From 3d3365cb31d91661b503a04488873aca17a86636 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@protonmail.com>
Date: Mon, 24 Oct 2022 09:06:01 -0400
Subject: removed grsecurity support

---
 .gitignore             |  1 +
 RELNOTES               |  1 +
 src/firejail/main.c    | 23 +----------------------
 src/firejail/profile.c | 15 ---------------
 4 files changed, 3 insertions(+), 37 deletions(-)

diff --git a/.gitignore b/.gitignore
index b5d29dc19..7333b1c8d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,6 +27,7 @@ firecfg.1
 jailcheck.1
 src/fnettrace-dns/fnettrace-dns
 src/fnettrace-sni/fnettrace-sni
+src/fnettrace-icmp/fnettrace-icmp
 src/firejail/firejail
 src/firemon/firemon
 src/firecfg/firecfg
diff --git a/RELNOTES b/RELNOTES
index 5d8dc2365..1adfd913e 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -17,6 +17,7 @@ firejail (0.9.71) baseline; urgency=low
     (#5190 #5216)
   * modif: disabled tracelog by default in /etc/firejail/firejail.config
     (#5190)
+  * modif: removed grsecurity support
   * bugfix: Flood of seccomp audit log entries (#5207)
   * build: deduplicate configure-time vars into new config files (#5140 #5284)
   * build: fix file mode of shell scripts (644 -> 755) (#5206)
diff --git a/src/firejail/main.c b/src/firejail/main.c
index ed5b4901b..1eda26f99 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -728,8 +728,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
 #ifdef HAVE_NETWORK
 	else if (strcmp(argv[i], "--netstats") == 0) {
 		if (checkcfg(CFG_NETWORK)) {
-			struct stat s;
-			if (stat("/proc/sys/kernel/grsecurity", &s) == 0 || pid_hidepid())
+			if (pid_hidepid())
 				sbox_run(SBOX_ROOT | SBOX_CAPS_HIDEPID | SBOX_SECCOMP | SBOX_ALLOW_STDIN,
 					2, PATH_FIREMON, "--netstats");
 			else
@@ -1747,11 +1746,6 @@ int main(int argc, char **argv, char **envp) {
 					fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 					exit(1);
 				}
-				struct stat s;
-				if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-					fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-					exit(1);
-				}
 				arg_overlay = 1;
 				arg_overlay_keep = 1;
 
@@ -1775,11 +1769,6 @@ int main(int argc, char **argv, char **envp) {
 					fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 					exit(1);
 				}
-				struct stat s;
-				if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-					fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-					exit(1);
-				}
 				arg_overlay = 1;
 				arg_overlay_keep = 1;
 				arg_overlay_reuse = 1;
@@ -1811,11 +1800,6 @@ int main(int argc, char **argv, char **envp) {
 					fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 					exit(1);
 				}
-				struct stat s;
-				if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-					fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-					exit(1);
-				}
 				arg_overlay = 1;
 			}
 			else
@@ -1954,11 +1938,6 @@ int main(int argc, char **argv, char **envp) {
 					exit(1);
 				}
 
-				struct stat s;
-				if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-					fprintf(stderr, "Error: --chroot option is not available on Grsecurity systems\n");
-					exit(1);
-				}
 				// extract chroot dirname
 				cfg.chrootdir = argv[i] + 9;
 				if (*cfg.chrootdir == '\0') {
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 641bb09b1..24964d40d 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1418,11 +1418,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 				fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 				exit(1);
 			}
-			struct stat s;
-			if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-				fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-				exit(1);
-			}
 			arg_overlay = 1;
 			arg_overlay_keep = 1;
 			arg_overlay_reuse = 1;
@@ -1455,11 +1450,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 				fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 				exit(1);
 			}
-			struct stat s;
-			if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-				fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-				exit(1);
-			}
 			arg_overlay = 1;
 		}
 		else
@@ -1476,11 +1466,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 				fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 				exit(1);
 			}
-			struct stat s;
-			if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-				fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-				exit(1);
-			}
 			arg_overlay = 1;
 			arg_overlay_keep = 1;
 
-- 
cgit v1.2.3-70-g09d2