1 files changed, 4 insertions, 5 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index a4c038897..b6e0468c6 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -786,14 +786,13 @@ int sandbox(void* sandbox_arg) {
 #else
        bool always_enforce_filters = false;
 #endif
-        // need ld.so.preload if tracing or seccomp with any non-default lists
-        bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
        // for --appimage, --chroot and --overlay* we force NO_NEW_PRIVS
        // and drop all capabilities
-        if (getuid() != 0 && (arg_appimage || cfg.chrootdir || arg_overlay || always_enforce_filters)) {
+        if (getuid() != 0 && (arg_appimage || cfg.chrootdir || arg_overlay || always_enforce_filters))
                enforce_filters();
-                need_preload = arg_trace || arg_tracelog;
-        }
+        // need ld.so.preload if tracing or seccomp with any non-default lists
+        bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
        // trace pre-install
        if (need_preload)

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index a4c038897..b6e0468c6 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -786,14 +786,13 @@ int sandbox(void* sandbox_arg) {
786	#else	786	#else
787	bool always_enforce_filters = false;	787	bool always_enforce_filters = false;
788	#endif	788	#endif
789	// need ld.so.preload if tracing or seccomp with any non-default lists
790	bool need_preload = arg_trace \|\| arg_tracelog \|\| arg_seccomp_postexec;
791	// for --appimage, --chroot and --overlay* we force NO_NEW_PRIVS	789	// for --appimage, --chroot and --overlay* we force NO_NEW_PRIVS
792	// and drop all capabilities	790	// and drop all capabilities
793	if (getuid() != 0 && (arg_appimage \|\| cfg.chrootdir \|\| arg_overlay \|\| always_enforce_filters)) {	791	if (getuid() != 0 && (arg_appimage \|\| cfg.chrootdir \|\| arg_overlay \|\| always_enforce_filters))
794	enforce_filters();	792	enforce_filters();
795	need_preload = arg_trace \|\| arg_tracelog;	793
796	}	794	// need ld.so.preload if tracing or seccomp with any non-default lists
		795	bool need_preload = arg_trace \|\| arg_tracelog \|\| arg_seccomp_postexec;
797		796
798	// trace pre-install	797	// trace pre-install
799	if (need_preload)	798	if (need_preload)