landlock: add _fs prefix to filesystem functions

Relates to #6078.
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2024-02-10 02:49:46 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2024-02-27 22:27:46 -0300
commit: 1758765ca6b0039d6513a802ec791928a7769013 (patch)
tree: 1795d97bbd8ab4bf3ff31746e1001f3346ff2f81
parent: Merge pull request #6222 from kmk3/build-override-tools (diff)
download: firejail-1758765ca6b0039d6513a802ec791928a7769013.tar.gz
firejail-1758765ca6b0039d6513a802ec791928a7769013.tar.zst
firejail-1758765ca6b0039d6513a802ec791928a7769013.zip
4 files changed, 25 insertions, 25 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 2122649cf..4e018476e 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -152,11 +152,11 @@ typedef struct profile_entry_t {
 typedef struct landlock_entry_t {
        struct landlock_entry_t *next;
-#define LL_READ 0
+#define LL_FS_READ 0
-#define LL_WRITE 1
+#define LL_FS_WRITE 1
-#define LL_MAKEIPC 2
+#define LL_FS_MAKEIPC 2
-#define LL_MAKEDEV 3
+#define LL_FS_MAKEDEV 3
-#define LL_EXEC 4
+#define LL_FS_EXEC 4
 #define LL_MAX 5
        int type;
        char *data;
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c
index ce222624b..453ad8f10 100644
--- a/src/firejail/landlock.c
+++ b/src/firejail/landlock.c
@@ -174,7 +174,7 @@ static void ll_fs(const char *allowed_path, const __u64 allowed_access,
        free(expanded_path);
 }
-static void ll_read(const char *allowed_path) {
+static void ll_fs_read(const char *allowed_path) {
        __u64 allowed_access =
                LANDLOCK_ACCESS_FS_READ_DIR |
                LANDLOCK_ACCESS_FS_READ_FILE;
@@ -182,7 +182,7 @@ static void ll_read(const char *allowed_path) {
        ll_fs(allowed_path, allowed_access, __func__);
 }
-static void ll_write(const char *allowed_path) {
+static void ll_fs_write(const char *allowed_path) {
        __u64 allowed_access =
                LANDLOCK_ACCESS_FS_MAKE_DIR |
                LANDLOCK_ACCESS_FS_MAKE_REG |
@@ -194,7 +194,7 @@ static void ll_write(const char *allowed_path) {
        ll_fs(allowed_path, allowed_access, __func__);
 }
-static void ll_makeipc(const char *allowed_path) {
+static void ll_fs_makeipc(const char *allowed_path) {
        __u64 allowed_access =
                LANDLOCK_ACCESS_FS_MAKE_FIFO |
                LANDLOCK_ACCESS_FS_MAKE_SOCK;
@@ -202,7 +202,7 @@ static void ll_makeipc(const char *allowed_path) {
        ll_fs(allowed_path, allowed_access, __func__);
 }
-static void ll_makedev(const char *allowed_path) {
+static void ll_fs_makedev(const char *allowed_path) {
        __u64 allowed_access =
                LANDLOCK_ACCESS_FS_MAKE_BLOCK |
                LANDLOCK_ACCESS_FS_MAKE_CHAR;
@@ -210,7 +210,7 @@ static void ll_makedev(const char *allowed_path) {
        ll_fs(allowed_path, allowed_access, __func__);
 }
-static void ll_exec(const char *allowed_path) {
+static void ll_fs_exec(const char *allowed_path) {
        __u64 allowed_access =
                LANDLOCK_ACCESS_FS_EXECUTE;
@@ -227,11 +227,11 @@ int ll_restrict(uint32_t flags) {
                fprintf(stderr, "%s: Starting Landlock restrict\n", __func__);
        void (*fnc[])(const char *) = {
-                ll_read,
+                ll_fs_read,
-                ll_write,
+                ll_fs_write,
-                ll_makeipc,
+                ll_fs_makeipc,
-                ll_makedev,
