From 39788a8eef1bbc22931cf92859c8dbebd6eaf82c Mon Sep 17 00:00:00 2001 From: smitsohu Date: Sun, 22 Sep 2019 13:21:35 +0200 Subject: prevent trace from interfering with sandbox setup --- src/firejail/preproc.c | 4 ++++ src/firejail/sandbox.c | 10 ++-------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/src/firejail/preproc.c b/src/firejail/preproc.c index a7af4b127..a2dea0339 100644 --- a/src/firejail/preproc.c +++ b/src/firejail/preproc.c @@ -85,6 +85,10 @@ void preproc_mount_mnt_dir(void) { tmpfs_mounted = 1; fs_logger2("tmpfs", RUN_MNT_DIR); + // open and mount trace file while there are no user-writable files in RUN_MNT_DIR + if (arg_tracefile) + fs_tracefile(); + #ifdef HAVE_SECCOMP create_empty_dir_as_root(RUN_SECCOMP_DIR, 0755); diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 51c531159..288726d22 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -800,11 +800,8 @@ int sandbox(void* sandbox_arg) { } // trace pre-install - if (need_preload) { + if (need_preload) fs_trace_preload(); - if (arg_tracefile && !cfg.chrootdir) - fs_tracefile(); - } // store hosts file if (cfg.hosts_file) @@ -820,11 +817,8 @@ int sandbox(void* sandbox_arg) { //**************************** // trace pre-install, this time inside chroot //**************************** - if (need_preload) { + if (need_preload) fs_trace_preload(); - if (arg_tracefile) - fs_tracefile(); - } } else #endif -- cgit v1.2.3-70-g09d2