compile time: disable --output

2026-05-15 14:16:14 -06:00 · 2021-02-28 07:49:20 -05:00 · 2021-02-28 07:49:20 -05:00 · 72ba0b7e5e
commit 72ba0b7e5e
parent 437be33f40
7 changed files with 42 additions and 1 deletions
--- a/17
+++ b/17
@ -645,6 +645,7 @@ HAVE_FIRETUNNEL
 HAVE_GAWK
 HAVE_MAN
 HAVE_USERTMPFS
+HAVE_OUTPUT
 HAVE_OVERLAYFS
 HAVE_DBUSPROXY
 EXTRA_LDFLAGS
@ -711,6 +712,7 @@ enable_option_checking
 enable_analyzer
 enable_apparmor
 enable_dbusproxy
+enable_output
 enable_usertmpfs
 enable_man
 enable_firetunnel
@ -1366,6 +1368,7 @@ Optional Features:
  --enable-analyzer       enable GCC 10 static analyzer
  --enable-apparmor       enable apparmor
  --disable-dbusproxy     disable dbus proxy
+  --disable-output        disable --output logging
  --disable-usertmpfs     disable tmpfs as regular user
  --disable-man           disable man pages
  --disable-firetunnel    disable firetunnel
@ -3539,6 +3542,19 @@ HAVE_OVERLAYFS=""
 #	AC_SUBST(HAVE_OVERLAYFS)
 #])

+HAVE_OUTPUT=""
+# Check whether --enable-output was given.
+if test "${enable_output+set}" = set; then :
+  enableval=$enable_output;
+fi
+
+if test "x$enable_output" != "xno"; then :
+
+	HAVE_OUTPUT="-DHAVE_OUTPUT"
+
+
+fi
+
 HAVE_USERTMPFS=""
 # Check whether --enable-usertmpfs was given.
 if test "${enable_usertmpfs+set}" = set; then :
@ -5480,6 +5496,7 @@ echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   overlayfs support: $HAVE_OVERLAYFS"
 echo "   DBUS proxy support: $HAVE_DBUSPROXY"
 echo "   allow tmpfs as regular user: $HAVE_USERTMPFS"
+echo "   enable --ouput logging: $HAVE_OUTPUT"
 echo "   Manpage support: $HAVE_MAN"
 echo "   firetunnel support: $HAVE_FIRETUNNEL"
 echo "   busybox workaround: $BUSYBOX_WORKAROUND"
--- a/configure.ac
+++ b/configure.ac
@ -77,6 +77,14 @@ AC_SUBST(HAVE_OVERLAYFS)
 #	AC_SUBST(HAVE_OVERLAYFS)
 #])

+HAVE_OUTPUT=""
+AC_ARG_ENABLE([output],
+    AS_HELP_STRING([--disable-output], [disable --output logging]))
+AS_IF([test "x$enable_output" != "xno"], [
+	HAVE_OUTPUT="-DHAVE_OUTPUT"
+	AC_SUBST(HAVE_OUTPUT)
+])
+
 HAVE_USERTMPFS=""
 AC_ARG_ENABLE([usertmpfs],
    AS_HELP_STRING([--disable-usertmpfs], [disable tmpfs as regular user]))
@ -253,6 +261,7 @@ echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   overlayfs support: $HAVE_OVERLAYFS"
 echo "   DBUS proxy support: $HAVE_DBUSPROXY"
 echo "   allow tmpfs as regular user: $HAVE_USERTMPFS"
+echo "   enable --ouput logging: $HAVE_OUTPUT"
 echo "   Manpage support: $HAVE_MAN"
 echo "   firetunnel support: $HAVE_FIRETUNNEL"
 echo "   busybox workaround: $BUSYBOX_WORKAROUND"
--- a/src/common.mk.in
+++ b/src/common.mk.in
@ -25,6 +25,7 @@ HAVE_GCOV=@HAVE_GCOV@
 HAVE_SELINUX=@HAVE_SELINUX@
 HAVE_DBUSPROXY=@HAVE_DBUSPROXY@
 HAVE_USERTMPFS=@HAVE_USERTMPFS@
+HAVE_OUTPUT=@HAVE_OUTPUT@

 H_FILE_LIST       = $(sort $(wildcard *.[h]))
 C_FILE_LIST       = $(sort $(wildcard *.c))
@ -34,7 +35,7 @@ BINOBJS =  $(foreach file, $(OBJS), $file)
 CFLAGS = @CFLAGS@
 CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV)
 CFLAGS += -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' -DBINDIR='"$(bindir)"'
-MANFLAGS = $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
+MANFLAGS = $(HAVE_OUTPUT) $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_USERTMPFS) $(HAVE_DBUSPROXY) $(HAVE_FIRETUNNEL) $(HAVE_GLOBALCFG) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) $(HAVE_SELINUX)
 CFLAGS += $(MANFLAGS)
 CFLAGS += -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -Wformat -Wformat-security
 LDFLAGS += -pie -fPIE -Wl,-z,relro -Wl,-z,now -lpthread
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@ -378,6 +378,14 @@ void print_compiletime_support(void) {
 		"enabled"
 #else
 		"disabled"
+#endif
+		);
+
+	printf("\t- output logging is %s\n",
+#ifdef HAVE_OUTPUT
+		"enabled"
+#else
+		"disabled"
 #endif
 		);
 }
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@ -1233,10 +1233,12 @@ int main(int argc, char **argv, char **envp) {
 #endif
 		}
 	}
+#ifdef HAVE_OUTPUT
 	else {
 		// check --output option and execute it;
 		check_output(argc, argv); // the function will not return if --output or --output-stderr option was found
 	}
+#endif
 	EUID_ASSERT();

 	// check for force-nonewprivs in /etc/firejail/firejail.config file
--- a/src/firejail/output.c
+++ b/src/firejail/output.c
@ -22,6 +22,7 @@
 #include <sys/stat.h>
 #include <unistd.h>

+#ifdef HAVE_OUTPUT
 void check_output(int argc, char **argv) {
 	EUID_ASSERT();

@ -149,3 +150,4 @@ void check_output(int argc, char **argv) {
 	perror("execvp");
 	exit(1);
 }
+#endif
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@ -1642,6 +1642,7 @@ Disable video devices.
 \fB\-\-nowhitelist=dirname_or_filename
 Disable whitelist for this directory or file.

+#ifdef HAVE_OUTPUT
 .TP
 \fB\-\-output=logfile
 stdout logging and log rotation. Copy stdout to logfile, and keep the size of the file under 500KB using log
@ -1672,6 +1673,7 @@ $ ls -l sandboxlog*
 .TP
 \fB\-\-output-stderr=logfile
 Similar to \-\-output, but stderr is also stored.
+#endif

 #ifdef HAVE_OVERLAYFS
 .TP