diff options
-rw-r--r-- | src/firejail/sandbox.c | 40 |
1 files changed, 14 insertions, 26 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 2314d5744..df33319f6 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -140,6 +140,20 @@ void set_apparmor(void) { | |||
140 | } | 140 | } |
141 | #endif | 141 | #endif |
142 | 142 | ||
143 | #ifdef HAVE_SECCOMP | ||
144 | void seccomp_debug(void) { | ||
145 | if (arg_debug == 0) | ||
146 | return; | ||
147 | |||
148 | EUID_USER(); | ||
149 | printf("Seccomp directory:\n"); | ||
150 | ls(RUN_SECCOMP_DIR); | ||
151 | printf("Active seccomp files:\n"); | ||
152 | cat(RUN_SECCOMP_LIST); | ||
153 | EUID_ROOT(); | ||
154 | } | ||
155 | #endif | ||
156 | |||
143 | static void save_nogroups(void) { | 157 | static void save_nogroups(void) { |
144 | if (arg_nogroups == 0) | 158 | if (arg_nogroups == 0) |
145 | return; | 159 | return; |
@@ -197,32 +211,6 @@ static FILE *create_ready_for_join_file(void) { | |||
197 | } | 211 | } |
198 | } | 212 | } |
199 | 213 | ||
200 | #ifdef HAVE_SECCOMP | ||
201 | static void seccomp_debug(void) { | ||
202 | if (arg_debug == 0) | ||
203 | return; | ||
204 | |||
205 | pid_t child = fork(); | ||
206 | if (child < 0) | ||
207 | errExit("fork"); | ||
208 | if (child == 0) { | ||
209 | // dropping privs before calling system(3) | ||
210 | drop_privs(1); | ||
211 | printf("Seccomp directory:\n"); | ||
212 | int rv = system("ls -l " RUN_SECCOMP_DIR); | ||
213 | (void) rv; | ||
214 | printf("Active seccomp files:\n"); | ||
215 | rv = system("cat " RUN_SECCOMP_LIST); | ||
216 | (void) rv; | ||
217 | #ifdef HAVE_GCOV | ||
218 | __gcov_flush(); | ||
219 | #endif | ||
220 | _exit(0); | ||
221 | } | ||
222 | waitpid(child, NULL, 0); | ||
223 | } | ||
224 | #endif | ||
225 | |||
226 | static void sandbox_if_up(Bridge *br) { | 214 | static void sandbox_if_up(Bridge *br) { |
227 | assert(br); | 215 | assert(br); |
228 | if (!br->configured) | 216 | if (!br->configured) |