1 files changed, 2 insertions, 12 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 5a4741a56..3bb4858c9 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -141,7 +141,6 @@ void set_apparmor(void) {
 }
 #endif
-#ifdef HAVE_SECCOMP
 void seccomp_debug(void) {
        if (arg_debug == 0)
                return;
@@ -158,7 +157,6 @@ void seccomp_debug(void) {
                printf("No active seccomp files\n");
        EUID_ROOT();
 }
-#endif
 static void save_nogroups(void) {
        if (arg_nogroups == 0)
@@ -497,9 +495,7 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
 #ifdef HAVE_GCOV
                __gcov_dump();
 #endif
-#ifdef HAVE_SECCOMP
                seccomp_install_filters();
-#endif
                if (set_sandbox_status)
                        *set_sandbox_status = SANDBOX_DONE;
                execl(arg_audit_prog, arg_audit_prog, NULL);
@@ -536,9 +532,8 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
 #ifdef HAVE_GCOV
                __gcov_dump();
 #endif
-#ifdef HAVE_SECCOMP
                seccomp_install_filters();
-#endif
                if (set_sandbox_status)
                        *set_sandbox_status = SANDBOX_DONE;
                execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]);
@@ -591,9 +586,8 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
 #ifdef HAVE_GCOV
                __gcov_dump();
 #endif
-#ifdef HAVE_SECCOMP
                seccomp_install_filters();
-#endif
                if (set_sandbox_status)
                        *set_sandbox_status = SANDBOX_DONE;
                execvp(arg[0], arg);
@@ -797,7 +791,6 @@ int sandbox(void* sandbox_arg) {
        //  - build seccomp filters
        //  - create an empty /etc/ld.so.preload
        //****************************
-#ifdef HAVE_SECCOMP
        if (cfg.protocol) {
                if (arg_debug)
                        printf("Build protocol filter: %s\n", cfg.protocol);
@@ -808,7 +801,6 @@ int sandbox(void* sandbox_arg) {
                if (rv)
                        exit(rv);
        }
-#endif
        // need ld.so.preload if tracing or seccomp with any non-default lists
        bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
@@ -1107,7 +1099,6 @@ int sandbox(void* sandbox_arg) {
        save_cgroup();
        // set seccomp
-#ifdef HAVE_SECCOMP
        // install protocol filter
 #ifdef SYS_socket
        if (cfg.protocol) {
@@ -1151,7 +1142,6 @@ int sandbox(void* sandbox_arg) {
        // make seccomp filters read-only
        fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0);
        seccomp_debug();
-#endif
        // set capabilities
        set_caps();

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 5a4741a56..3bb4858c9 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -141,7 +141,6 @@ void set_apparmor(void) {
141	}	141	}
142	#endif	142	#endif
143		143
144	#ifdef HAVE_SECCOMP
145	void seccomp_debug(void) {	144	void seccomp_debug(void) {
146	if (arg_debug == 0)	145	if (arg_debug == 0)
147	return;	146	return;
@@ -158,7 +157,6 @@ void seccomp_debug(void) {
158	printf("No active seccomp files\n");	157	printf("No active seccomp files\n");
159	EUID_ROOT();	158	EUID_ROOT();
160	}	159	}
161	#endif
162		160
163	static void save_nogroups(void) {	161	static void save_nogroups(void) {
164	if (arg_nogroups == 0)	162	if (arg_nogroups == 0)
@@ -497,9 +495,7 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
497	#ifdef HAVE_GCOV	495	#ifdef HAVE_GCOV
498	__gcov_dump();	496	__gcov_dump();
499	#endif	497	#endif
500	#ifdef HAVE_SECCOMP
501	seccomp_install_filters();	498	seccomp_install_filters();
502	#endif
503	if (set_sandbox_status)	499	if (set_sandbox_status)
504	*set_sandbox_status = SANDBOX_DONE;	500	*set_sandbox_status = SANDBOX_DONE;
505	execl(arg_audit_prog, arg_audit_prog, NULL);	501	execl(arg_audit_prog, arg_audit_prog, NULL);
@@ -536,9 +532,8 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
536	#ifdef HAVE_GCOV	532	#ifdef HAVE_GCOV
537	__gcov_dump();	533	__gcov_dump();
538	#endif	534	#endif
539	#ifdef HAVE_SECCOMP
540	seccomp_install_filters();	535	seccomp_install_filters();
541	#endif	536
542	if (set_sandbox_status)	537	if (set_sandbox_status)
543	*set_sandbox_status = SANDBOX_DONE;	538	*set_sandbox_status = SANDBOX_DONE;
544	execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]);	539	execvp(cfg.original_argv[cfg.original_program_index], &cfg.original_argv[cfg.original_program_index]);
@@ -591,9 +586,8 @@ void start_application(int no_sandbox, char *set_sandbox_status) {
591	#ifdef HAVE_GCOV	586	#ifdef HAVE_GCOV
592	__gcov_dump();	587	__gcov_dump();
593	#endif	588	#endif
594	#ifdef HAVE_SECCOMP
595	seccomp_install_filters();	589	seccomp_install_filters();
596	#endif	590
597	if (set_sandbox_status)	591	if (set_sandbox_status)
598	*set_sandbox_status = SANDBOX_DONE;	592	*set_sandbox_status = SANDBOX_DONE;
599	execvp(arg[0], arg);	593	execvp(arg[0], arg);
@@ -797,7 +791,6 @@ int sandbox(void* sandbox_arg) {
797	// - build seccomp filters	791	// - build seccomp filters
798	// - create an empty /etc/ld.so.preload	792	// - create an empty /etc/ld.so.preload
799	//****************************	793	//****************************
800	#ifdef HAVE_SECCOMP
801	if (cfg.protocol) {	794	if (cfg.protocol) {
802	if (arg_debug)	795	if (arg_debug)
803	printf("Build protocol filter: %s\n", cfg.protocol);	796	printf("Build protocol filter: %s\n", cfg.protocol);
@@ -808,7 +801,6 @@ int sandbox(void* sandbox_arg) {
808	if (rv)	801	if (rv)
809	exit(rv);	802	exit(rv);
810	}	803	}
811	#endif
812		804
813	// need ld.so.preload if tracing or seccomp with any non-default lists	805	// need ld.so.preload if tracing or seccomp with any non-default lists
814	bool need_preload = arg_trace \|\| arg_tracelog \|\| arg_seccomp_postexec;	806	bool need_preload = arg_trace \|\| arg_tracelog \|\| arg_seccomp_postexec;
@@ -1107,7 +1099,6 @@ int sandbox(void* sandbox_arg) {
1107	save_cgroup();	1099	save_cgroup();
1108		1100
1109	// set seccomp	1101	// set seccomp
1110	#ifdef HAVE_SECCOMP
1111	// install protocol filter	1102	// install protocol filter
1112	#ifdef SYS_socket	1103	#ifdef SYS_socket
1113	if (cfg.protocol) {	1104	if (cfg.protocol) {
@@ -1151,7 +1142,6 @@ int sandbox(void* sandbox_arg) {
1151	// make seccomp filters read-only	1142	// make seccomp filters read-only
1152	fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0);	1143	fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0);
1153	seccomp_debug();	1144	seccomp_debug();
1154	#endif
1155		1145
1156	// set capabilities	1146	// set capabilities
1157	set_caps();	1147	set_caps();