Merge pull request #4041 from smitsohu/trace

sandbox setup: postpone library preloading

1 files changed, 10 insertions, 6 deletions

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 88490033d..36a54d6fe 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -1029,12 +1029,6 @@ int sandbox(void* sandbox_arg) {
                 fs_dev_disable_video();
 
         //****************************
-        // install trace
-        //****************************
-        if (need_preload)
-                fs_trace();
-
-        //****************************
         // set dns
         //****************************
         fs_resolvconf();
@@ -1150,6 +1144,16 @@ int sandbox(void* sandbox_arg) {
         fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0);
         seccomp_debug();
 
+        //****************************
+        // install trace - still need capabilities
+        //****************************
+        if (need_preload)
+                fs_trace();
+
+        //****************************
+        // continue security filters
+        //****************************
+
         // set capabilities
         set_caps();