aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/firejail/caps.c2
-rw-r--r--src/firejail/usage.c4
2 files changed, 6 insertions, 0 deletions
diff --git a/src/firejail/caps.c b/src/firejail/caps.c
index 93049ebf0..1c4ac8d37 100644
--- a/src/firejail/caps.c
+++ b/src/firejail/caps.c
@@ -289,10 +289,12 @@ int caps_default_filter(void) {
289 else if (arg_debug) 289 else if (arg_debug)
290 printf("Drop CAP_SYS_TTY_CONFIG\n"); 290 printf("Drop CAP_SYS_TTY_CONFIG\n");
291 291
292#ifdef CAP_SYSLOG
292 if (prctl(PR_CAPBSET_DROP, CAP_SYSLOG, 0, 0, 0) && arg_debug) 293 if (prctl(PR_CAPBSET_DROP, CAP_SYSLOG, 0, 0, 0) && arg_debug)
293 fprintf(stderr, "Warning: cannot drop CAP_SYSLOG"); 294 fprintf(stderr, "Warning: cannot drop CAP_SYSLOG");
294 else if (arg_debug) 295 else if (arg_debug)
295 printf("Drop CAP_SYSLOG\n"); 296 printf("Drop CAP_SYSLOG\n");
297#endif
296 298
297 if (prctl(PR_CAPBSET_DROP, CAP_MKNOD, 0, 0, 0) && arg_debug) 299 if (prctl(PR_CAPBSET_DROP, CAP_MKNOD, 0, 0, 0) && arg_debug)
298 fprintf(stderr, "Warning: cannot drop CAP_MKNOD"); 300 fprintf(stderr, "Warning: cannot drop CAP_MKNOD");
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 5021025e8..52b85f5ce 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -48,7 +48,11 @@ void usage(void) {
48 printf("\t-c - execute command and exit.\n\n"); 48 printf("\t-c - execute command and exit.\n\n");
49 printf("\t--caps - enable default Linux capabilities filter. The filter disables\n"); 49 printf("\t--caps - enable default Linux capabilities filter. The filter disables\n");
50 printf("\t\tCAP_SYS_MODULE, CAP_SYS_RAWIO, CAP_SYS_BOOT, CAP_SYS_NICE,\n"); 50 printf("\t\tCAP_SYS_MODULE, CAP_SYS_RAWIO, CAP_SYS_BOOT, CAP_SYS_NICE,\n");
51#ifdef CAP_SYSLOG
51 printf("\t\tCAP_SYS_TTY_CONFIG, CAP_SYSLOG, CAP_MKNOD, CAP_SYS_ADMIN.\n\n"); 52 printf("\t\tCAP_SYS_TTY_CONFIG, CAP_SYSLOG, CAP_MKNOD, CAP_SYS_ADMIN.\n\n");
53#else
54 printf("\t\tCAP_SYS_TTY_CONFIG, CAP_MKNOD, CAP_SYS_ADMIN.\n\n");
55#endif
52 printf("\t--caps.drop=all - drop all capabilities.\n\n"); 56 printf("\t--caps.drop=all - drop all capabilities.\n\n");
53 printf("\t--caps.drop=capability,capability,capability - blacklist Linux\n"); 57 printf("\t--caps.drop=capability,capability,capability - blacklist Linux\n");
54 printf("\t\tcapabilities filter.\n\n"); 58 printf("\t\tcapabilities filter.\n\n");
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-21 05:16:34 +0000