From 687a429ddda387f40f163a45211345607ad96149 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 31 May 2017 20:42:19 -0400 Subject: AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile --- RELNOTES | 2 ++ src/firejail/sandbox.c | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/RELNOTES b/RELNOTES index 24e340e01..7fb5dea64 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1,5 +1,7 @@ firejail (0.9.47) baseline; urgency=low * work in progress + * modifs: AppArmor made optional; a warning is printed on the screen + if the sandbox fails to load the AppArmor profile * added /etc/firejail/globals.local for global customizations * whitelisted Transmission, Deluge, qBitTorrent, KTorrent * new profiles: vym, darktable, Waterfox diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 7f82e2253..b22a4c651 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -987,12 +987,12 @@ int sandbox(void* sandbox_arg) { if (app_pid == 0) { #ifdef HAVE_APPARMOR if (arg_apparmor) { + int done = 0; errno = 0; if (aa_change_onexec("firejail-default")) { - fprintf(stderr, "Error: cannot confine the application using AppArmor.\n"); - fprintf(stderr, "Maybe firejail-default AppArmor profile is not loaded into the kernel.\n"); - fprintf(stderr, "As root, run \"aa-enforce firejail-default\" to load it.\n"); - exit(1); + fwarning("Cannot confine the application using AppArmor.\n" + "Maybe firejail-default AppArmor profile is not loaded into the kernel.\n" + "As root, run \"aa-enforce firejail-default\" to load it.\n"); } else if (arg_debug) printf("AppArmor enabled\n"); -- cgit v1.2.3-70-g09d2