prevent trace from interfering with sandbox setup

2 files changed, 6 insertions, 8 deletions

diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c
index a7af4b127..a2dea0339 100644
--- a/src/firejail/preproc.c
+++ b/src/firejail/preproc.c
@@ -85,6 +85,10 @@ void preproc_mount_mnt_dir(void) {
                 tmpfs_mounted = 1;
                 fs_logger2("tmpfs", RUN_MNT_DIR);
 
+                // open and mount trace file while there are no user-writable files in RUN_MNT_DIR
+                if (arg_tracefile)
+                        fs_tracefile();
+
 #ifdef HAVE_SECCOMP
                 create_empty_dir_as_root(RUN_SECCOMP_DIR, 0755);
 
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 51c531159..288726d22 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -800,11 +800,8 @@ int sandbox(void* sandbox_arg) {
         }
 
         // trace pre-install
-        if (need_preload) {
+        if (need_preload)
                 fs_trace_preload();
-                if (arg_tracefile && !cfg.chrootdir)
-                        fs_tracefile();
-        }
 
         // store hosts file
         if (cfg.hosts_file)
@@ -820,11 +817,8 @@ int sandbox(void* sandbox_arg) {
                 //****************************
                 // trace pre-install, this time inside chroot
                 //****************************
-                if (need_preload) {
+                if (need_preload)
                         fs_trace_preload();
-                        if (arg_tracefile)
-                                fs_tracefile();
-                }
         }
         else
 #endif