compile time: disable --output

netblue30 · Feb 28, 2021 · 72ba0b7 · 72ba0b7
1 parent 437be33
commit 72ba0b7
Show file tree

Hide file tree

Showing 7 changed files with 42 additions and 1 deletion.
diff --git a/configure b/configure
@@ -645,6 +645,7 @@ HAVE_FIRETUNNEL
 HAVE_GAWK
 HAVE_MAN
 HAVE_USERTMPFS
+HAVE_OUTPUT
 HAVE_OVERLAYFS
 HAVE_DBUSPROXY
 EXTRA_LDFLAGS
@@ -711,6 +712,7 @@ enable_option_checking
 enable_analyzer
 enable_apparmor
 enable_dbusproxy
+enable_output
 enable_usertmpfs
 enable_man
 enable_firetunnel
@@ -1366,6 +1368,7 @@ Optional Features:
  --enable-analyzer enable GCC 10 static analyzer
  --enable-apparmor enable apparmor
  --disable-dbusproxy disable dbus proxy
+ --disable-output disable --output logging
  --disable-usertmpfs disable tmpfs as regular user
  --disable-man disable man pages
  --disable-firetunnel disable firetunnel
@@ -3539,6 +3542,19 @@ HAVE_OVERLAYFS=""
 # AC_SUBST(HAVE_OVERLAYFS)
 #])
 
+HAVE_OUTPUT=""
+# Check whether --enable-output was given.
+if test "${enable_output+set}" = set; then :
+ enableval=$enable_output;
+fi
+
+if test "x$enable_output" != "xno"; then :
+
+ HAVE_OUTPUT="-DHAVE_OUTPUT"
+
+
+fi
+
 HAVE_USERTMPFS=""
 # Check whether --enable-usertmpfs was given.
 if test "${enable_usertmpfs+set}" = set; then :
@@ -5480,6 +5496,7 @@ echo " file transfer support: $HAVE_FILE_TRANSFER"
 echo " overlayfs support: $HAVE_OVERLAYFS"
 echo " DBUS proxy support: $HAVE_DBUSPROXY"
 echo " allow tmpfs as regular user: $HAVE_USERTMPFS"
+echo " enable --ouput logging: $HAVE_OUTPUT"
 echo " Manpage support: $HAVE_MAN"
 echo " firetunnel support: $HAVE_FIRETUNNEL"
 echo " busybox workaround: $BUSYBOX_WORKAROUND"

diff --git a/configure.ac b/configure.ac
@@ -77,6 +77,14 @@ AC_SUBST(HAVE_OVERLAYFS)
 # AC_SUBST(HAVE_OVERLAYFS)
 #])
 
+HAVE_OUTPUT=""
+AC_ARG_ENABLE([output],
+ AS_HELP_STRING([--disable-output], [disable --output logging]))
+AS_IF([test "x$enable_output" != "xno"], [
+ HAVE_OUTPUT="-DHAVE_OUTPUT"
+ AC_SUBST(HAVE_OUTPUT)
+])
+
 HAVE_USERTMPFS=""
 AC_ARG_ENABLE([usertmpfs],
  AS_HELP_STRING([--disable-usertmpfs], [disable tmpfs as regular user]))
@@ -253,6 +261,7 @@ echo " file transfer support: $HAVE_FILE_TRANSFER"
 echo " overlayfs support: $HAVE_OVERLAYFS"
 echo " DBUS proxy support: $HAVE_DBUSPROXY"
 echo " allow tmpfs as regular user: $HAVE_USERTMPFS"
+echo " enable --ouput logging: $HAVE_OUTPUT"
 echo " Manpage support: $HAVE_MAN"
 echo " firetunnel support: $HAVE_FIRETUNNEL"
 echo " busybox workaround: $BUSYBOX_WORKAROUND"

diff --git a/src/common.mk.in b/src/common.mk.in
@@ -25,6 +25,7 @@ HAVE_GCOV=@HAVE_GCOV@
 HAVE_SELINUX=@HAVE_SELINUX@
 HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
 HAVE_USERTMPFS=@HAVE_USERTMPFS@
+HAVE_OUTPUT=@HAVE_OUTPUT@
 
 H_FILE_LIST = $(sort $(wildcard *.[h]))
 C_FILE_LIST = $(sort $(wildcard *.c))
@@ -34,7 +35,7 @@ BINOBJS = $(foreach file, $(OBJS), $file)
 CFLAGS = @CFLAGS@
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)
 CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'
-MANFLAGS = $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
+MANFLAGS = $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
 CFLAGS += $(MANFLAGS)
 CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread

diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
@@ -378,6 +378,14 @@ void print_compiletime_support(void) {
  "enabled"
 #else
  "disabled"
+#endif
+ );
+
+ printf("\t- output logging is %s\n",
+#ifdef HAVE_OUTPUT
+ "enabled"
+#else
+ "disabled"
 #endif
  );
 }
diff --git a/src/firejail/main.c b/src/firejail/main.c
@@ -1233,10 +1233,12 @@ int main(int argc, char **argv, char **envp) {
 #endif
  }
  }
+#ifdef HAVE_OUTPUT
  else {
  // check --output option and execute it;
  check_output(argc, argv); // the function will not return if --output or --output-stderr option was found
  }
+#endif
  EUID_ASSERT();
 
  // check for force-nonewprivs in /etc/firejail/firejail.config file

diff --git a/src/firejail/output.c b/src/firejail/output.c
@@ -22,6 +22,7 @@
 #include <sys/stat.h>
 #include <unistd.h>
 
+#ifdef HAVE_OUTPUT
 void check_output(int argc, char **argv) {
  EUID_ASSERT();
 
@@ -149,3 +150,4 @@ void check_output(int argc, char **argv) {
  perror("execvp");
  exit(1);
 }
+#endif
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
@@ -1642,6 +1642,7 @@ Disable video devices.
 \fB\-\-nowhitelist=dirname_or_filename
 Disable whitelist for this directory or file.
 
+#ifdef HAVE_OUTPUT
 .TP
 \fB\-\-output=logfile
 stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log
@@ -1672,6 +1673,7 @@ $ ls -l sandboxlog*
 .TP
 \fB\-\-output-stderr=logfile
 Similar to \-\-output, but stderr is also stored.
+#endif
 
 #ifdef HAVE_OVERLAYFS
 .TP