diff options
Diffstat (limited to 'src/firejail/sandbox.c')
-rw-r--r-- | src/firejail/sandbox.c | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index dbc115137..516f1187e 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -520,21 +520,14 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { | |||
520 | //**************************** | 520 | //**************************** |
521 | // Configure Landlock | 521 | // Configure Landlock |
522 | //**************************** | 522 | //**************************** |
523 | if (arg_landlock) | 523 | if (arg_landlock_enforce && ll_restrict(0)) { |
524 | ll_basic_system(); | ||
525 | |||
526 | if (ll_get_fd() != -1) { | ||
527 | if (arg_landlock_proc >= 1) | ||
528 | ll_read("/proc/"); | ||
529 | if (arg_landlock_proc == 2) | ||
530 | ll_write("/proc/"); | ||
531 | } | ||
532 | |||
533 | if (ll_restrict(0)) { | ||
534 | // It isn't safe to continue if Landlock self-restriction was | 524 | // It isn't safe to continue if Landlock self-restriction was |
535 | // enabled and the "landlock_restrict_self" syscall has failed. | 525 | // enabled and the "landlock_restrict_self" syscall has failed. |
536 | fprintf(stderr, "Error: ll_restrict() failed, exiting...\n"); | 526 | fprintf(stderr, "Error: ll_restrict() failed, exiting...\n"); |
537 | exit(1); | 527 | exit(1); |
528 | } else { | ||
529 | if (arg_debug) | ||
530 | fprintf(stderr, "Not enforcing Landlock\n"); | ||
538 | } | 531 | } |
539 | #endif | 532 | #endif |
540 | 533 | ||