5 files changed, 2 insertions, 43 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index c8080f778..b21b5bef6 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -328,8 +328,6 @@ extern int arg_keep_var_tmp; // don't overwrite /var/tmp
 extern int arg_writable_run_user;       // writable /run/user
 extern int arg_writable_var_log; // writable /var/log
 extern int arg_appimage;        // appimage
-extern int arg_audit;           // audit
-extern char *arg_audit_prog;    // audit
 extern int arg_apparmor;        // apparmor
 extern int arg_allow_debuggers; // allow debuggers
 extern int arg_x11_block;       // block X11
diff --git a/src/firejail/join.c b/src/firejail/join.c
index a8011aa14..1575a7469 100644
--- a/src/firejail/join.c
+++ b/src/firejail/join.c
@@ -411,7 +411,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
        extract_x11_display(parent);
        int shfd = -1;
-        if (!arg_shell_none && !arg_audit)
+        if (!arg_shell_none)
                shfd = open_shell();
        EUID_ROOT();
diff --git a/src/firejail/main.c b/src/firejail/main.c
index fe806dcdb..9705c2436 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -130,8 +130,6 @@ int arg_keep_var_tmp = 0;                       // don't overwrite /var/tmp
 int arg_writable_run_user = 0;                  // writable /run/user
 int arg_writable_var_log = 0;           // writable /var/log
 int arg_appimage = 0;                           // appimage
-int arg_audit = 0;                              // audit
-char *arg_audit_prog = NULL;                    // audit
 int arg_apparmor = 0;                           // apparmor
 int arg_allow_debuggers = 0;                    // allow debuggers
 int arg_x11_block = 0;                          // block X11
@@ -2608,28 +2606,6 @@ int main(int argc, char **argv, char **envp) {
                //*************************************
                else if (strncmp(argv[i], "--timeout=", 10) == 0)
                        cfg.timeout = extract_timeout(argv[i] + 10);
-                else if (strcmp(argv[i], "--audit") == 0) {
-                        arg_audit_prog = LIBDIR "/firejail/faudit";
-                        profile_add_ignore("shell none");
-                        arg_audit = 1;
-                }
-                else if (strncmp(argv[i], "--audit=", 8) == 0) {
-                        if (strlen(argv[i] + 8) == 0) {
-                                fprintf(stderr, "Error: invalid audit program\n");
-                                exit(1);
-                        }
-                        arg_audit_prog = strdup(argv[i] + 8);
-                        if (!arg_audit_prog)
-                                errExit("strdup");
-                        struct stat s;
-                        if (stat(arg_audit_prog, &s) != 0) {
-                                fprintf(stderr, "Error: cannot find the audit program %s\n", arg_audit_prog);
-                                exit(1);
-                        }
-                        profile_add_ignore("shell none");
-                        arg_audit = 1;
-                }
                else if (strcmp(argv[i], "--appimage") == 0)
                        arg_appimage = 1;
                else if (strcmp(argv[i], "--shell=none") == 0) {
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index f1ab895db..a04551ed4 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -475,23 +475,9 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
        }
        //****************************************
-        // audit
-        //****************************************
-        if (arg_audit) {
-                assert(arg_audit_prog);
-#ifdef HAVE_GCOV
-                __gcov_dump();
-#endif
-                seccomp_install_filters();
-                if (set_sandbox_status)
-                        *set_sandbox_status = SANDBOX_DONE;
-                execl(arg_audit_prog, arg_audit_prog, NULL);
-        }
-        //****************************************
        // start the program without using a shell
        //****************************************
-        else if (arg_shell_none) {
+        if (arg_shell_none) {
                if (arg_debug) {
                        int i;
                        for (i = cfg.original_program_index; i < cfg.original_argc; i++) {
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index adba5da40..8f9cc065f 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -33,7 +33,6 @@ static char *usage_str =
        "    --apparmor - enable AppArmor confinement.\n"
        "    --apparmor.print=name|pid - print apparmor status.\n"
        "    --appimage - sandbox an AppImage application.\n"
-        "    --audit[=test-program] - audit the sandbox.\n"
 #ifdef HAVE_NETWORK
        "    --bandwidth=name|pid - set bandwidth limits.\n"
 #endif

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index c8080f778..b21b5bef6 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -328,8 +328,6 @@ extern int arg_keep_var_tmp; // don't overwrite /var/tmp
328	extern int arg_writable_run_user; // writable /run/user	328	extern int arg_writable_run_user; // writable /run/user
329	extern int arg_writable_var_log; // writable /var/log	329	extern int arg_writable_var_log; // writable /var/log
330	extern int arg_appimage; // appimage	330	extern int arg_appimage; // appimage
331	extern int arg_audit; // audit
332	extern char *arg_audit_prog; // audit
333	extern int arg_apparmor; // apparmor	331	extern int arg_apparmor; // apparmor
334	extern int arg_allow_debuggers; // allow debuggers	332	extern int arg_allow_debuggers; // allow debuggers
335	extern int arg_x11_block; // block X11	333	extern int arg_x11_block; // block X11


