diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/caps.c | 2 | ||||
-rw-r--r-- | src/firejail/usage.c | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index 93049ebf0..1c4ac8d37 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
@@ -289,10 +289,12 @@ int caps_default_filter(void) { | |||
289 | else if (arg_debug) | 289 | else if (arg_debug) |
290 | printf("Drop CAP_SYS_TTY_CONFIG\n"); | 290 | printf("Drop CAP_SYS_TTY_CONFIG\n"); |
291 | 291 | ||
292 | #ifdef CAP_SYSLOG | ||
292 | if (prctl(PR_CAPBSET_DROP, CAP_SYSLOG, 0, 0, 0) && arg_debug) | 293 | if (prctl(PR_CAPBSET_DROP, CAP_SYSLOG, 0, 0, 0) && arg_debug) |
293 | fprintf(stderr, "Warning: cannot drop CAP_SYSLOG"); | 294 | fprintf(stderr, "Warning: cannot drop CAP_SYSLOG"); |
294 | else if (arg_debug) | 295 | else if (arg_debug) |
295 | printf("Drop CAP_SYSLOG\n"); | 296 | printf("Drop CAP_SYSLOG\n"); |
297 | #endif | ||
296 | 298 | ||
297 | if (prctl(PR_CAPBSET_DROP, CAP_MKNOD, 0, 0, 0) && arg_debug) | 299 | if (prctl(PR_CAPBSET_DROP, CAP_MKNOD, 0, 0, 0) && arg_debug) |
298 | fprintf(stderr, "Warning: cannot drop CAP_MKNOD"); | 300 | fprintf(stderr, "Warning: cannot drop CAP_MKNOD"); |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 5021025e8..52b85f5ce 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -48,7 +48,11 @@ void usage(void) { | |||
48 | printf("\t-c - execute command and exit.\n\n"); | 48 | printf("\t-c - execute command and exit.\n\n"); |
49 | printf("\t--caps - enable default Linux capabilities filter. The filter disables\n"); | 49 | printf("\t--caps - enable default Linux capabilities filter. The filter disables\n"); |
50 | printf("\t\tCAP_SYS_MODULE, CAP_SYS_RAWIO, CAP_SYS_BOOT, CAP_SYS_NICE,\n"); | 50 | printf("\t\tCAP_SYS_MODULE, CAP_SYS_RAWIO, CAP_SYS_BOOT, CAP_SYS_NICE,\n"); |
51 | #ifdef CAP_SYSLOG | ||
51 | printf("\t\tCAP_SYS_TTY_CONFIG, CAP_SYSLOG, CAP_MKNOD, CAP_SYS_ADMIN.\n\n"); | 52 | printf("\t\tCAP_SYS_TTY_CONFIG, CAP_SYSLOG, CAP_MKNOD, CAP_SYS_ADMIN.\n\n"); |
53 | #else | ||
54 | printf("\t\tCAP_SYS_TTY_CONFIG, CAP_MKNOD, CAP_SYS_ADMIN.\n\n"); | ||
55 | #endif | ||
52 | printf("\t--caps.drop=all - drop all capabilities.\n\n"); | 56 | printf("\t--caps.drop=all - drop all capabilities.\n\n"); |
53 | printf("\t--caps.drop=capability,capability,capability - blacklist Linux\n"); | 57 | printf("\t--caps.drop=capability,capability,capability - blacklist Linux\n"); |
54 | printf("\t\tcapabilities filter.\n\n"); | 58 | printf("\t\tcapabilities filter.\n\n"); |