1 files changed, 9 insertions, 10 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 93fe5425a..9abf94a7f 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -1122,11 +1122,6 @@ int sandbox(void* sandbox_arg) {
                        seccomp_filter_drop(false);
        }
-        else { // clean seccomp files under /run/firejail/mnt
-                int rv = unlink(RUN_SECCOMP_CFG);
-                rv |= unlink(RUN_SECCOMP_32);
-                (void) rv;
-        }
        if (arg_memory_deny_write_execute) {
                if (arg_debug)
@@ -1134,13 +1129,17 @@ int sandbox(void* sandbox_arg) {
                seccomp_load(RUN_SECCOMP_MDWX); // install filter
                seccomp_load(RUN_SECCOMP_MDWX_32);
        }
-        else {
-                int rv = unlink(RUN_SECCOMP_MDWX);
-                rv |= unlink(RUN_SECCOMP_MDWX_32);
-                (void) rv;
-        }
        // make seccomp filters read-only
        fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0);
+        if (arg_debug) {
+                printf("Seccomp directory:\n");
+                int rv = system("ls -l "  RUN_SECCOMP_DIR);
+                (void) rv;
+                printf("Active seccomp files:\n");
+                rv = system("cat " RUN_SECCOMP_LIST);
+                (void) rv;
+        }
 #endif
        // set capabilities

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 93fe5425a..9abf94a7f 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c
@@ -1122,11 +1122,6 @@ int sandbox(void* sandbox_arg) {
1122	seccomp_filter_drop(false);	1122	seccomp_filter_drop(false);
1123		1123
1124	}	1124	}
1125	else { // clean seccomp files under /run/firejail/mnt
1126	int rv = unlink(RUN_SECCOMP_CFG);
1127	rv \|= unlink(RUN_SECCOMP_32);
1128	(void) rv;
1129	}
1130		1125
1131	if (arg_memory_deny_write_execute) {	1126	if (arg_memory_deny_write_execute) {
1132	if (arg_debug)	1127	if (arg_debug)
@@ -1134,13 +1129,17 @@ int sandbox(void* sandbox_arg) {
1134	seccomp_load(RUN_SECCOMP_MDWX); // install filter	1129	seccomp_load(RUN_SECCOMP_MDWX); // install filter
1135	seccomp_load(RUN_SECCOMP_MDWX_32);	1130	seccomp_load(RUN_SECCOMP_MDWX_32);
1136	}	1131	}
1137	else {	1132
1138	int rv = unlink(RUN_SECCOMP_MDWX);
1139	rv \|= unlink(RUN_SECCOMP_MDWX_32);
1140	(void) rv;
1141	}
1142	// make seccomp filters read-only	1133	// make seccomp filters read-only
1143	fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0);	1134	fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0);
		1135	if (arg_debug) {
		1136	printf("Seccomp directory:\n");
		1137	int rv = system("ls -l " RUN_SECCOMP_DIR);
		1138	(void) rv;
		1139	printf("Active seccomp files:\n");
		1140	rv = system("cat " RUN_SECCOMP_LIST);
		1141	(void) rv;
		1142	}
1144	#endif	1143	#endif
1145		1144
1146	// set capabilities	1145	// set capabilities