diff options
author | netblue30 <netblue30@yahoo.com> | 2015-12-02 08:41:44 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-12-02 08:41:44 -0500 |
commit | 0d4468b45514b01d46a8b05f8838e62a113b3faa (patch) | |
tree | ec91006de29dc4da0d113090930811183f1c7ade | |
parent | libtrace enhancements (diff) | |
download | firejail-0d4468b45514b01d46a8b05f8838e62a113b3faa.tar.gz firejail-0d4468b45514b01d46a8b05f8838e62a113b3faa.tar.zst firejail-0d4468b45514b01d46a8b05f8838e62a113b3faa.zip |
profile speedup
-rw-r--r-- | src/firejail/sandbox.c | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 5ae43dbd1..af035fe90 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -265,12 +265,19 @@ int sandbox(void* sandbox_arg) { | |||
265 | } | 265 | } |
266 | 266 | ||
267 | //**************************** | 267 | //**************************** |
268 | // mount namespace | 268 | // mount namespace and log filesystem type |
269 | //**************************** | 269 | //**************************** |
270 | // mount events are not forwarded between the host the sandbox | 270 | // mount events are not forwarded between the host the sandbox |
271 | if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { | 271 | if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { |
272 | chk_chroot(); | 272 | chk_chroot(); |
273 | } | 273 | } |
274 | // log filesystem type | ||
275 | if (cfg.chrootdir) | ||
276 | fs_logger("chroot filesystem"); | ||
277 | else if (arg_overlay) | ||
278 | fs_logger("overlay filesystem"); | ||
279 | else | ||
280 | fs_logger("local filesystem"); | ||
274 | fs_logger("install mount namespace"); | 281 | fs_logger("install mount namespace"); |
275 | 282 | ||
276 | //**************************** | 283 | //**************************** |
@@ -297,7 +304,6 @@ int sandbox(void* sandbox_arg) { | |||
297 | //**************************** | 304 | //**************************** |
298 | // configure filesystem | 305 | // configure filesystem |
299 | //**************************** | 306 | //**************************** |
300 | |||
301 | #ifdef HAVE_CHROOT | 307 | #ifdef HAVE_CHROOT |
302 | if (cfg.chrootdir) { | 308 | if (cfg.chrootdir) { |
303 | fs_chroot(cfg.chrootdir); | 309 | fs_chroot(cfg.chrootdir); |
@@ -354,17 +360,6 @@ int sandbox(void* sandbox_arg) { | |||
354 | } | 360 | } |
355 | 361 | ||
356 | //**************************** | 362 | //**************************** |
357 | // apply the profile file | ||
358 | //**************************** | ||
359 | if (cfg.profile) { | ||
360 | // apply all whitelist commands ... | ||
361 | fs_whitelist(); | ||
362 | |||
363 | // ... followed by blacklist commands | ||
364 | fs_blacklist(); | ||
365 | } | ||
366 | |||
367 | //**************************** | ||
368 | // private mode | 363 | // private mode |
369 | //**************************** | 364 | //**************************** |
370 | if (arg_private) { | 365 | if (arg_private) { |
@@ -384,6 +379,17 @@ int sandbox(void* sandbox_arg) { | |||
384 | fs_private_bin_list(); | 379 | fs_private_bin_list(); |
385 | 380 | ||
386 | //**************************** | 381 | //**************************** |
382 | // apply the profile file | ||
383 | //**************************** | ||
384 | if (cfg.profile) { | ||
385 | // apply all whitelist commands ... | ||
386 | fs_whitelist(); | ||
387 | |||
388 | // ... followed by blacklist commands | ||
389 | fs_blacklist(); | ||
390 | } | ||
391 | |||
392 | //**************************** | ||
387 | // install trace | 393 | // install trace |
388 | //**************************** | 394 | //**************************** |
389 | if (arg_trace) | 395 | if (arg_trace) |