+                ll_fs_makedev,
-                ll_exec,
+                ll_fs_exec,
                NULL
        };
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 4d8ea20c3..0d56eeb55 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1506,15 +1506,15 @@ int main(int argc, char **argv, char **envp) {
                else if (strncmp(argv[i], "--landlock.enforce", 18) == 0)
                        arg_landlock_enforce = 1;
                else if (strncmp(argv[i], "--landlock.read=", 16) == 0)
-                        ll_add_profile(LL_READ, argv[i] + 16);
+                        ll_add_profile(LL_FS_READ, argv[i] + 16);
                else if (strncmp(argv[i], "--landlock.write=", 17) == 0)
-                        ll_add_profile(LL_WRITE, argv[i] + 17);
+                        ll_add_profile(LL_FS_WRITE, argv[i] + 17);
                else if (strncmp(argv[i], "--landlock.makeipc=", 19) == 0)
-                        ll_add_profile(LL_MAKEIPC, argv[i] + 19);
+                        ll_add_profile(LL_FS_MAKEIPC, argv[i] + 19);
                else if (strncmp(argv[i], "--landlock.makedev=", 19) == 0)
-                        ll_add_profile(LL_MAKEDEV, argv[i] + 19);
+                        ll_add_profile(LL_FS_MAKEDEV, argv[i] + 19);
                else if (strncmp(argv[i], "--landlock.execute=", 19) == 0)
-                        ll_add_profile(LL_EXEC, argv[i] + 19);
+                        ll_add_profile(LL_FS_EXEC, argv[i] + 19);
 #endif
                else if (strcmp(argv[i], "--memory-deny-write-execute") == 0) {
                        if (checkcfg(CFG_SECCOMP))
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index a5a8393e9..945ed518e 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1079,23 +1079,23 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
        if (strncmp(ptr, "landlock.read ", 14) == 0) {
-                ll_add_profile(LL_READ, ptr + 14);
+                ll_add_profile(LL_FS_READ, ptr + 14);
                return 0;
        }
        if (strncmp(ptr, "landlock.write ", 15) == 0) {
-                ll_add_profile(LL_WRITE, ptr + 15);
+                ll_add_profile(LL_FS_WRITE, ptr + 15);
                return 0;
        }
        if (strncmp(ptr, "landlock.makeipc ", 17) == 0) {
-                ll_add_profile(LL_MAKEIPC, ptr + 17);
+                ll_add_profile(LL_FS_MAKEIPC, ptr + 17);
                return 0;
        }
        if (strncmp(ptr, "landlock.makedev ", 17) == 0) {
-                ll_add_profile(LL_MAKEDEV, ptr + 17);
+                ll_add_profile(LL_FS_MAKEDEV, ptr + 17);
                return 0;
        }
        if (strncmp(ptr, "landlock.execute ", 17) == 0) {
-                ll_add_profile(LL_EXEC, ptr + 17);
+                ll_add_profile(LL_FS_EXEC, ptr + 17);
                return 0;
        }
 #endif
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2024-02-10 02:49:46 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2024-02-27 22:27:46 -0300
commit	1758765ca6b0039d6513a802ec791928a7769013 (patch)
tree	1795d97bbd8ab4bf3ff31746e1001f3346ff2f81
parent	Merge pull request #6222 from kmk3/build-override-tools (diff)
download	firejail-1758765ca6b0039d6513a802ec791928a7769013.tar.gz firejail-1758765ca6b0039d6513a802ec791928a7769013.tar.zst firejail-1758765ca6b0039d6513a802ec791928a7769013.zip

diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2122649cf..4e018476e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h
