diff options
| author |  netblue30 <netblue30@protonmail.com> | 2023-12-22 10:09:39 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2023-12-22 10:09:39 -0500 |
| commit | eee5b4243a5f26fc9643213be1b67ca5a7261953 (patch) | |
| tree | 611f77cfdd2e2f043b2a60b35c42c3a8827e1324 /src | |
| parent | merges (diff) | |
| download | firejail-eee5b4243a5f26fc9643213be1b67ca5a7261953.tar.gz firejail-eee5b4243a5f26fc9643213be1b67ca5a7261953.tar.zst firejail-eee5b4243a5f26fc9643213be1b67ca5a7261953.zip | |
landlock: small fixes
Diffstat (limited to 'src')
| -rw-r--r-- | src/firejail/landlock.c | 8 | ||||
| -rw-r--r-- | src/man/firejail.1.in | 4 |
2 files changed, 6 insertions, 6 deletions
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index 11de2e297..a5fd55232 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c | |||
| @@ -206,6 +206,8 @@ int ll_restrict(uint32_t flags) { | |||
| 206 | if (!ll_is_supported()) | 206 | if (!ll_is_supported()) |
| 207 | return 0; | 207 | return 0; |
| 208 | 208 | ||
| 209 | timetrace_start(); | ||
| 210 | |||
| 209 | if (arg_debug) | 211 | if (arg_debug) |
| 210 | fprintf(stderr, "%s: Starting Landlock restrict\n", __func__); | 212 | fprintf(stderr, "%s: Starting Landlock restrict\n", __func__); |
| 211 | 213 | ||
| @@ -218,7 +220,9 @@ int ll_restrict(uint32_t flags) { | |||
| 218 | }; | 220 | }; |
| 219 | 221 | ||
| 220 | LandlockEntry *ptr = cfg.lprofile; | 222 | LandlockEntry *ptr = cfg.lprofile; |
| 223 | int rules = 0; | ||
| 221 | while (ptr) { | 224 | while (ptr) { |
| 225 | rules++; | ||
| 222 | fnc[ptr->type](ptr->data); | 226 | fnc[ptr->type](ptr->data); |
| 223 | ptr = ptr->next; | 227 | ptr = ptr->next; |
| 224 | } | 228 | } |
| @@ -239,8 +243,8 @@ int ll_restrict(uint32_t flags) { | |||
| 239 | __func__, strerror(errno)); | 243 | __func__, strerror(errno)); |
| 240 | goto out; | 244 | goto out; |
| 241 | } | 245 | } |
| 242 | if (arg_debug) | 246 | fmessage("%d Landlock rules initialized in %0.2f ms\n", rules, timetrace_end()); |
| 243 | fprintf(stderr, "%s: Enforcing Landlock\n", __func__); | 247 | |
| 244 | out: | 248 | out: |
| 245 | close(ll_ruleset_fd); | 249 | close(ll_ruleset_fd); |
| 246 | return error; | 250 | return error; |
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index c63cf350d..9761edb76 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in | |||
| @@ -1247,12 +1247,8 @@ $ firejail --keep-var-tmp | |||
| 1247 | .TP | 1247 | .TP |
| 1248 | \fB\-\-landlock.enforce | 1248 | \fB\-\-landlock.enforce |
| 1249 | Enforce the Landlock ruleset. | 1249 | Enforce the Landlock ruleset. |
| 1250 | .PP | ||
| 1251 | Without it, the other Landlock commands have no effect. | 1250 | Without it, the other Landlock commands have no effect. |
| 1252 | .PP | ||
| 1253 | .RS | ||
| 1254 | See the \fBLANDLOCK\fR section for more information. | 1251 | See the \fBLANDLOCK\fR section for more information. |
| 1255 | .RE | ||
| 1256 | .TP | 1252 | .TP |
| 1257 | \fB\-\-landlock.read=path | 1253 | \fB\-\-landlock.read=path |
| 1258 | Create a Landlock ruleset (if it doesn't already exist) and add a read access | 1254 | Create a Landlock ruleset (if it doesn't already exist) and add a read access |