aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@protonmail.com>2023-09-12 11:22:44 -0400
committerLibravatar netblue30 <netblue30@protonmail.com>2023-09-12 11:22:44 -0400
commiteb5c97197b699dbb8ba69e798c86e5e97c36e17e (patch)
treed155946a8e12ff95b5f28fcd6cabbd911d75a62b
parentbuild(deps): bump actions/checkout from 3.6.0 to 4.0.0 (diff)
downloadfirejail-eb5c97197b699dbb8ba69e798c86e5e97c36e17e.tar.gz
firejail-eb5c97197b699dbb8ba69e798c86e5e97c36e17e.tar.zst
firejail-eb5c97197b699dbb8ba69e798c86e5e97c36e17e.zip
speed up blacklists
Diffstat
-rw-r--r--etc/inc/disable-devel.inc1
-rw-r--r--src/firejail/fs.c4
-rw-r--r--src/firejail/paths.c18
3 files changed, 23 insertions, 0 deletions
diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc
index c13e449cb..ae64f456e 100644
--- a/etc/inc/disable-devel.inc
+++ b/etc/inc/disable-devel.inc
@@ -25,6 +25,7 @@ blacklist ${PATH}/patchview
25# packaging 25# packaging
26blacklist ${PATH}/dh_* 26blacklist ${PATH}/dh_*
27blacklist ${PATH}/fakeroot* 27blacklist ${PATH}/fakeroot*
28blacklist ${PATH}/lintian
28 29
29# expect 30# expect
30blacklist ${PATH}/autoexpect 31blacklist ${PATH}/autoexpect
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 182f26e53..28fecfb98 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -281,6 +281,8 @@ void fs_blacklist(void) {
281 if (!entry) 281 if (!entry)
282 return; 282 return;
283 283
284 timetrace_start();
285
284 size_t noblacklist_c = 0; 286 size_t noblacklist_c = 0;
285 size_t noblacklist_m = 32; 287 size_t noblacklist_m = 32;
286 char **noblacklist = calloc(noblacklist_m, sizeof(*noblacklist)); 288 char **noblacklist = calloc(noblacklist_m, sizeof(*noblacklist));
@@ -463,6 +465,8 @@ void fs_blacklist(void) {
463 for (i = 0; i < noblacklist_c; i++) 465 for (i = 0; i < noblacklist_c; i++)
464 free(noblacklist[i]); 466 free(noblacklist[i]);
465 free(noblacklist); 467 free(noblacklist);
468
469 fmessage("Base filesystem installed in %0.2f ms\n", timetrace_end());
466} 470}
467 471
468//*********************************************** 472//***********************************************
diff --git a/src/firejail/paths.c b/src/firejail/paths.c
index 6bc6230f0..fea842d93 100644
--- a/src/firejail/paths.c
+++ b/src/firejail/paths.c
@@ -47,6 +47,16 @@ static void init_paths(void) {
47 errExit("calloc"); 47 errExit("calloc");
48 memset(paths, 0, path_cnt * sizeof(char *)); // get rid of false positive error from GCC static analyzer 48 memset(paths, 0, path_cnt * sizeof(char *)); // get rid of false positive error from GCC static analyzer
49 49
50 // lots of distros set /bin as a symlink to /usr/bin;
51 // we remove /bin form the path to speed up path-based operations such as blacklist
52 int bin_symlink = 0;
53 p = realpath("/bin", NULL);
54 if (p) {
55 if (strcmp(p, "/usr/bin") == 0)
56 bin_symlink = 1;
57 }
58 free(p);
59
50 // fill in 'paths' with pointers to elements of 'path' 60 // fill in 'paths' with pointers to elements of 'path'
51 unsigned int i = 0, j; 61 unsigned int i = 0, j;
52 unsigned int len; 62 unsigned int len;
@@ -62,6 +72,14 @@ static void init_paths(void) {
62 if (len == 0) 72 if (len == 0)
63 goto skip; 73 goto skip;
64 74
75 //deal with /bin - /usr/bin symlink
76 if (bin_symlink > 0) {
77 if (strcmp(elt, "/bin") == 0 || strcmp(elt, "/usr/bin") == 0)
78 bin_symlink++;
79 if (bin_symlink == 3)
80 goto skip;
81 }
82
65 // filter out duplicate entries 83 // filter out duplicate entries
66 for (j = 0; j < i; j++) 84 for (j = 0; j < i; j++)
67 if (strcmp(elt, paths[j]) == 0) 85 if (strcmp(elt, paths[j]) == 0)
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-01 06:18:53 +0000