github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

bugfix: fix "Not enforcing Landlock" message always being printed (#6806)

Browse source 
Even when Landlock is in fact being enforced.

Also, mention the `landlock.enforce` command in the message.

This amends commit 760f50f78 ("landlock: move commands into profile and
add landlock.enforce", 2023-11-17) / PR #6125.

Relates to #6078 #6796.

Reported-by: @osevan
This commit is contained in:
Kelvin M. Klann 2025-07-10 17:14:31 +00:00 committed by GitHub
parent e0bf7b8aa4
commit a31f741652
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/firejail/sandbox.c
View file

@ -520,14 +520,15 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) {
//****************************
// Configure Landlock
//****************************
if (arg_landlock_enforce && ll_restrict(0)) {
if (!arg_landlock_enforce) {
if (arg_debug)
fprintf(stderr, "Not enforcing Landlock (see landlock.enforce)\n");
}
else if (ll_restrict(0)) {
// It isn't safe to continue if Landlock self-restriction was
// enabled and the "landlock_restrict_self" syscall has failed.
fprintf(stderr, "Error: ll_restrict() failed, exiting...\n");
exit(1);
} else {
if (arg_debug)
fprintf(stderr, "Not enforcing Landlock\n");
}
#endif