bug: print whitelist seccomp filter for --debug option

author: netblue30 <netblue30@yahoo.com> 2017-05-31 15:26:13 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-05-31 15:26:13 -0400
commit: ca98f1488a3d01df23c5415b1480b4e2df131e83 (patch)
tree: 5eb5ab0ee0229e4f0aec741140a7fcaf73fcb97a
parent: profile merges (diff)
download: firejail-ca98f1488a3d01df23c5415b1480b4e2df131e83.tar.gz
firejail-ca98f1488a3d01df23c5415b1480b4e2df131e83.tar.zst
firejail-ca98f1488a3d01df23c5415b1480b4e2df131e83.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c
index 72a5874f8..15379215c 100644
--- a/src/firejail/seccomp.c
+++ b/src/firejail/seccomp.c
@@ -68,7 +68,7 @@ int seccomp_load(const char *fname) {
                goto errexit;
        unsigned short entries = (unsigned short) size / (unsigned short) sizeof(struct sock_filter);
        if (arg_debug)
-                printf("reading %d seccomp entries from %s\n", entries, fname);
+                printf("configuring %d seccomp entries from %s\n", entries, fname);
        // read filter
        struct sock_filter *filter = malloc(size);
@@ -205,6 +205,8 @@ int seccomp_filter_keep(void) {
                printf("seccomp filter configured\n");
+        if (arg_debug && access(PATH_FSECCOMP, X_OK) == 0)
+                sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, PATH_FSECCOMP, "print", RUN_SECCOMP_CFG);
        return seccomp_load(RUN_SECCOMP_CFG);
 }
author	netblue30 <netblue30@yahoo.com>	2017-05-31 15:26:13 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-05-31 15:26:13 -0400
commit	ca98f1488a3d01df23c5415b1480b4e2df131e83 (patch)
tree	5eb5ab0ee0229e4f0aec741140a7fcaf73fcb97a
parent	profile merges (diff)
download	firejail-ca98f1488a3d01df23c5415b1480b4e2df131e83.tar.gz firejail-ca98f1488a3d01df23c5415b1480b4e2df131e83.tar.zst firejail-ca98f1488a3d01df23c5415b1480b4e2df131e83.zip