diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/firejail.h | 2 | ||||
-rw-r--r-- | src/firejail/landlock.c | 14 | ||||
-rw-r--r-- | src/firejail/profile.c | 6 |
3 files changed, 17 insertions, 5 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 4e018476e..b8ec4d474 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -966,10 +966,8 @@ void run_ids(int argc, char **argv); | |||
966 | void oom_set(const char *oom_string); | 966 | void oom_set(const char *oom_string); |
967 | 967 | ||
968 | // landlock.c | 968 | // landlock.c |
969 | #ifdef HAVE_LANDLOCK | ||
970 | int ll_get_fd(void); | 969 | int ll_get_fd(void); |
971 | int ll_restrict(uint32_t flags); | 970 | int ll_restrict(uint32_t flags); |
972 | void ll_add_profile(int type, const char *data); | 971 | void ll_add_profile(int type, const char *data); |
973 | #endif /* HAVE_LANDLOCK */ | ||
974 | 972 | ||
975 | #endif | 973 | #endif |
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index 44d7eeafa..a360f155b 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c | |||
@@ -18,7 +18,6 @@ | |||
18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | 18 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
19 | */ | 19 | */ |
20 | 20 | ||
21 | #ifdef HAVE_LANDLOCK | ||
22 | #include "firejail.h" | 21 | #include "firejail.h" |
23 | #include <linux/landlock.h> | 22 | #include <linux/landlock.h> |
24 | #include <sys/prctl.h> | 23 | #include <sys/prctl.h> |
@@ -27,6 +26,8 @@ | |||
27 | #include <errno.h> | 26 | #include <errno.h> |
28 | #include <fcntl.h> | 27 | #include <fcntl.h> |
29 | 28 | ||
29 | #ifdef HAVE_LANDLOCK | ||
30 | |||
30 | static int ll_ruleset_fd = -1; | 31 | static int ll_ruleset_fd = -1; |
31 | static int ll_abi = -1; | 32 | static int ll_abi = -1; |
32 | 33 | ||
@@ -295,6 +296,17 @@ void ll_add_profile(int type, const char *data) { | |||
295 | } | 296 | } |
296 | 297 | ||
297 | #else | 298 | #else |
299 | |||
300 | int ll_get_fd(void) { | ||
301 | return -1; | ||
302 | } | ||
303 | |||
304 | int ll_restrict(uint32_t flags) { | ||
305 | (void) flags; | ||
306 | |||
307 | return 0; | ||
308 | } | ||
309 | |||
298 | void ll_add_profile(int type, const char *data) { | 310 | void ll_add_profile(int type, const char *data) { |
299 | (void) type; | 311 | (void) type; |
300 | (void) data; | 312 | (void) data; |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 62767f8dc..4c6830250 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1074,8 +1074,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1074 | } | 1074 | } |
1075 | 1075 | ||
1076 | //#ifdef HAVE_LANDLOCK | 1076 | //#ifdef HAVE_LANDLOCK |
1077 | // landlock_connon.inc included by derfault in landlock.profile | 1077 | // landlock-common.inc is included by default.profile, so the entries of the |
1078 | // all landlcok functions are empty in case landlock is not available in the kernel | 1078 | // former should be processed or ignored instead of aborting. |
1079 | // Note that all landlock functions are empty when building without landlock | ||
1080 | // support. | ||
1079 | if (strncmp(ptr, "landlock.enforce", 16) == 0) { | 1081 | if (strncmp(ptr, "landlock.enforce", 16) == 0) { |
1080 | arg_landlock_enforce = 1; | 1082 | arg_landlock_enforce = 1; |
1081 | return 0; | 1083 | return 0; |