@@ -152,11 +152,11 @@ typedef struct profile_entry_t {
152		152
153	typedef struct landlock_entry_t {	153	typedef struct landlock_entry_t {
154	struct landlock_entry_t *next;	154	struct landlock_entry_t *next;
155	#define LL_READ 0	155	#define LL_FS_READ 0
156	#define LL_WRITE 1	156	#define LL_FS_WRITE 1
157	#define LL_MAKEIPC 2	157	#define LL_FS_MAKEIPC 2
158	#define LL_MAKEDEV 3	158	#define LL_FS_MAKEDEV 3
159	#define LL_EXEC 4	159	#define LL_FS_EXEC 4
160	#define LL_MAX 5	160	#define LL_MAX 5
161	int type;	161	int type;
162	char *data;	162	char *data;


diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index ce222624b..453ad8f10 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c
@@ -174,7 +174,7 @@ static void ll_fs(const char *allowed_path, const __u64 allowed_access,
174	free(expanded_path);	174	free(expanded_path);
175	}	175	}
176		176
177	static void ll_read(const char *allowed_path) {	177	static void ll_fs_read(const char *allowed_path) {
178	__u64 allowed_access =	178	__u64 allowed_access =
179	LANDLOCK_ACCESS_FS_READ_DIR \|	179	LANDLOCK_ACCESS_FS_READ_DIR \|
180	LANDLOCK_ACCESS_FS_READ_FILE;	180	LANDLOCK_ACCESS_FS_READ_FILE;
@@ -182,7 +182,7 @@ static void ll_read(const char *allowed_path) {
182	ll_fs(allowed_path, allowed_access, __func__);	182	ll_fs(allowed_path, allowed_access, __func__);
183	}	183	}
184		184
185	static void ll_write(const char *allowed_path) {	185	static void ll_fs_write(const char *allowed_path) {
186	__u64 allowed_access =	186	__u64 allowed_access =
187	LANDLOCK_ACCESS_FS_MAKE_DIR \|	187	LANDLOCK_ACCESS_FS_MAKE_DIR \|
188	LANDLOCK_ACCESS_FS_MAKE_REG \|	188	LANDLOCK_ACCESS_FS_MAKE_REG \|
@@ -194,7 +194,7 @@ static void ll_write(const char *allowed_path) {
194	ll_fs(allowed_path, allowed_access, __func__);	194	ll_fs(allowed_path, allowed_access, __func__);
195	}	195	}
196		196
197	static void ll_makeipc(const char *allowed_path) {	197	static void ll_fs_makeipc(const char *allowed_path) {
198	__u64 allowed_access =	198	__u64 allowed_access =
199	LANDLOCK_ACCESS_FS_MAKE_FIFO \|	199	LANDLOCK_ACCESS_FS_MAKE_FIFO \|
200	LANDLOCK_ACCESS_FS_MAKE_SOCK;	200	LANDLOCK_ACCESS_FS_MAKE_SOCK;
@@ -202,7 +202,7 @@ static void ll_makeipc(const char *allowed_path) {
202	ll_fs(allowed_path, allowed_access, __func__);	202	ll_fs(allowed_path, allowed_access, __func__);
203	}	203	}
204		204
205	static void ll_makedev(const char *allowed_path) {	205	static void ll_fs_makedev(const char *allowed_path) {
206	__u64 allowed_access =	206	__u64 allowed_access =
207	LANDLOCK_ACCESS_FS_MAKE_BLOCK \|	207	LANDLOCK_ACCESS_FS_MAKE_BLOCK \|
208	LANDLOCK_ACCESS_FS_MAKE_CHAR;	208	LANDLOCK_ACCESS_FS_MAKE_CHAR;
@@ -210,7 +210,7 @@ static void ll_makedev(const char *allowed_path) {
210	ll_fs(allowed_path, allowed_access, __func__);	210	ll_fs(allowed_path, allowed_access, __func__);
211	}	211	}
212		212
213	static void ll_exec(const char *allowed_path) {	213	static void ll_fs_exec(const char *allowed_path) {
214	__u64 allowed_access =	214	__u64 allowed_access =
215	LANDLOCK_ACCESS_FS_EXECUTE;	215	LANDLOCK_ACCESS_FS_EXECUTE;
216		216
@@ -227,11 +227,11 @@ int ll_restrict(uint32_t flags) {
227	fprintf(stderr, "%s: Starting Landlock restrict\n", __func__);	227	fprintf(stderr, "%s: Starting Landlock restrict\n", __func__);
228		228
229	void (fnc[])(const char ) = {	229	void (fnc[])(const char ) = {
