diff options
author | netblue30 <netblue30@yahoo.com> | 2020-04-03 08:30:16 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2020-04-03 08:30:16 -0400 |
commit | 9ba916d20d723f2515c2e084db3437a529b81c34 (patch) | |
tree | 539f3a528500febffe6507b18f5d0ebf6b6022d3 | |
parent | Merge branch 'master' of https://github.com/netblue30/firejail (diff) | |
download | firejail-9ba916d20d723f2515c2e084db3437a529b81c34.tar.gz firejail-9ba916d20d723f2515c2e084db3437a529b81c34.tar.zst firejail-9ba916d20d723f2515c2e084db3437a529b81c34.zip |
seccomp/join fix
-rw-r--r-- | src/firejail/sandbox.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 93fe5425a..9abf94a7f 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -1122,11 +1122,6 @@ int sandbox(void* sandbox_arg) { | |||
1122 | seccomp_filter_drop(false); | 1122 | seccomp_filter_drop(false); |
1123 | 1123 | ||
1124 | } | 1124 | } |
1125 | else { // clean seccomp files under /run/firejail/mnt | ||
1126 | int rv = unlink(RUN_SECCOMP_CFG); | ||
1127 | rv |= unlink(RUN_SECCOMP_32); | ||
1128 | (void) rv; | ||
1129 | } | ||
1130 | 1125 | ||
1131 | if (arg_memory_deny_write_execute) { | 1126 | if (arg_memory_deny_write_execute) { |
1132 | if (arg_debug) | 1127 | if (arg_debug) |
@@ -1134,13 +1129,17 @@ int sandbox(void* sandbox_arg) { | |||
1134 | seccomp_load(RUN_SECCOMP_MDWX); // install filter | 1129 | seccomp_load(RUN_SECCOMP_MDWX); // install filter |
1135 | seccomp_load(RUN_SECCOMP_MDWX_32); | 1130 | seccomp_load(RUN_SECCOMP_MDWX_32); |
1136 | } | 1131 | } |
1137 | else { | 1132 | |
1138 | int rv = unlink(RUN_SECCOMP_MDWX); | ||
1139 | rv |= unlink(RUN_SECCOMP_MDWX_32); | ||
1140 | (void) rv; | ||
1141 | } | ||
1142 | // make seccomp filters read-only | 1133 | // make seccomp filters read-only |
1143 | fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0); | 1134 | fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0); |
1135 | if (arg_debug) { | ||
1136 | printf("Seccomp directory:\n"); | ||
1137 | int rv = system("ls -l " RUN_SECCOMP_DIR); | ||
1138 | (void) rv; | ||
1139 | printf("Active seccomp files:\n"); | ||
1140 | rv = system("cat " RUN_SECCOMP_LIST); | ||
1141 | (void) rv; | ||
1142 | } | ||
1144 | #endif | 1143 | #endif |
1145 | 1144 | ||
1146 | // set capabilities | 1145 | // set capabilities |