diff options
| author |  netblue30 <netblue30@yahoo.com> | 2015-12-02 08:41:44 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2015-12-02 08:41:44 -0500 |
| commit | 0d4468b45514b01d46a8b05f8838e62a113b3faa (patch) | |
| tree | ec91006de29dc4da0d113090930811183f1c7ade /src | |
| parent | libtrace enhancements (diff) | |
| download | firejail-0d4468b45514b01d46a8b05f8838e62a113b3faa.tar.gz firejail-0d4468b45514b01d46a8b05f8838e62a113b3faa.tar.zst firejail-0d4468b45514b01d46a8b05f8838e62a113b3faa.zip | |
profile speedup
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/sandbox.c | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 5ae43dbd1..af035fe90 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -265,12 +265,19 @@ int sandbox(void* sandbox_arg) { | |||
| 265 | } | 265 | } |
| 266 | 266 | ||
| 267 | //**************************** | 267 | //**************************** |
| 268 | // mount namespace | 268 | // mount namespace and log filesystem type |
| 269 | //**************************** | 269 | //**************************** |
| 270 | // mount events are not forwarded between the host the sandbox | 270 | // mount events are not forwarded between the host the sandbox |
| 271 | if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { | 271 | if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { |
| 272 | chk_chroot(); | 272 | chk_chroot(); |
| 273 | } | 273 | } |
| 274 | // log filesystem type | ||
| 275 | if (cfg.chrootdir) | ||
| 276 | fs_logger("chroot filesystem"); | ||
| 277 | else if (arg_overlay) | ||
| 278 | fs_logger("overlay filesystem"); | ||
| 279 | else | ||
| 280 | fs_logger("local filesystem"); | ||
| 274 | fs_logger("install mount namespace"); | 281 | fs_logger("install mount namespace"); |
| 275 | 282 | ||
| 276 | //**************************** | 283 | //**************************** |
| @@ -297,7 +304,6 @@ int sandbox(void* sandbox_arg) { | |||
| 297 | //**************************** | 304 | //**************************** |
| 298 | // configure filesystem | 305 | // configure filesystem |
| 299 | //**************************** | 306 | //**************************** |
| 300 | |||
| 301 | #ifdef HAVE_CHROOT | 307 | #ifdef HAVE_CHROOT |
| 302 | if (cfg.chrootdir) { | 308 | if (cfg.chrootdir) { |
| 303 | fs_chroot(cfg.chrootdir); | 309 | fs_chroot(cfg.chrootdir); |
| @@ -354,17 +360,6 @@ int sandbox(void* sandbox_arg) { | |||
| 354 | } | 360 | } |
| 355 | 361 | ||
| 356 | //**************************** | 362 | //**************************** |
| 357 | // apply the profile file | ||
| 358 | //**************************** | ||
| 359 | if (cfg.profile) { | ||
| 360 | // apply all whitelist commands ... | ||
| 361 | fs_whitelist(); | ||
| 362 | |||
| 363 | // ... followed by blacklist commands | ||
| 364 | fs_blacklist(); | ||
| 365 | } | ||
| 366 | |||
| 367 | //**************************** | ||
| 368 | // private mode | 363 | // private mode |
| 369 | //**************************** | 364 | //**************************** |
| 370 | if (arg_private) { | 365 | if (arg_private) { |
| @@ -384,6 +379,17 @@ int sandbox(void* sandbox_arg) { | |||
| 384 | fs_private_bin_list(); | 379 | fs_private_bin_list(); |
| 385 | 380 | ||
| 386 | //**************************** | 381 | //**************************** |
| 382 | // apply the profile file | ||
| 383 | //**************************** | ||
| 384 | if (cfg.profile) { | ||
| 385 | // apply all whitelist commands ... | ||
| 386 | fs_whitelist(); | ||
| 387 | |||
| 388 | // ... followed by blacklist commands | ||
| 389 | fs_blacklist(); | ||
| 390 | } | ||
| 391 | |||
| 392 | //**************************** | ||
| 387 | // install trace | 393 | // install trace |
| 388 | //**************************** | 394 | //**************************** |
| 389 | if (arg_trace) | 395 | if (arg_trace) |