diff options
author | netblue30 <netblue30@yahoo.com> | 2017-05-31 15:26:13 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-05-31 15:26:13 -0400 |
commit | ca98f1488a3d01df23c5415b1480b4e2df131e83 (patch) | |
tree | 5eb5ab0ee0229e4f0aec741140a7fcaf73fcb97a | |
parent | profile merges (diff) | |
download | firejail-ca98f1488a3d01df23c5415b1480b4e2df131e83.tar.gz firejail-ca98f1488a3d01df23c5415b1480b4e2df131e83.tar.zst firejail-ca98f1488a3d01df23c5415b1480b4e2df131e83.zip |
bug: print whitelist seccomp filter for --debug option
-rw-r--r-- | src/firejail/seccomp.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index 72a5874f8..15379215c 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -68,7 +68,7 @@ int seccomp_load(const char *fname) { | |||
68 | goto errexit; | 68 | goto errexit; |
69 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); | 69 | unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter); |
70 | if (arg_debug) | 70 | if (arg_debug) |
71 | printf("reading %d seccomp entries from %s\n", entries, fname); | 71 | printf("configuring %d seccomp entries from %s\n", entries, fname); |
72 | 72 | ||
73 | // read filter | 73 | // read filter |
74 | struct sock_filter *filter = malloc(size); | 74 | struct sock_filter *filter = malloc(size); |
@@ -205,6 +205,8 @@ int seccomp_filter_keep(void) { | |||
205 | printf("seccomp filter configured\n"); | 205 | printf("seccomp filter configured\n"); |
206 | 206 | ||
207 | 207 | ||
208 | if (arg_debug && access(PATH_FSECCOMP, X_OK) == 0) | ||
209 | sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, PATH_FSECCOMP, "print", RUN_SECCOMP_CFG); | ||
208 | return seccomp_load(RUN_SECCOMP_CFG); | 210 | return seccomp_load(RUN_SECCOMP_CFG); |
209 | } | 211 | } |
210 | 212 | ||