diff options
-rw-r--r-- | src/firejail/sandbox.c | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 93fe5425a..9abf94a7f 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -1122,11 +1122,6 @@ int sandbox(void* sandbox_arg) { | |||
1122 | seccomp_filter_drop(false); | 1122 | seccomp_filter_drop(false); |
1123 | 1123 | ||
1124 | } | 1124 | } |
1125 | else { // clean seccomp files under /run/firejail/mnt | ||
1126 | int rv = unlink(RUN_SECCOMP_CFG); | ||
1127 | rv |= unlink(RUN_SECCOMP_32); | ||
1128 | (void) rv; | ||
1129 | } | ||
1130 | 1125 | ||
1131 | if (arg_memory_deny_write_execute) { | 1126 | if (arg_memory_deny_write_execute) { |
1132 | if (arg_debug) | 1127 | if (arg_debug) |
@@ -1134,13 +1129,17 @@ int sandbox(void* sandbox_arg) { | |||
1134 | seccomp_load(RUN_SECCOMP_MDWX); // install filter | 1129 | seccomp_load(RUN_SECCOMP_MDWX); // install filter |
1135 | seccomp_load(RUN_SECCOMP_MDWX_32); | 1130 | seccomp_load(RUN_SECCOMP_MDWX_32); |
1136 | } | 1131 | } |
1137 | else { | 1132 | |
1138 | int rv = unlink(RUN_SECCOMP_MDWX); | ||
1139 | rv |= unlink(RUN_SECCOMP_MDWX_32); | ||
1140 | (void) rv; | ||
1141 | } | ||
1142 | // make seccomp filters read-only | 1133 | // make seccomp filters read-only |
1143 | fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0); | 1134 | fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0); |
1135 | if (arg_debug) { | ||
1136 | printf("Seccomp directory:\n"); | ||
1137 | int rv = system("ls -l " RUN_SECCOMP_DIR); | ||
1138 | (void) rv; | ||
1139 | printf("Active seccomp files:\n"); | ||
1140 | rv = system("cat " RUN_SECCOMP_LIST); | ||
1141 | (void) rv; | ||
1142 | } | ||
1144 | #endif | 1143 | #endif |
1145 | 1144 | ||
1146 | // set capabilities | 1145 | // set capabilities |