diff options
Diffstat (limited to 'src/fsec-optimize/main.c')
-rw-r--r-- | src/fsec-optimize/main.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c index 74aebc9e0..c64587068 100644 --- a/src/fsec-optimize/main.c +++ b/src/fsec-optimize/main.c | |||
@@ -18,6 +18,9 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | #include "fsec_optimize.h" | 20 | #include "fsec_optimize.h" |
21 | #include "../include/syscall.h" | ||
22 | |||
23 | int arg_seccomp_error_action = SECCOMP_RET_ERRNO | EPERM; // error action: errno, log or kill | ||
21 | 24 | ||
22 | static void usage(void) { | 25 | static void usage(void) { |
23 | printf("Usage:\n"); | 26 | printf("Usage:\n"); |
@@ -46,6 +49,20 @@ printf("\n"); | |||
46 | 49 | ||
47 | warn_dumpable(); | 50 | warn_dumpable(); |
48 | 51 | ||
52 | char *error_action = getenv("FIREJAIL_SECCOMP_ERROR_ACTION"); | ||
53 | if (error_action) { | ||
54 | if (strcmp(error_action, "kill") == 0) | ||
55 | arg_seccomp_error_action = SECCOMP_RET_KILL; | ||
56 | else if (strcmp(error_action, "log") == 0) | ||
57 | arg_seccomp_error_action = SECCOMP_RET_LOG; | ||
58 | else { | ||
59 | arg_seccomp_error_action = errno_find_name(error_action); | ||
60 | if (arg_seccomp_error_action == -1) | ||
61 | errExit("seccomp-error-action: unknown errno"); | ||
62 | arg_seccomp_error_action |= SECCOMP_RET_ERRNO; | ||
63 | } | ||
64 | } | ||
65 | |||
49 | char *fname = argv[1]; | 66 | char *fname = argv[1]; |
50 | 67 | ||
51 | // open input file | 68 | // open input file |