Skip to content

Commit

Permalink
landlock: small fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@netblue30
netblue30 committed Dec 22, 2023
1 parent a74206c commit eee5b42
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
8 changes: 6 additions & 2 deletions src/firejail/landlock.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,6 +206,8 @@ int ll_restrict(uint32_t flags) {
if (!ll_is_supported())
return 0;

timetrace_start();

if (arg_debug)
fprintf(stderr, "%s: Starting Landlock restrict\n", __func__);

Expand All @@ -218,7 +220,9 @@ int ll_restrict(uint32_t flags) {
};

LandlockEntry *ptr = cfg.lprofile;
int rules = 0;
while (ptr) {
rules++;
fnc[ptr->type](ptr->data);
ptr = ptr->next;
}
Expand All @@ -239,8 +243,8 @@ int ll_restrict(uint32_t flags) {
__func__, strerror(errno));
goto out;
}
if (arg_debug)
fprintf(stderr, "%s: Enforcing Landlock\n", __func__);
fmessage("%d Landlock rules initialized in %0.2f ms\n", rules, timetrace_end());

out:
close(ll_ruleset_fd);
return error;
Expand Down
4 changes: 0 additions & 4 deletions src/man/firejail.1.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1247,12 +1247,8 @@ $ firejail --keep-var-tmp
.TP
\fB\-\-landlock.enforce
Enforce the Landlock ruleset.
.PP
Without it, the other Landlock commands have no effect.
.PP
.RS
See the \fBLANDLOCK\fR section for more information.
.RE
.TP
\fB\-\-landlock.read=path
Create a Landlock ruleset (if it doesn't already exist) and add a read access
Expand Down

0 comments on commit eee5b42

Please sign in to comment.