diff options
-rw-r--r-- | src/firejail/sandbox.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index a4c038897..b6e0468c6 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -786,14 +786,13 @@ int sandbox(void* sandbox_arg) { | |||
786 | #else | 786 | #else |
787 | bool always_enforce_filters = false; | 787 | bool always_enforce_filters = false; |
788 | #endif | 788 | #endif |
789 | // need ld.so.preload if tracing or seccomp with any non-default lists | ||
790 | bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec; | ||
791 | // for --appimage, --chroot and --overlay* we force NO_NEW_PRIVS | 789 | // for --appimage, --chroot and --overlay* we force NO_NEW_PRIVS |
792 | // and drop all capabilities | 790 | // and drop all capabilities |
793 | if (getuid() != 0 && (arg_appimage || cfg.chrootdir || arg_overlay || always_enforce_filters)) { | 791 | if (getuid() != 0 && (arg_appimage || cfg.chrootdir || arg_overlay || always_enforce_filters)) |
794 | enforce_filters(); | 792 | enforce_filters(); |
795 | need_preload = arg_trace || arg_tracelog; | 793 | |
796 | } | 794 | // need ld.so.preload if tracing or seccomp with any non-default lists |
795 | bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec; | ||
797 | 796 | ||
798 | // trace pre-install | 797 | // trace pre-install |
799 | if (need_preload) | 798 | if (need_preload) |