diff options
Diffstat (limited to 'src/firejail')
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/join.c | 2 | ||||
-rw-r--r-- | src/firejail/main.c | 24 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 16 | ||||
-rw-r--r-- | src/firejail/usage.c | 1 |
5 files changed, 2 insertions, 43 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index c8080f778..b21b5bef6 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -328,8 +328,6 @@ extern int arg_keep_var_tmp; // don't overwrite /var/tmp | |||
328 | extern int arg_writable_run_user; // writable /run/user | 328 | extern int arg_writable_run_user; // writable /run/user |
329 | extern int arg_writable_var_log; // writable /var/log | 329 | extern int arg_writable_var_log; // writable /var/log |
330 | extern int arg_appimage; // appimage | 330 | extern int arg_appimage; // appimage |
331 | extern int arg_audit; // audit | ||
332 | extern char *arg_audit_prog; // audit | ||
333 | extern int arg_apparmor; // apparmor | 331 | extern int arg_apparmor; // apparmor |
334 | extern int arg_allow_debuggers; // allow debuggers | 332 | extern int arg_allow_debuggers; // allow debuggers |
335 | extern int arg_x11_block; // block X11 | 333 | extern int arg_x11_block; // block X11 |
diff --git a/src/firejail/join.c b/src/firejail/join.c index a8011aa14..1575a7469 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -411,7 +411,7 @@ void join(pid_t pid, int argc, char **argv, int index) { | |||
411 | extract_x11_display(parent); | 411 | extract_x11_display(parent); |
412 | 412 | ||
413 | int shfd = -1; | 413 | int shfd = -1; |
414 | if (!arg_shell_none && !arg_audit) | 414 | if (!arg_shell_none) |
415 | shfd = open_shell(); | 415 | shfd = open_shell(); |
416 | 416 | ||
417 | EUID_ROOT(); | 417 | EUID_ROOT(); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index fe806dcdb..9705c2436 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -130,8 +130,6 @@ int arg_keep_var_tmp = 0; // don't overwrite /var/tmp | |||
130 | int arg_writable_run_user = 0; // writable /run/user | 130 | int arg_writable_run_user = 0; // writable /run/user |
131 | int arg_writable_var_log = 0; // writable /var/log | 131 | int arg_writable_var_log = 0; // writable /var/log |
132 | int arg_appimage = 0; // appimage | 132 | int arg_appimage = 0; // appimage |
133 | int arg_audit = 0; // audit | ||
134 | char *arg_audit_prog = NULL; // audit | ||
135 | int arg_apparmor = 0; // apparmor | 133 | int arg_apparmor = 0; // apparmor |
136 | int arg_allow_debuggers = 0; // allow debuggers | 134 | int arg_allow_debuggers = 0; // allow debuggers |
137 | int arg_x11_block = 0; // block X11 | 135 | int arg_x11_block = 0; // block X11 |
@@ -2608,28 +2606,6 @@ int main(int argc, char **argv, char **envp) { | |||
2608 | //************************************* | 2606 | //************************************* |
2609 | else if (strncmp(argv[i], "--timeout=", 10) == 0) | 2607 | else if (strncmp(argv[i], "--timeout=", 10) == 0) |
2610 | cfg.timeout = extract_timeout(argv[i] + 10); | 2608 | cfg.timeout = extract_timeout(argv[i] + 10); |
2611 | else if (strcmp(argv[i], "--audit") == 0) { | ||
2612 | arg_audit_prog = LIBDIR "/firejail/faudit"; | ||
2613 | profile_add_ignore("shell none"); | ||
2614 | arg_audit = 1; | ||
2615 | } | ||
2616 | else if (strncmp(argv[i], "--audit=", 8) == 0) { | ||
2617 | if (strlen(argv[i] + 8) == 0) { | ||
2618 | fprintf(stderr, "Error: invalid audit program\n"); | ||
2619 | exit(1); | ||
2620 | } | ||
2621 | arg_audit_prog = strdup(argv[i] + 8); | ||
2622 | if (!arg_audit_prog) | ||
2623 | errExit("strdup"); | ||
2624 | |||
2625 | struct stat s; | ||
2626 | if (stat(arg_audit_prog, &s) != 0) { | ||
2627 | fprintf(stderr, "Error: cannot find the audit program %s\n", arg_audit_prog); | ||
2628 | exit(1); | ||
2629 | } | ||
2630 | profile_add_ignore("shell none"); | ||
2631 | arg_audit = 1; | ||
2632 | } | ||
2633 | else if (strcmp(argv[i], "--appimage") == 0) | 2609 | else if (strcmp(argv[i], "--appimage") == 0) |
2634 | arg_appimage = 1; | 2610 | arg_appimage = 1; |
2635 | else if (strcmp(argv[i], "--shell=none") == 0) { | 2611 | else if (strcmp(argv[i], "--shell=none") == 0) { |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index f1ab895db..a04551ed4 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -475,23 +475,9 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { | |||
475 | } | 475 | } |
476 | 476 | ||
477 | //**************************************** | 477 | //**************************************** |
478 | // audit | ||
479 | //**************************************** | ||
480 | if (arg_audit) { | ||
481 | assert(arg_audit_prog); | ||
482 | |||
483 | #ifdef HAVE_GCOV | ||
484 | __gcov_dump(); | ||
485 | #endif | ||
486 | seccomp_install_filters(); | ||
487 | if (set_sandbox_status) | ||
488 | *set_sandbox_status = SANDBOX_DONE; | ||
489 | execl(arg_audit_prog, arg_audit_prog, NULL); | ||
490 | } | ||
491 | //**************************************** | ||
492 | // start the program without using a shell | 478 | // start the program without using a shell |
493 | //**************************************** | 479 | //**************************************** |
494 | else if (arg_shell_none) { | 480 | if (arg_shell_none) { |
495 | if (arg_debug) { | 481 | if (arg_debug) { |
496 | int i; | 482 | int i; |
497 | for (i = cfg.original_program_index; i < cfg.original_argc; i++) { | 483 | for (i = cfg.original_program_index; i < cfg.original_argc; i++) { |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index adba5da40..8f9cc065f 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -33,7 +33,6 @@ static char *usage_str = | |||
33 | " --apparmor - enable AppArmor confinement.\n" | 33 | " --apparmor - enable AppArmor confinement.\n" |
34 | " --apparmor.print=name|pid - print apparmor status.\n" | 34 | " --apparmor.print=name|pid - print apparmor status.\n" |
35 | " --appimage - sandbox an AppImage application.\n" | 35 | " --appimage - sandbox an AppImage application.\n" |
36 | " --audit[=test-program] - audit the sandbox.\n" | ||
37 | #ifdef HAVE_NETWORK | 36 | #ifdef HAVE_NETWORK |
38 | " --bandwidth=name|pid - set bandwidth limits.\n" | 37 | " --bandwidth=name|pid - set bandwidth limits.\n" |
39 | #endif | 38 | #endif |