From 0d4468b45514b01d46a8b05f8838e62a113b3faa Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 2 Dec 2015 08:41:44 -0500 Subject: profile speedup --- src/firejail/sandbox.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 5ae43dbd1..af035fe90 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -265,12 +265,19 @@ int sandbox(void* sandbox_arg) { } //**************************** - // mount namespace + // mount namespace and log filesystem type //**************************** // mount events are not forwarded between the host the sandbox if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { chk_chroot(); } + // log filesystem type + if (cfg.chrootdir) + fs_logger("chroot filesystem"); + else if (arg_overlay) + fs_logger("overlay filesystem"); + else + fs_logger("local filesystem"); fs_logger("install mount namespace"); //**************************** @@ -297,7 +304,6 @@ int sandbox(void* sandbox_arg) { //**************************** // configure filesystem //**************************** - #ifdef HAVE_CHROOT if (cfg.chrootdir) { fs_chroot(cfg.chrootdir); @@ -353,17 +359,6 @@ int sandbox(void* sandbox_arg) { fs_hostname(cfg.hostname); } - //**************************** - // apply the profile file - //**************************** - if (cfg.profile) { - // apply all whitelist commands ... - fs_whitelist(); - - // ... followed by blacklist commands - fs_blacklist(); - } - //**************************** // private mode //**************************** @@ -383,6 +378,17 @@ int sandbox(void* sandbox_arg) { if (arg_private_bin) fs_private_bin_list(); + //**************************** + // apply the profile file + //**************************** + if (cfg.profile) { + // apply all whitelist commands ... + fs_whitelist(); + + // ... followed by blacklist commands + fs_blacklist(); + } + //**************************** // install trace //**************************** -- cgit v1.2.3-70-g09d2