From eee5b4243a5f26fc9643213be1b67ca5a7261953 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 22 Dec 2023 10:09:39 -0500 Subject: [PATCH] landlock: small fixes --- src/firejail/landlock.c | 8 ++++++-- src/man/firejail.1.in | 4 ---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index 11de2e29706..a5fd552326b 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c @@ -206,6 +206,8 @@ int ll_restrict(uint32_t flags) { if (!ll_is_supported()) return 0; + timetrace_start(); + if (arg_debug) fprintf(stderr, "%s: Starting Landlock restrict\n", __func__); @@ -218,7 +220,9 @@ int ll_restrict(uint32_t flags) { }; LandlockEntry *ptr = cfg.lprofile; + int rules = 0; while (ptr) { + rules++; fnc[ptr->type](ptr->data); ptr = ptr->next; } @@ -239,8 +243,8 @@ int ll_restrict(uint32_t flags) { __func__, strerror(errno)); goto out; } - if (arg_debug) - fprintf(stderr, "%s: Enforcing Landlock\n", __func__); + fmessage("%d Landlock rules initialized in %0.2f ms\n", rules, timetrace_end()); + out: close(ll_ruleset_fd); return error; diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index c63cf350d6a..9761edb76d1 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in @@ -1247,12 +1247,8 @@ $ firejail --keep-var-tmp .TP \fB\-\-landlock.enforce Enforce the Landlock ruleset. -.PP Without it, the other Landlock commands have no effect. -.PP -.RS See the \fBLANDLOCK\fR section for more information. -.RE .TP \fB\-\-landlock.read=path Create a Landlock ruleset (if it doesn't already exist) and add a read access