removed grsecurity support

.gitignore

@@ -27,6 +27,7 @@ firecfg.1
 jailcheck.1
 src/fnettrace-dns/fnettrace-dns
 src/fnettrace-sni/fnettrace-sni
+src/fnettrace-icmp/fnettrace-icmp
 src/firejail/firejail
 src/firemon/firemon
 src/firecfg/firecfg

RELNOTES

@@ -17,6 +17,7 @@ firejail (0.9.71) baseline; urgency=low
     (#5190 #5216)
   * modif: disabled tracelog by default in /etc/firejail/firejail.config
     (#5190)
+  * modif: removed grsecurity support
   * bugfix: Flood of seccomp audit log entries (#5207)
   * build: deduplicate configure-time vars into new config files (#5140 #5284)
   * build: fix file mode of shell scripts (644 -> 755) (#5206)

src/firejail/main.c

@@ -728,8 +728,7 @@ static void run_cmd_and_exit(int i, int argc, char **argv) {
 #ifdef HAVE_NETWORK
 	else if (strcmp(argv[i], "--netstats") == 0) {
 		if (checkcfg(CFG_NETWORK)) {
-			struct stat s;
-			if (stat("/proc/sys/kernel/grsecurity", &s) == 0 || pid_hidepid())
+			if (pid_hidepid())
 				sbox_run(SBOX_ROOT | SBOX_CAPS_HIDEPID | SBOX_SECCOMP | SBOX_ALLOW_STDIN,
 					2, PATH_FIREMON, "--netstats");
 			else
@@ -1747,11 +1746,6 @@ int main(int argc, char **argv, char **envp) {
 					fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 					exit(1);
 				}
-				struct stat s;
-				if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-					fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-					exit(1);
-				}
 				arg_overlay = 1;
 				arg_overlay_keep = 1;
 
@@ -1775,11 +1769,6 @@ int main(int argc, char **argv, char **envp) {
 					fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 					exit(1);
 				}
-				struct stat s;
-				if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-					fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-					exit(1);
-				}
 				arg_overlay = 1;
 				arg_overlay_keep = 1;
 				arg_overlay_reuse = 1;
@@ -1811,11 +1800,6 @@ int main(int argc, char **argv, char **envp) {
 					fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 					exit(1);
 				}
-				struct stat s;
-				if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-					fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-					exit(1);
-				}
 				arg_overlay = 1;
 			}
 			else
@@ -1954,11 +1938,6 @@ int main(int argc, char **argv, char **envp) {
 					exit(1);
 				}
 
-				struct stat s;
-				if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-					fprintf(stderr, "Error: --chroot option is not available on Grsecurity systems\n");
-					exit(1);
-				}
 				// extract chroot dirname
 				cfg.chrootdir = argv[i] + 9;
 				if (*cfg.chrootdir == '\0') {

src/firejail/profile.c

@@ -1418,11 +1418,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 				fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 				exit(1);
 			}
-			struct stat s;
-			if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-				fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-				exit(1);
-			}
 			arg_overlay = 1;
 			arg_overlay_keep = 1;
 			arg_overlay_reuse = 1;
@@ -1455,11 +1450,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 				fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 				exit(1);
 			}
-			struct stat s;
-			if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-				fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-				exit(1);
-			}
 			arg_overlay = 1;
 		}
 		else
@@ -1476,11 +1466,6 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 				fprintf(stderr, "Error: --overlay and --chroot options are mutually exclusive\n");
 				exit(1);
 			}
-			struct stat s;
-			if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
-				fprintf(stderr, "Error: --overlay option is not available on Grsecurity systems\n");
-				exit(1);
-			}
 			arg_overlay = 1;
 			arg_overlay_keep = 1;