Allow changing "protocol" list after initial set

Firejail uses set-once logic for "protocol" list. This makes it
impossible to accumulate list of allowed protocols from multiple
include files.

Use profile_list_augment() for maintaining list of protocols. This
implicitly means protocols can be added/removed via any number of
command line options / profile configuration files.

Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com>
Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>

src/firejail/main.c

@@ -1285,15 +1285,10 @@ int main(int argc, char **argv, char **envp) {
 #endif
 		else if (strncmp(argv[i], "--protocol=", 11) == 0) {
 			if (checkcfg(CFG_SECCOMP)) {
-				if (cfg.protocol) {
-					fwarning("more than one protocol list is present, \"%s\" will be installed\n", cfg.protocol);
-				}
-				else {
-					// store list
-					cfg.protocol = strdup(argv[i] + 11);
-					if (!cfg.protocol)
-						errExit("strdup");
-				}
+				const char *add = argv[i] + 11;
+				profile_list_augment(&cfg.protocol, add);
+				if (arg_debug)
+					fprintf(stderr, "[option] combined protocol list: \"%s\"\n", cfg.protocol);
 			}
 			else
 				exit_err_feature("seccomp");

src/firejail/profile.c

@@ -911,15 +911,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
 
 	if (strncmp(ptr, "protocol ", 9) == 0) {
 		if (checkcfg(CFG_SECCOMP)) {
-			if (cfg.protocol) {
-				fwarning("more than one protocol list is present, \"%s\" will be installed\n", cfg.protocol);
-				return 0;
-			}
-
-			// store list
-			cfg.protocol = strdup(ptr + 9);
-			if (!cfg.protocol)
-				errExit("strdup");
+			const char *add = ptr + 9;
+			profile_list_augment(&cfg.protocol, add);
+			if (arg_debug)
+				fprintf(stderr, "[profile] combined protocol list: \"%s\"\n", cfg.protocol);
 		}
 		else
 			warning_feature_disabled("seccomp");