Merge pull request #6305 from kmk3/landlock-amend-empty

landlock: amend empty functions and comments
netblue30 · Apr 11, 2024 · 442a2f8 · 442a2f8
2 parents 403d9ae + a05ae97
commit 442a2f8
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 5 deletions.
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
@@ -966,10 +966,8 @@ void run_ids(int argc, char **argv);
 void oom_set(const char *oom_string);
 
 // landlock.c
-#ifdef HAVE_LANDLOCK
 int ll_get_fd(void);
 int ll_restrict(uint32_t flags);
 void ll_add_profile(int type, const char *data);
-#endif /* HAVE_LANDLOCK */
 
 #endif
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c
@@ -18,7 +18,6 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
-#ifdef HAVE_LANDLOCK
 #include "firejail.h"
 #include <linux/landlock.h>
 #include <sys/prctl.h>
@@ -27,6 +26,8 @@
 #include <errno.h>
 #include <fcntl.h>
 
+#ifdef HAVE_LANDLOCK
+
 static int ll_ruleset_fd = -1;
 static int ll_abi = -1;
 
@@ -295,6 +296,17 @@ void ll_add_profile(int type, const char *data) {
 }
 
 #else
+
+int ll_get_fd(void) {
+	return -1;
+}
+
+int ll_restrict(uint32_t flags) {
+	(void) flags;
+
+	return 0;
+}
+
 void ll_add_profile(int type, const char *data) {
 	(void) type;
 	(void) data;

diff --git a/src/firejail/profile.c b/src/firejail/profile.c
@@ -1074,8 +1074,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 	}
 
 //#ifdef HAVE_LANDLOCK
-// landlock_connon.inc included by derfault in landlock.profile
-// all landlcok functions are empty in case landlock is not available in the kernel
+// landlock-common.inc is included by default.profile, so the entries of the
+// former should be processed or ignored instead of aborting.
+// Note that all landlock functions are empty when building without landlock
+// support.
 	if (strncmp(ptr, "landlock.enforce", 16) == 0) {
 		arg_landlock_enforce = 1;
 		return 0;