diff options
author | netblue30 <netblue30@protonmail.com> | 2023-12-22 10:09:39 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2023-12-22 10:09:39 -0500 |
commit | eee5b4243a5f26fc9643213be1b67ca5a7261953 (patch) | |
tree | 611f77cfdd2e2f043b2a60b35c42c3a8827e1324 /src | |
parent | merges (diff) | |
download | firejail-eee5b4243a5f26fc9643213be1b67ca5a7261953.tar.gz firejail-eee5b4243a5f26fc9643213be1b67ca5a7261953.tar.zst firejail-eee5b4243a5f26fc9643213be1b67ca5a7261953.zip |
landlock: small fixes
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/landlock.c | 8 | ||||
-rw-r--r-- | src/man/firejail.1.in | 4 |
2 files changed, 6 insertions, 6 deletions
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index 11de2e297..a5fd55232 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c | |||
@@ -206,6 +206,8 @@ int ll_restrict(uint32_t flags) { | |||
206 | if (!ll_is_supported()) | 206 | if (!ll_is_supported()) |
207 | return 0; | 207 | return 0; |
208 | 208 | ||
209 | timetrace_start(); | ||
210 | |||
209 | if (arg_debug) | 211 | if (arg_debug) |
210 | fprintf(stderr, "%s: Starting Landlock restrict\n", __func__); | 212 | fprintf(stderr, "%s: Starting Landlock restrict\n", __func__); |
211 | 213 | ||
@@ -218,7 +220,9 @@ int ll_restrict(uint32_t flags) { | |||
218 | }; | 220 | }; |
219 | 221 | ||
220 | LandlockEntry *ptr = cfg.lprofile; | 222 | LandlockEntry *ptr = cfg.lprofile; |
223 | int rules = 0; | ||
221 | while (ptr) { | 224 | while (ptr) { |
225 | rules++; | ||
222 | fnc[ptr->type](ptr->data); | 226 | fnc[ptr->type](ptr->data); |
223 | ptr = ptr->next; | 227 | ptr = ptr->next; |
224 | } | 228 | } |
@@ -239,8 +243,8 @@ int ll_restrict(uint32_t flags) { | |||
239 | __func__, strerror(errno)); | 243 | __func__, strerror(errno)); |
240 | goto out; | 244 | goto out; |
241 | } | 245 | } |
242 | if (arg_debug) | 246 | fmessage("%d Landlock rules initialized in %0.2f ms\n", rules, timetrace_end()); |
243 | fprintf(stderr, "%s: Enforcing Landlock\n", __func__); | 247 | |
244 | out: | 248 | out: |
245 | close(ll_ruleset_fd); | 249 | close(ll_ruleset_fd); |
246 | return error; | 250 | return error; |
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index c63cf350d..9761edb76 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in | |||
@@ -1247,12 +1247,8 @@ $ firejail --keep-var-tmp | |||
1247 | .TP | 1247 | .TP |
1248 | \fB\-\-landlock.enforce | 1248 | \fB\-\-landlock.enforce |
1249 | Enforce the Landlock ruleset. | 1249 | Enforce the Landlock ruleset. |
1250 | .PP | ||
1251 | Without it, the other Landlock commands have no effect. | 1250 | Without it, the other Landlock commands have no effect. |
1252 | .PP | ||
1253 | .RS | ||
1254 | See the \fBLANDLOCK\fR section for more information. | 1251 | See the \fBLANDLOCK\fR section for more information. |
1255 | .RE | ||
1256 | .TP | 1252 | .TP |
1257 | \fB\-\-landlock.read=path | 1253 | \fB\-\-landlock.read=path |
1258 | Create a Landlock ruleset (if it doesn't already exist) and add a read access | 1254 | Create a Landlock ruleset (if it doesn't already exist) and add a read access |