diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/protocol.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index 098661339..5f730afef 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c | |||
@@ -85,13 +85,23 @@ void protocol_list(void) { | |||
85 | // --protocol.print | 85 | // --protocol.print |
86 | void protocol_print_filter_name(const char *name) { | 86 | void protocol_print_filter_name(const char *name) { |
87 | (void) name; | 87 | (void) name; |
88 | #ifdef SYS_socket | ||
88 | //todo | 89 | //todo |
90 | #else | ||
91 | fprintf(stderr, "Warning: --protocol not supported on this platform\n"); | ||
92 | return; | ||
93 | #endif | ||
89 | } | 94 | } |
90 | 95 | ||
91 | // --protocol.print | 96 | // --protocol.print |
92 | void protocol_print_filter(pid_t pid) { | 97 | void protocol_print_filter(pid_t pid) { |
93 | (void) pid; | 98 | (void) pid; |
99 | #ifdef SYS_socket | ||
94 | //todo | 100 | //todo |
101 | #else | ||
102 | fprintf(stderr, "Warning: --protocol not supported on this platform\n"); | ||
103 | return; | ||
104 | #endif | ||
95 | } | 105 | } |
96 | 106 | ||
97 | // check protocol list and store it in cfg structure | 107 | // check protocol list and store it in cfg structure |
@@ -129,9 +139,13 @@ errout: | |||
129 | // install protocol filter | 139 | // install protocol filter |
130 | void protocol_filter(void) { | 140 | void protocol_filter(void) { |
131 | assert(cfg.protocol); | 141 | assert(cfg.protocol); |
132 | 142 | ||
143 | #ifndef SYS_socket | ||
144 | (void) find_protocol_domain; | ||
145 | fprintf(stderr, "Warning: --protocol not supported on this platform\n"); | ||
146 | return; | ||
147 | #else | ||
133 | // build the filter | 148 | // build the filter |
134 | |||
135 | struct sock_filter filter[32]; // big enough | 149 | struct sock_filter filter[32]; // big enough |
136 | memset(&filter[0], 0, sizeof(filter)); | 150 | memset(&filter[0], 0, sizeof(filter)); |
137 | uint8_t *ptr = (uint8_t *) &filter[0]; | 151 | uint8_t *ptr = (uint8_t *) &filter[0]; |
@@ -217,7 +231,7 @@ printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns | |||
217 | #endif | 231 | #endif |
218 | 232 | ||
219 | // install filter | 233 | // install filter |
220 | unsigned short entries = (unsigned short) ((uint64_t) ptr - (uint64_t) (filter)) / (unsigned) sizeof(struct sock_filter); | 234 | unsigned short entries = (unsigned short) ((uintptr_t) ptr - (uintptr_t) (filter)) / (unsigned) sizeof(struct sock_filter); |
221 | struct sock_fprog prog = { | 235 | struct sock_fprog prog = { |
222 | .len = entries, | 236 | .len = entries, |
223 | .filter = filter, | 237 | .filter = filter, |
@@ -230,11 +244,7 @@ printf("entries %u\n", (unsigned) ((uint64_t) ptr - (uint64_t) (filter)) / (uns | |||
230 | else if (arg_debug) { | 244 | else if (arg_debug) { |
231 | printf("seccomp protocol filter enabled\n"); | 245 | printf("seccomp protocol filter enabled\n"); |
232 | } | 246 | } |
233 | 247 | #endif // SYS_socket | |
234 | #if defined(__x86_64__) | ||
235 | |||
236 | #endif | ||
237 | |||
238 | } | 248 | } |
239 | 249 | ||
240 | #endif | 250 | #endif // HAVE_SECCOMP |