From eb5c97197b699dbb8ba69e798c86e5e97c36e17e Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@protonmail.com>
Date: Tue, 12 Sep 2023 11:22:44 -0400
Subject: [PATCH] speed up blacklists

---
 etc/inc/disable-devel.inc |  1 +
 src/firejail/fs.c         |  4 ++++
 src/firejail/paths.c      | 18 ++++++++++++++++++
 3 files changed, 23 insertions(+)

diff --git a/etc/inc/disable-devel.inc b/etc/inc/disable-devel.inc
index c13e449cbc6..ae64f456e3b 100644
--- a/etc/inc/disable-devel.inc
+++ b/etc/inc/disable-devel.inc
@@ -25,6 +25,7 @@ blacklist ${PATH}/patchview
 # packaging
 blacklist ${PATH}/dh_*
 blacklist ${PATH}/fakeroot*
+blacklist ${PATH}/lintian
 
 # expect
 blacklist ${PATH}/autoexpect
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 182f26e53cb..28fecfb9836 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -281,6 +281,8 @@ void fs_blacklist(void) {
 	if (!entry)
 		return;
 
+	timetrace_start();
+
 	size_t noblacklist_c = 0;
 	size_t noblacklist_m = 32;
 	char **noblacklist = calloc(noblacklist_m, sizeof(*noblacklist));
@@ -463,6 +465,8 @@ void fs_blacklist(void) {
 	for (i = 0; i < noblacklist_c; i++)
 		free(noblacklist[i]);
 	free(noblacklist);
+
+	fmessage("Base filesystem installed in %0.2f ms\n", timetrace_end());
 }
 
 //***********************************************
diff --git a/src/firejail/paths.c b/src/firejail/paths.c
index 6bc6230f099..fea842d934a 100644
--- a/src/firejail/paths.c
+++ b/src/firejail/paths.c
@@ -47,6 +47,16 @@ static void init_paths(void) {
 		errExit("calloc");
 	memset(paths, 0, path_cnt * sizeof(char *)); // get rid of false positive error from GCC static analyzer
 
+	// lots of distros set /bin as a symlink to /usr/bin;
+	// we remove /bin form the path to speed up path-based operations such as blacklist
+	int bin_symlink = 0;
+	p = realpath("/bin", NULL);
+	if (p) {
+		if (strcmp(p, "/usr/bin") == 0)
+			bin_symlink = 1;
+	}
+	free(p);
+
 	// fill in 'paths' with pointers to elements of 'path'
 	unsigned int i = 0, j;
 	unsigned int len;
@@ -62,6 +72,14 @@ static void init_paths(void) {
 		if (len == 0)
 			goto skip;
 
+		//deal with /bin - /usr/bin symlink
+		if (bin_symlink > 0) {
+			if (strcmp(elt, "/bin") == 0 || strcmp(elt, "/usr/bin") == 0)
+				bin_symlink++;
+			if (bin_symlink == 3)
+				goto skip;
+		}
+
 		// filter out duplicate entries
 		for (j = 0; j < i; j++)
 			if (strcmp(elt, paths[j]) == 0)