From 9ba916d20d723f2515c2e084db3437a529b81c34 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Fri, 3 Apr 2020 08:30:16 -0400
Subject: seccomp/join fix

---
 src/firejail/sandbox.c | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 93fe5425a..9abf94a7f 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -1122,11 +1122,6 @@ int sandbox(void* sandbox_arg) {
 			seccomp_filter_drop(false);
 
 	}
-	else { // clean seccomp files under /run/firejail/mnt
-		int rv = unlink(RUN_SECCOMP_CFG);
-		rv |= unlink(RUN_SECCOMP_32);
-		(void) rv;
-	}
 
 	if (arg_memory_deny_write_execute) {
 		if (arg_debug)
@@ -1134,13 +1129,17 @@ int sandbox(void* sandbox_arg) {
 		seccomp_load(RUN_SECCOMP_MDWX);	// install filter
 		seccomp_load(RUN_SECCOMP_MDWX_32);
 	}
-	else {
-		int rv = unlink(RUN_SECCOMP_MDWX);
-		rv |= unlink(RUN_SECCOMP_MDWX_32);
-		(void) rv;
-	}
+
 	// make seccomp filters read-only
 	fs_remount(RUN_SECCOMP_DIR, MOUNT_READONLY, 0);
+	if (arg_debug) {
+		printf("Seccomp directory:\n");
+		int rv = system("ls -l "  RUN_SECCOMP_DIR);
+		(void) rv;
+		printf("Active seccomp files:\n");
+		rv = system("cat " RUN_SECCOMP_LIST);
+		(void) rv;
+	}
 #endif
 
 	// set capabilities
-- 
cgit v1.2.3-54-g00ecf