diff options
author | netblue30 <netblue30@protonmail.com> | 2023-09-12 11:22:44 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-09-12 11:22:44 -0400 |
commit | eb5c97197b699dbb8ba69e798c86e5e97c36e17e (patch) | |
tree | d155946a8e12ff95b5f28fcd6cabbd911d75a62b /src | |
parent | build(deps): bump actions/checkout from 3.6.0 to 4.0.0 (diff) | |
download | firejail-eb5c97197b699dbb8ba69e798c86e5e97c36e17e.tar.gz firejail-eb5c97197b699dbb8ba69e798c86e5e97c36e17e.tar.zst firejail-eb5c97197b699dbb8ba69e798c86e5e97c36e17e.zip |
speed up blacklists
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/fs.c | 4 | ||||
-rw-r--r-- | src/firejail/paths.c | 18 |
2 files changed, 22 insertions, 0 deletions
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 182f26e53..28fecfb98 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -281,6 +281,8 @@ void fs_blacklist(void) { | |||
281 | if (!entry) | 281 | if (!entry) |
282 | return; | 282 | return; |
283 | 283 | ||
284 | timetrace_start(); | ||
285 | |||
284 | size_t noblacklist_c = 0; | 286 | size_t noblacklist_c = 0; |
285 | size_t noblacklist_m = 32; | 287 | size_t noblacklist_m = 32; |
286 | char **noblacklist = calloc(noblacklist_m, sizeof(*noblacklist)); | 288 | char **noblacklist = calloc(noblacklist_m, sizeof(*noblacklist)); |
@@ -463,6 +465,8 @@ void fs_blacklist(void) { | |||
463 | for (i = 0; i < noblacklist_c; i++) | 465 | for (i = 0; i < noblacklist_c; i++) |
464 | free(noblacklist[i]); | 466 | free(noblacklist[i]); |
465 | free(noblacklist); | 467 | free(noblacklist); |
468 | |||
469 | fmessage("Base filesystem installed in %0.2f ms\n", timetrace_end()); | ||
466 | } | 470 | } |
467 | 471 | ||
468 | //*********************************************** | 472 | //*********************************************** |
diff --git a/src/firejail/paths.c b/src/firejail/paths.c index 6bc6230f0..fea842d93 100644 --- a/src/firejail/paths.c +++ b/src/firejail/paths.c | |||
@@ -47,6 +47,16 @@ static void init_paths(void) { | |||
47 | errExit("calloc"); | 47 | errExit("calloc"); |
48 | memset(paths, 0, path_cnt * sizeof(char *)); // get rid of false positive error from GCC static analyzer | 48 | memset(paths, 0, path_cnt * sizeof(char *)); // get rid of false positive error from GCC static analyzer |
49 | 49 | ||
50 | // lots of distros set /bin as a symlink to /usr/bin; | ||
51 | // we remove /bin form the path to speed up path-based operations such as blacklist | ||
52 | int bin_symlink = 0; | ||
53 | p = realpath("/bin", NULL); | ||
54 | if (p) { | ||
55 | if (strcmp(p, "/usr/bin") == 0) | ||
56 | bin_symlink = 1; | ||
57 | } | ||
58 | free(p); | ||
59 | |||
50 | // fill in 'paths' with pointers to elements of 'path' | 60 | // fill in 'paths' with pointers to elements of 'path' |
51 | unsigned int i = 0, j; | 61 | unsigned int i = 0, j; |
52 | unsigned int len; | 62 | unsigned int len; |
@@ -62,6 +72,14 @@ static void init_paths(void) { | |||
62 | if (len == 0) | 72 | if (len == 0) |
63 | goto skip; | 73 | goto skip; |
64 | 74 | ||
75 | //deal with /bin - /usr/bin symlink | ||
76 | if (bin_symlink > 0) { | ||
77 | if (strcmp(elt, "/bin") == 0 || strcmp(elt, "/usr/bin") == 0) | ||
78 | bin_symlink++; | ||
79 | if (bin_symlink == 3) | ||
80 | goto skip; | ||
81 | } | ||
82 | |||
65 | // filter out duplicate entries | 83 | // filter out duplicate entries |
66 | for (j = 0; j < i; j++) | 84 | for (j = 0; j < i; j++) |
67 | if (strcmp(elt, paths[j]) == 0) | 85 | if (strcmp(elt, paths[j]) == 0) |