diff --git a/src/firejail/join.c b/src/firejail/join.c index a8011aa14..1575a7469 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c
@@ -411,7 +411,7 @@ void join(pid_t pid, int argc, char **argv, int index) {
411	extract_x11_display(parent);	411	extract_x11_display(parent);
412		412
413	int shfd = -1;	413	int shfd = -1;
414	if (!arg_shell_none && !arg_audit)	414	if (!arg_shell_none)
415	shfd = open_shell();	415	shfd = open_shell();
416		416
417	EUID_ROOT();	417	EUID_ROOT();


diff --git a/src/firejail/main.c b/src/firejail/main.c index fe806dcdb..9705c2436 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -130,8 +130,6 @@ int arg_keep_var_tmp = 0; // don't overwrite /var/tmp
130	int arg_writable_run_user = 0; // writable /run/user	130	int arg_writable_run_user = 0; // writable /run/user
131	int arg_writable_var_log = 0; // writable /var/log	131	int arg_writable_var_log = 0; // writable /var/log
132	int arg_appimage = 0; // appimage	132	int arg_appimage = 0; // appimage
133	int arg_audit = 0; // audit
134	char *arg_audit_prog = NULL; // audit
135	int arg_apparmor = 0; // apparmor	133	int arg_apparmor = 0; // apparmor
136	int arg_allow_debuggers = 0; // allow debuggers	134	int arg_allow_debuggers = 0; // allow debuggers
137	int arg_x11_block = 0; // block X11	135	int arg_x11_block = 0; // block X11
@@ -2608,28 +2606,6 @@ int main(int argc, char argv, char envp) {
2608	//*************************************	2606	//*************************************
2609	else if (strncmp(argv[i], "--timeout=", 10) == 0)	2607	else if (strncmp(argv[i], "--timeout=", 10) == 0)
2610	cfg.timeout = extract_timeout(argv[i] + 10);	2608	cfg.timeout = extract_timeout(argv[i] + 10);
2611	else if (strcmp(argv[i], "--audit") == 0) {
2612	arg_audit_prog = LIBDIR "/firejail/faudit";
2613	profile_add_ignore("shell none");
2614	arg_audit = 1;
2615	}
2616	else if (strncmp(argv[i], "--audit=", 8) == 0) {
2617	if (strlen(argv[i] + 8) == 0) {
2618	fprintf(stderr, "Error: invalid audit program\n");
2619	exit(1);
2620	}
2621	arg_audit_prog = strdup(argv[i] + 8);
2622	if (!arg_audit_prog)
2623	errExit("strdup");
2624
2625	struct stat s;
2626	if (stat(arg_audit_prog, &s) != 0) {
2627	fprintf(stderr, "Error: cannot find the audit program %s\n", arg_audit_prog);
2628	exit(1);
2629	}
2630	profile_add_ignore("shell none");
2631	arg_audit = 1;
2632	}
2633	else if (strcmp(argv[i], "--appimage") == 0)	2609	else if (strcmp(argv[i], "--appimage") == 0)
2634	arg_appimage = 1;	2610	arg_appimage = 1;
2635	else if (strcmp(argv[i], "--shell=none") == 0) {	2611	else if (strcmp(argv[i], "--shell=none") == 0) {


diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index f1ab895db..a04551ed4 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -475,23 +475,9 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
475	}	475	}
476		476
477	//****************************************	477	//****************************************
478	// audit
479	//****************************************
480	if (arg_audit) {
481	assert(arg_audit_prog);
482
483	#ifdef HAVE_GCOV
484	__gcov_dump();
485	#endif
486	seccomp_install_filters();
487	if (set_sandbox_status)
488	*set_sandbox_status = SANDBOX_DONE;
489	execl(arg_audit_prog, arg_audit_prog, NULL);
490	}
491	//****************************************
492	// start the program without using a shell	478	// start the program without using a shell
493	//****************************************	479	//****************************************
494	else if (arg_shell_none) {	480	if (arg_shell_none) {
495	if (arg_debug) {	481	if (arg_debug) {
496	int i;	482	int i;
497	for (i = cfg.original_program_index; i < cfg.original_argc; i++) {	483	for (i = cfg.original_program_index; i < cfg.original_argc; i++) {


diff --git a/src/firejail/usage.c b/src/firejail/usage.c index adba5da40..8f9cc065f 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c
@@ -33,7 +33,6 @@ static char *usage_str =
33	" --apparmor - enable AppArmor confinement.\n"	33	" --apparmor - enable AppArmor confinement.\n"
34	" --apparmor.print=name\|pid - print apparmor status.\n"	34	" --apparmor.print=name\|pid - print apparmor status.\n"
35	" --appimage - sandbox an AppImage application.\n"	35	" --appimage - sandbox an AppImage application.\n"
36	" --audit[=test-program] - audit the sandbox.\n"
37	#ifdef HAVE_NETWORK	36	#ifdef HAVE_NETWORK
38	" --bandwidth=name\|pid - set bandwidth limits.\n"	37	" --bandwidth=name\|pid - set bandwidth limits.\n"
39	#endif	38	#endif