 11); |
909 | } | 902 | } |
910 | else if (!arg_quiet) | 903 | else if (!arg_quiet) |
911 | warning_feature_disabled("seccomp"); | 904 | warning_feature_disabled("seccomp"); |
912 | #endif | ||
913 | 905 | ||
914 | return 0; | 906 | return 0; |
915 | } | 907 | } |
916 | 908 | ||
917 | if (strcmp(ptr, "seccomp.block-secondary") == 0) { | 909 | if (strcmp(ptr, "seccomp.block-secondary") == 0) { |
918 | #ifdef HAVE_SECCOMP | ||
919 | if (checkcfg(CFG_SECCOMP)) { | 910 | if (checkcfg(CFG_SECCOMP)) { |
920 | arg_seccomp_block_secondary = 1; | 911 | arg_seccomp_block_secondary = 1; |
921 | } | 912 | } |
922 | else | 913 | else |
923 | warning_feature_disabled("seccomp"); | 914 | warning_feature_disabled("seccomp"); |
924 | #endif | ||
925 | return 0; | 915 | return 0; |
926 | } | 916 | } |
927 | // seccomp drop list without default list | 917 | // seccomp drop list without default list |
928 | if (strncmp(ptr, "seccomp.drop ", 13) == 0) { | 918 | if (strncmp(ptr, "seccomp.drop ", 13) == 0) { |
929 | #ifdef HAVE_SECCOMP | ||
930 | if (checkcfg(CFG_SECCOMP)) { | 919 | if (checkcfg(CFG_SECCOMP)) { |
931 | arg_seccomp = 1; | 920 | arg_seccomp = 1; |
932 | cfg.seccomp_list_drop = seccomp_check_list(ptr + 13); | 921 | cfg.seccomp_list_drop = seccomp_check_list(ptr + 13); |
933 | } | 922 | } |
934 | else | 923 | else |
935 | warning_feature_disabled("seccomp"); | 924 | warning_feature_disabled("seccomp"); |
936 | #endif | ||
937 | return 0; | 925 | return 0; |
938 | } | 926 | } |
939 | if (strncmp(ptr, "seccomp.32.drop ", 13) == 0) { | 927 | if (strncmp(ptr, "seccomp.32.drop ", 13) == 0) { |
940 | #ifdef HAVE_SECCOMP | ||
941 | if (checkcfg(CFG_SECCOMP)) { | 928 | if (checkcfg(CFG_SECCOMP)) { |
942 | arg_seccomp32 = 1; | 929 | arg_seccomp32 = 1; |
943 | cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 13); | 930 | cfg.seccomp_list_drop32 = seccomp_check_list(ptr + 13); |
944 | } | 931 | } |
945 | else | 932 | else |
946 | warning_feature_disabled("seccomp"); | 933 | warning_feature_disabled("seccomp"); |
947 | #endif | ||
948 | return 0; | 934 | return 0; |
949 | } | 935 | } |
950 | 936 | ||
951 | // seccomp keep list | 937 | // seccomp keep list |
952 | if (strncmp(ptr, "seccomp.keep ", 13) == 0) { | 938 | if (strncmp(ptr, "seccomp.keep ", 13) == 0) { |
953 | #ifdef HAVE_SECCOMP | ||
954 | if (checkcfg(CFG_SECCOMP)) { | 939 | if (checkcfg(CFG_SECCOMP)) { |
955 | arg_seccomp = 1; | 940 | arg_seccomp = 1; |
956 | cfg.seccomp_list_keep= seccomp_check_list(ptr + 13); | 941 | cfg.seccomp_list_keep= seccomp_check_list(ptr + 13); |
957 | } | 942 | } |
958 | else | 943 | else |
959 | warning_feature_disabled("seccomp"); | 944 | warning_feature_disabled("seccomp"); |
960 | #endif | ||
961 | return 0; | 945 | return 0; |
962 | } | 946 | } |
963 | if (strncmp(ptr, "seccomp.32.keep ", 13) == 0) { | 947 | if (strncmp(ptr, "seccomp.32.keep ", 13) == 0) { |
964 | #ifdef HAVE_SECCOMP | ||
965 | if (checkcfg(CFG_SECCOMP)) { | 948 | if (checkcfg(CFG_SECCOMP)) { |
966 | arg_seccomp32 = 1; | 949 | arg_seccomp32 = 1; |
967 | cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 13); | 950 | cfg.seccomp_list_keep32 = seccomp_check_list(ptr + 13); |
968 | } | 951 | } |
969 | else | 952 | else |
970 | warning_feature_disabled("seccomp"); | 953 | warning_feature_disabled("seccomp"); |
971 | #endif | ||
972 | return 0; | 954 | return 0; |
973 | } | 955 | } |
974 | 956 | ||
975 | // memory deny write&execute | 957 | // memory deny write&execute |
976 | if (strcmp(ptr, "memory-deny-write-execute") == 0) { | 958 | if (strcmp(ptr, "memory-deny-write-execute") == 0) { |
977 | #ifdef HAVE_SECCOMP | ||
978 | if (checkcfg(CFG_SECCOMP)) | 959 | if (checkcfg(CFG_SECCOMP)) |
979 | arg_memory_deny_write_execute = 1; | 960 | arg_memory_deny_write_execute = 1; |
980 | else | 961 | else |
981 | warning_feature_disabled("seccomp"); | 962 | warning_feature_disabled("seccomp"); |
982 | #endif | ||
983 | return 0; | 963 | return 0; |
984 | } | 964 | } |
985 | 965 | ||
986 | // seccomp error action | 966 | // seccomp error action |
987 | if (strncmp(ptr, "seccomp-error-action ", 21) == 0) { | 967 | if (strncmp(ptr, "seccomp-error-action ", 21) == 0) { |
988 | #ifdef HAVE_SECCOMP | ||
989 | if (checkcfg(CFG_SECCOMP)) { | 968 | if (checkcfg(CFG_SECCOMP)) { |
990 | int config_seccomp_error_action = checkcfg(CFG_SECCOMP_ERROR_ACTION); | 969 | int config_seccomp_error_action = checkcfg(CFG_SECCOMP_ERROR_ACTION); |
991 | if (config_seccomp_error_action == -1) { | 970 | if (config_seccomp_error_action == -1) { |
@@ -1008,7 +987,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1008 | } | 987 | } |
1009 | } else | 988 | } else |
1010 | warning_feature_disabled("seccomp"); | 989 | warning_feature_disabled("seccomp"); |
1011 | #endif | ||
1012 | return 0; | 990 | return 0; |
1013 | } | 991 | } |
1014 | 992 | ||