diff options
Diffstat (limited to 'src/firejail/protocol.c')
-rw-r--r-- | src/firejail/protocol.c | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index db6c6cad9..e8e88aee9 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c | |||
@@ -22,52 +22,6 @@ | |||
22 | #include "firejail.h" | 22 | #include "firejail.h" |
23 | #include "../include/seccomp.h" | 23 | #include "../include/seccomp.h" |
24 | 24 | ||
25 | // install protocol filter | ||
26 | void protocol_filter(const char *fname) { | ||
27 | #ifndef SYS_socket | ||
28 | if (arg_debug) | ||
29 | printf("No support for --protocol on this platform\n"); | ||
30 | return; | ||
31 | #else | ||
32 | assert(fname); | ||
33 | |||
34 | // check file | ||
35 | struct stat s; | ||
36 | if (stat(fname, &s) == -1) { | ||
37 | fprintf(stderr, "Error: cannot read protocol filter file\n"); | ||
38 | exit(1); | ||
39 | } | ||
40 | int size = s.st_size; | ||
41 | |||
42 | // read filter | ||
43 | struct sock_filter filter[32]; // big enough | ||
44 | memset(&filter[0], 0, sizeof(filter)); | ||
45 | int src = open(fname, O_RDONLY); | ||
46 | int rd = 0; | ||
47 | while (rd < size) { | ||
48 | int rv = read(src, (unsigned char *) filter + rd, size - rd); | ||
49 | if (rv == -1) { | ||
50 | fprintf(stderr, "Error: cannot read %s file\n", fname); | ||
51 | exit(1); | ||
52 | } | ||
53 | rd += rv; | ||
54 | } | ||
55 | close(src); | ||
56 | |||
57 | // install filter | ||
58 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); | ||
59 | struct sock_fprog prog = { | ||
60 | .len = entries, | ||
61 | .filter = filter, | ||
62 | }; | ||
63 | |||
64 | if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) || prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { | ||
65 | fprintf(stderr, "Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer.\n"); | ||
66 | return; | ||
67 | } | ||
68 | #endif | ||
69 | } | ||
70 | |||
71 | void protocol_filter_save(void) { | 25 | void protocol_filter_save(void) { |
72 | // save protocol filter configuration in PROTOCOL_CFG | 26 | // save protocol filter configuration in PROTOCOL_CFG |
73 | FILE *fp = fopen(RUN_PROTOCOL_CFG, "w"); | 27 | FILE *fp = fopen(RUN_PROTOCOL_CFG, "w"); |