From f74fa71cf9d549b1607ca5b0c9fb2442e31f72ab Mon Sep 17 00:00:00 2001
From: Glenn Washburn <development@efficientek.com>
Date: Tue, 16 Oct 2018 01:41:52 -0500
Subject: Do not override user provided seccomp lists when in
 chroot/overlay/appimage, but to use the default if none is provided.

---
 src/firejail/sandbox.c | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 3abeb174e..95732b95e 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -530,14 +530,6 @@ static void enforce_filters(void) {
 #ifdef HAVE_SECCOMP
 	enforce_seccomp = 1;
 #endif
-	if (cfg.seccomp_list_drop) {
-		free(cfg.seccomp_list_drop);
-		cfg.seccomp_list_drop = NULL;
-	}
-	if (cfg.seccomp_list_keep) {
-		free(cfg.seccomp_list_keep);
-		cfg.seccomp_list_keep = NULL;
-	}
 
 	// disable all capabilities
 	if (arg_caps_default_filter || arg_caps_list)
@@ -547,8 +539,7 @@ static void enforce_filters(void) {
 	// drop all supplementary groups; /etc/group file inside chroot
 	// is controlled by a regular usr
 	arg_nogroups = 1;
-	fmessage("\n** Warning: dropping all Linux capabilities and enforcing  **\n");
-	fmessage("**                  default seccomp filter                 **\n\n");
+	fmessage("\n**     Warning: dropping all Linux capabilities     **\n");
 }
 
 int sandbox(void* sandbox_arg) {
-- 
cgit v1.2.3-54-g00ecf