1 files changed, 18 insertions, 5 deletions
diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c
index fb13eeca8..c64587068 100644
--- a/src/fsec-optimize/main.c
+++ b/src/fsec-optimize/main.c
@@ -18,6 +18,9 @@
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 #include "fsec_optimize.h"
+#include "../include/syscall.h"
+int arg_seccomp_error_action = SECCOMP_RET_ERRNO | EPERM; // error action: errno, log or kill
 static void usage(void) {
        printf("Usage:\n");
@@ -44,11 +47,21 @@ printf("\n");
                return 0;
        }
-#ifdef WARN_DUMPABLE
+        warn_dumpable();
-        // check FIREJAIL_PLUGIN in order to not print a warning during make
-        if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))
+        char *error_action = getenv("FIREJAIL_SECCOMP_ERROR_ACTION");
-                fprintf(stderr, "Error fsec-optimize: I am dumpable\n");
+        if (error_action) {
-#endif
+                if (strcmp(error_action, "kill") == 0)
+                        arg_seccomp_error_action = SECCOMP_RET_KILL;
+                else if (strcmp(error_action, "log") == 0)
+                        arg_seccomp_error_action = SECCOMP_RET_LOG;
+                else {
+                        arg_seccomp_error_action = errno_find_name(error_action);
+                        if (arg_seccomp_error_action == -1)
+                                errExit("seccomp-error-action: unknown errno");
+                        arg_seccomp_error_action |= SECCOMP_RET_ERRNO;
+                }
+        }
        char *fname = argv[1];

diff --git a/src/fsec-optimize/main.c b/src/fsec-optimize/main.c index fb13eeca8..c64587068 100644 --- a/src/fsec-optimize/main.c +++ b/src/fsec-optimize/main.c
@@ -18,6 +18,9 @@
18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.	18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19	*/	19	*/
20	#include "fsec_optimize.h"	20	#include "fsec_optimize.h"
		21	#include "../include/syscall.h"
		22
		23	int arg_seccomp_error_action = SECCOMP_RET_ERRNO \| EPERM; // error action: errno, log or kill
21		24
22	static void usage(void) {	25	static void usage(void) {
23	printf("Usage:\n");	26	printf("Usage:\n");
@@ -44,11 +47,21 @@ printf("\n");
44	return 0;	47	return 0;
45	}	48	}
46		49
47	#ifdef WARN_DUMPABLE	50	warn_dumpable();
48	// check FIREJAIL_PLUGIN in order to not print a warning during make	51
49	if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 1 && getuid() && getenv("FIREJAIL_PLUGIN"))	52	char *error_action = getenv("FIREJAIL_SECCOMP_ERROR_ACTION");
50	fprintf(stderr, "Error fsec-optimize: I am dumpable\n");	53	if (error_action) {
51	#endif	54	if (strcmp(error_action, "kill") == 0)
		55	arg_seccomp_error_action = SECCOMP_RET_KILL;
		56	else if (strcmp(error_action, "log") == 0)
		57	arg_seccomp_error_action = SECCOMP_RET_LOG;
		58	else {
		59	arg_seccomp_error_action = errno_find_name(error_action);
		60	if (arg_seccomp_error_action == -1)
		61	errExit("seccomp-error-action: unknown errno");
		62	arg_seccomp_error_action \|= SECCOMP_RET_ERRNO;
		63	}
		64	}
52		65
53	char *fname = argv[1];	66	char *fname = argv[1];
54		67