diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-03-03 22:31:10 +0100 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-03-03 22:49:37 +0100 |
| commit | c7bc2e151d8ede16adb1489dc149466b665202d3 (patch) | |
| tree | 6c586b3895cd378d1fa5a160b5a1b164add591b9 /src/firejail/sandbox.c | |
| parent | jailtest fix (diff) | |
| download | firejail-c7bc2e151d8ede16adb1489dc149466b665202d3.tar.gz firejail-c7bc2e151d8ede16adb1489dc149466b665202d3.tar.zst firejail-c7bc2e151d8ede16adb1489dc149466b665202d3.zip | |
sandbox setup: postpone library preloading
for now avoids mixing of traces from sandbox helpers
into application traces
Diffstat (limited to 'src/firejail/sandbox.c')
| -rw-r--r-- | src/firejail/sandbox.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 9a4be5cc0..57ea2c477 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -1015,12 +1015,6 @@ int sandbox(void* sandbox_arg) { | |||
| 1015 | fs_dev_disable_video(); | 1015 | fs_dev_disable_video(); |
| 1016 | 1016 | ||
| 1017 | //**************************** | 1017 | //**************************** |
| 1018 | // install trace | ||
| 1019 | //**************************** | ||
| 1020 | if (need_preload) | ||
| 1021 | fs_trace(); | ||
| 1022 | |||
| 1023 | //**************************** | ||
| 1024 | // set dns | 1018 | // set dns |
| 1025 | //**************************** | 1019 | //**************************** |
| 1026 | fs_resolvconf(); | 1020 | fs_resolvconf(); |
| @@ -1136,6 +1130,16 @@ int sandbox(void* sandbox_arg) { | |||
| 1136 | fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0); | 1130 | fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0); |
| 1137 | seccomp_debug(); | 1131 | seccomp_debug(); |
| 1138 | 1132 | ||
| 1133 | //**************************** | ||
| 1134 | // install trace - still need capabilities | ||
| 1135 | //**************************** | ||
| 1136 | if (need_preload) | ||
| 1137 | fs_trace(); | ||
| 1138 | |||
| 1139 | //**************************** | ||
| 1140 | // continue security filters | ||
| 1141 | //**************************** | ||
| 1142 | |||
| 1139 | // set capabilities | 1143 | // set capabilities |
| 1140 | set_caps(); | 1144 | set_caps(); |
| 1141 | 1145 | ||