diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/firejail/seccomp.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index cdbbe4fdd..96dfdaff2 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -195,10 +195,8 @@ int seccomp_filter_keep(void) { | |||
195 | printf("Build drop seccomp filter\n"); | 195 | printf("Build drop seccomp filter\n"); |
196 | 196 | ||
197 | // build the seccomp filter as a regular user | 197 | // build the seccomp filter as a regular user |
198 | int rv = sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 4, | 198 | sbox_run(SBOX_USER | SBOX_CAPS_NONE | SBOX_SECCOMP, 4, |
199 | PATH_FSECCOMP, "keep", RUN_SECCOMP_CFG, cfg.seccomp_list_keep); | 199 | PATH_FSECCOMP, "keep", RUN_SECCOMP_CFG, cfg.seccomp_list_keep); |
200 | if (rv) | ||
201 | exit(rv); | ||
202 | if (arg_debug) | 200 | if (arg_debug) |
203 | printf("seccomp filter configured\n"); | 201 | printf("seccomp filter configured\n"); |
204 | 202 | ||
@@ -246,10 +244,7 @@ void seccomp_print_filter(pid_t pid) { | |||
246 | } | 244 | } |
247 | 245 | ||
248 | // read and print the filter - run this as root, the user doesn't have access | 246 | // read and print the filter - run this as root, the user doesn't have access |
249 | int rv = sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, | 247 | sbox_run(SBOX_ROOT | SBOX_SECCOMP, 3, PATH_FSECCOMP, "print", fname); |
250 | PATH_FSECCOMP, "print", fname); | ||
251 | if (rv) | ||
252 | exit(rv); | ||
253 | free(fname); | 248 | free(fname); |
254 | 249 | ||
255 | exit(0); | 250 | exit(0); |