diff options
Diffstat (limited to 'src/firejail/sandbox.c')
-rw-r--r-- | src/firejail/sandbox.c | 14 |
1 files changed, 2 insertions, 12 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 5a4741a56..3bb4858c9 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -141,7 +141,6 @@ void set_apparmor(void) { | |||
141 | } | 141 | } |
142 | #endif | 142 | #endif |
143 | 143 | ||
144 | #ifdef HAVE_SECCOMP | ||
145 | void seccomp_debug(void) { | 144 | void seccomp_debug(void) { |
146 | if (arg_debug == 0) | 145 | if (arg_debug == 0) |
147 | return; | 146 | return; |
@@ -158,7 +157,6 @@ void seccomp_debug(void) { | |||
158 | printf("No active seccomp files\n"); | 157 | printf("No active seccomp files\n"); |
159 | EUID_ROOT(); | 158 | EUID_ROOT(); |
160 | } | 159 | } |
161 | #endif | ||
162 | 160 | ||
163 | static void save_nogroups(void) { | 161 | static void save_nogroups(void) { |
164 | if (arg_nogroups == 0) | 162 | if (arg_nogroups == 0) |
@@ -497,9 +495,7 @@ void start_application(int no_sandbox, char *set_sandbox_status) { | |||
497 | #ifdef HAVE_GCOV | 495 | #ifdef HAVE_GCOV |
498 | __gcov_dump(); | 496 | __gcov_dump(); |
499 | #endif | 497 | #endif |
500 | #ifdef HAVE_SECCOMP | ||
501 | seccomp_install_filters(); | 498 | seccomp_install_filters(); |
502 | #endif | ||
503 | if (set_sandbox_status) | 499 | if (set_sandbox_status) |
504 | *set_sandbox_status = SANDBOX_DONE; | 500 | *set_sandbox_status = SANDBOX_DONE; |
505 | execl(arg_audit_prog, arg_audit_prog, NULL); | 501 | execl(arg_audit_prog, arg_audit_prog, NULL); |
@@ -536,9 +532,8 @@ void start_application(int no_sandbox, char *set_sandbox_status) { | |||
536 | #ifdef HAVE_GCOV | 532 | #ifdef HAVE_GCOV |
537 | __gcov_dump(); | 533 | __gcov_dump(); |
538 | #endif | 534 | #endif |
539 | #ifdef HAVE_SECCOMP | ||
540 | seccomp_install_filters(); | 535 | seccomp_install_filters(); |
541 | #endif | 536 | |
542 | if (set_sandbox_status) | 537 | if (set_sandbox_status) |
543 | *set_sandbox_status = SANDBOX_DONE; | 538 | *set_sandbox_status = SANDBOX_DONE; |
544 | execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]); | 539 | execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]); |
@@ -591,9 +586,8 @@ void start_application(int no_sandbox, char *set_sandbox_status) { | |||
591 | #ifdef HAVE_GCOV | 586 | #ifdef HAVE_GCOV |
592 | __gcov_dump(); | 587 | __gcov_dump(); |
593 | #endif | 588 | #endif |
594 | #ifdef HAVE_SECCOMP | ||
595 | seccomp_install_filters(); | 589 | seccomp_install_filters(); |
596 | #endif | 590 | |
597 | if (set_sandbox_status) | 591 | if (set_sandbox_status) |
598 | *set_sandbox_status = SANDBOX_DONE; | 592 | *set_sandbox_status = SANDBOX_DONE; |
599 | execvp(arg[0], arg); | 593 | execvp(arg[0], arg); |
@@ -797,7 +791,6 @@ int sandbox(void* sandbox_arg) { | |||
797 | // - build seccomp filters | 791 | // - build seccomp filters |
798 | // - create an empty /etc/ld.so.preload | 792 | // - create an empty /etc/ld.so.preload |
799 | //**************************** | 793 | //**************************** |
800 | #ifdef HAVE_SECCOMP | ||
801 | if (cfg.protocol) { | 794 | if (cfg.protocol) { |
802 | if (arg_debug) | 795 | if (arg_debug) |
803 | printf("Build protocol filter: %s\n", cfg.protocol); | 796 | printf("Build protocol filter: %s\n", cfg.protocol); |
@@ -808,7 +801,6 @@ int sandbox(void* sandbox_arg) { | |||
808 | if (rv) | 801 | if (rv) |
809 | exit(rv); | 802 | exit(rv); |
810 | } | 803 | } |
811 | #endif | ||
812 | 804 | ||
813 | // need ld.so.preload if tracing or seccomp with any non-default lists | 805 | // need ld.so.preload if tracing or seccomp with any non-default lists |
814 | bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec; | 806 | bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec; |
@@ -1107,7 +1099,6 @@ int sandbox(void* sandbox_arg) { | |||
1107 | save_cgroup(); | 1099 | save_cgroup(); |
1108 | 1100 | ||
1109 | // set seccomp | 1101 | // set seccomp |
1110 | #ifdef HAVE_SECCOMP | ||
1111 | // install protocol filter | 1102 | // install protocol filter |
1112 | #ifdef SYS_socket | 1103 | #ifdef SYS_socket |
1113 | if (cfg.protocol) { | 1104 | if (cfg.protocol) { |
@@ -1151,7 +1142,6 @@ int sandbox(void* sandbox_arg) { | |||
1151 | // make seccomp filters read-only | 1142 | // make seccomp filters read-only |
1152 | fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0); | 1143 | fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0); |
1153 | seccomp_debug(); | 1144 | seccomp_debug(); |
1154 | #endif | ||
1155 | 1145 | ||
1156 | // set capabilities | 1146 | // set capabilities |
1157 | set_caps(); | 1147 | set_caps(); |