1 files changed, 17 insertions, 0 deletions
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index 74aebc9e0..c64587068 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -18,6 +18,9 @@
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #include "fsec_optimize.h"
+#include "../include/syscall.h"
+int arg_seccomp_error_action = SECCOMP_RET_ERRNO | EPERM; // error action: errno, log or kill
 static void usage(void) {
        printf("Usage:\n");
@@ -46,6 +49,20 @@ printf("\n");
        warn_dumpable();
+        char *error_action = getenv("FIREJAIL_SECCOMP_ERROR_ACTION");
+        if (error_action) {
+                if (strcmp(error_action, "kill") == 0)
+                        arg_seccomp_error_action = SECCOMP_RET_KILL;
+                else if (strcmp(error_action, "log") == 0)
+                        arg_seccomp_error_action = SECCOMP_RET_LOG;
+                else {
+                        arg_seccomp_error_action = errno_find_name(error_action);
+                        if (arg_seccomp_error_action == -1)
+                                errExit("seccomp-error-action: unknown errno");
+                        arg_seccomp_error_action |= SECCOMP_RET_ERRNO;
+                }
+        }
        char *fname = argv[1];
        // open input file

diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c index 74aebc9e0..c64587068 100644 --- a/src/fsec-optimize/main.c +++ b/src/fsec-optimize/main.c
@@ -18,6 +18,9 @@
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/	19	*/
20	#include "fsec_optimize.h"	20	#include "fsec_optimize.h"
		21	#include "../include/syscall.h"
		22
		23	int arg_seccomp_error_action = SECCOMP_RET_ERRNO \| EPERM; // error action: errno, log or kill
21		24
22	static void usage(void) {	25	static void usage(void) {
23	printf("Usage:\n");	26	printf("Usage:\n");
@@ -46,6 +49,20 @@ printf("\n");
46		49
47	warn_dumpable();	50	warn_dumpable();
48		51
		52	char *error_action = getenv("FIREJAIL_SECCOMP_ERROR_ACTION");
		53	if (error_action) {
		54	if (strcmp(error_action, "kill") == 0)
		55	arg_seccomp_error_action = SECCOMP_RET_KILL;
		56	else if (strcmp(error_action, "log") == 0)
		57	arg_seccomp_error_action = SECCOMP_RET_LOG;
		58	else {
		59	arg_seccomp_error_action = errno_find_name(error_action);
		60	if (arg_seccomp_error_action == -1)
		61	errExit("seccomp-error-action: unknown errno");
		62	arg_seccomp_error_action \|= SECCOMP_RET_ERRNO;
		63	}
		64	}
		65
49	char *fname = argv[1];	66	char *fname = argv[1];
50		67
51	// open input file	68	// open input file