diff options
author | smitsohu <smitsohu@gmail.com> | 2021-03-03 22:31:10 +0100 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2021-03-03 22:49:37 +0100 |
commit | c7bc2e151d8ede16adb1489dc149466b665202d3 (patch) | |
tree | 6c586b3895cd378d1fa5a160b5a1b164add591b9 /src | |
parent | jailtest fix (diff) | |
download | firejail-c7bc2e151d8ede16adb1489dc149466b665202d3.tar.gz firejail-c7bc2e151d8ede16adb1489dc149466b665202d3.tar.zst firejail-c7bc2e151d8ede16adb1489dc149466b665202d3.zip |
sandbox setup: postpone library preloading
for now avoids mixing of traces from sandbox helpers
into application traces
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/sandbox.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 9a4be5cc0..57ea2c477 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -1015,12 +1015,6 @@ int sandbox(void* sandbox_arg) { | |||
1015 | fs_dev_disable_video(); | 1015 | fs_dev_disable_video(); |
1016 | 1016 | ||
1017 | //**************************** | 1017 | //**************************** |
1018 | // install trace | ||
1019 | //**************************** | ||
1020 | if (need_preload) | ||
1021 | fs_trace(); | ||
1022 | |||
1023 | //**************************** | ||
1024 | // set dns | 1018 | // set dns |
1025 | //**************************** | 1019 | //**************************** |
1026 | fs_resolvconf(); | 1020 | fs_resolvconf(); |
@@ -1136,6 +1130,16 @@ int sandbox(void* sandbox_arg) { | |||
1136 | fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0); | 1130 | fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0); |
1137 | seccomp_debug(); | 1131 | seccomp_debug(); |
1138 | 1132 | ||
1133 | //**************************** | ||
1134 | // install trace - still need capabilities | ||
1135 | //**************************** | ||
1136 | if (need_preload) | ||
1137 | fs_trace(); | ||
1138 | |||
1139 | //**************************** | ||
1140 | // continue security filters | ||
1141 | //**************************** | ||
1142 | |||
1139 | // set capabilities | 1143 | // set capabilities |
1140 | set_caps(); | 1144 | set_caps(); |
1141 | 1145 | ||