1 files changed, 9 insertions, 4 deletions

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 472f09355..568549cbf 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -664,10 +664,15 @@ int sandbox(void* sandbox_arg) {
                 if (rv)
                         exit(rv);
         }
+        if (arg_seccomp && (cfg.seccomp_list || cfg.seccomp_list_drop || cfg.seccomp_list_keep))
+                arg_seccomp_postexec = 1;
 #endif
 
+        // need ld.so.preload if tracing or seccomp with any non-default lists
+        bool need_preload = arg_trace || arg_tracelog || arg_seccomp_postexec;
+
         // trace pre-install
-        if (arg_trace || arg_tracelog)
+        if (need_preload)
                 fs_trace_preload();
 
         // store hosts file
@@ -704,7 +709,7 @@ int sandbox(void* sandbox_arg) {
                 //****************************
                 // trace pre-install, this time inside chroot
                 //****************************
-                if (arg_trace || arg_tracelog)
+                if (need_preload)
                         fs_trace_preload();
         }
         else
@@ -767,7 +772,7 @@ int sandbox(void* sandbox_arg) {
                 else {
                         fs_private_dir_list("/etc", RUN_ETC_DIR, cfg.etc_private_keep);
                         // create /etc/ld.so.preload file again
-                        if (arg_trace || arg_tracelog)
+                        if (need_preload)
                                 fs_trace_preload();
                 }
         }
@@ -903,7 +908,7 @@ int sandbox(void* sandbox_arg) {
         //****************************
         // install trace
         //****************************
-        if (arg_trace || arg_tracelog)
+        if (need_preload)
                 fs_trace();
 
         //****************************