230	ll_read,	230	ll_fs_read,
231	ll_write,	231	ll_fs_write,
232	ll_makeipc,	232	ll_fs_makeipc,
233	ll_makedev,	233	ll_fs_makedev,
234	ll_exec,	234	ll_fs_exec,
235	NULL	235	NULL
236	};	236	};
237		237


diff --git a/src/firejail/main.c b/src/firejail/main.c index 4d8ea20c3..0d56eeb55 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -1506,15 +1506,15 @@ int main(int argc, char argv, char envp) {
1506	else if (strncmp(argv[i], "--landlock.enforce", 18) == 0)	1506	else if (strncmp(argv[i], "--landlock.enforce", 18) == 0)
1507	arg_landlock_enforce = 1;	1507	arg_landlock_enforce = 1;
1508	else if (strncmp(argv[i], "--landlock.read=", 16) == 0)	1508	else if (strncmp(argv[i], "--landlock.read=", 16) == 0)
1509	ll_add_profile(LL_READ, argv[i] + 16);	1509	ll_add_profile(LL_FS_READ, argv[i] + 16);
1510	else if (strncmp(argv[i], "--landlock.write=", 17) == 0)	1510	else if (strncmp(argv[i], "--landlock.write=", 17) == 0)
1511	ll_add_profile(LL_WRITE, argv[i] + 17);	1511	ll_add_profile(LL_FS_WRITE, argv[i] + 17);
1512	else if (strncmp(argv[i], "--landlock.makeipc=", 19) == 0)	1512	else if (strncmp(argv[i], "--landlock.makeipc=", 19) == 0)
1513	ll_add_profile(LL_MAKEIPC, argv[i] + 19);	1513	ll_add_profile(LL_FS_MAKEIPC, argv[i] + 19);
1514	else if (strncmp(argv[i], "--landlock.makedev=", 19) == 0)	1514	else if (strncmp(argv[i], "--landlock.makedev=", 19) == 0)
1515	ll_add_profile(LL_MAKEDEV, argv[i] + 19);	1515	ll_add_profile(LL_FS_MAKEDEV, argv[i] + 19);
1516	else if (strncmp(argv[i], "--landlock.execute=", 19) == 0)	1516	else if (strncmp(argv[i], "--landlock.execute=", 19) == 0)
1517	ll_add_profile(LL_EXEC, argv[i] + 19);	1517	ll_add_profile(LL_FS_EXEC, argv[i] + 19);
1518	#endif	1518	#endif
1519	else if (strcmp(argv[i], "--memory-deny-write-execute") == 0) {	1519	else if (strcmp(argv[i], "--memory-deny-write-execute") == 0) {
1520	if (checkcfg(CFG_SECCOMP))	1520	if (checkcfg(CFG_SECCOMP))


diff --git a/src/firejail/profile.c b/src/firejail/profile.c index a5a8393e9..945ed518e 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -1079,23 +1079,23 @@ int profile_check_line(char ptr, int lineno, const char fname) {
1079	return 0;	1079	return 0;
1080	}	1080	}
1081	if (strncmp(ptr, "landlock.read ", 14) == 0) {	1081	if (strncmp(ptr, "landlock.read ", 14) == 0) {
1082	ll_add_profile(LL_READ, ptr + 14);	1082	ll_add_profile(LL_FS_READ, ptr + 14);
1083	return 0;	1083	return 0;
1084	}	1084	}
1085	if (strncmp(ptr, "landlock.write ", 15) == 0) {	1085	if (strncmp(ptr, "landlock.write ", 15) == 0) {
1086	ll_add_profile(LL_WRITE, ptr + 15);	1086	ll_add_profile(LL_FS_WRITE, ptr + 15);
1087	return 0;	1087	return 0;
1088	}	1088	}
1089	if (strncmp(ptr, "landlock.makeipc ", 17) == 0) {	1089	if (strncmp(ptr, "landlock.makeipc ", 17) == 0) {
1090	ll_add_profile(LL_MAKEIPC, ptr + 17);	1090	ll_add_profile(LL_FS_MAKEIPC, ptr + 17);
1091	return 0;	1091	return 0;
1092	}	1092	}
1093	if (strncmp(ptr, "landlock.makedev ", 17) == 0) {	1093	if (strncmp(ptr, "landlock.makedev ", 17) == 0) {
1094	ll_add_profile(LL_MAKEDEV, ptr + 17);	1094	ll_add_profile(LL_FS_MAKEDEV, ptr + 17);
1095	return 0;	1095	return 0;
1096	}	1096	}
1097	if (strncmp(ptr, "landlock.execute ", 17) == 0) {	1097	if (strncmp(ptr, "landlock.execute ", 17) == 0) {
1098	ll_add_profile(LL_EXEC, ptr + 17);	1098	ll_add_profile(LL_FS_EXEC, ptr + 17);
1099	return 0;	1099	return 0;
1100	}	1100	}
1101	#endif	1101	#endif