Merge pull request #6228 from kmk3/landlock-add-fs

landlock: use "landlock.fs." prefix in filesystem commands
author: netblue30 <netblue30@protonmail.com> 2024-02-29 10:08:08 -0500
committer: GitHub <noreply@github.com> 2024-02-29 10:08:08 -0500
commit: d9951088b1abd2e551d42c5a3405ab2d1c47a291 (patch)
tree: 0ee5fa9e7489b9d4e38bbb208140c8a4abd34a71 /etc/inc
parent: Merge pull request #6227 from glitsj16/virt-manager (diff)
parent: landlock: use "landlock.fs." prefix in filesystem commands (diff)
download: firejail-d9951088b1abd2e551d42c5a3405ab2d1c47a291.tar.gz
firejail-d9951088b1abd2e551d42c5a3405ab2d1c47a291.tar.zst
firejail-d9951088b1abd2e551d42c5a3405ab2d1c47a291.zip
1 files changed, 28 insertions, 28 deletions
diff --git a/etc/inc/landlock-common.inc b/etc/inc/landlock-common.inc
index 694d447b5..e147963a6 100644
--- a/etc/inc/landlock-common.inc
+++ b/etc/inc/landlock-common.inc
@@ -2,38 +2,38 @@
 # Persistent customizations should go in a .local file.
 include landlock-common.local
-landlock.read /          # whole system read
+landlock.fs.read /          # whole system read
-landlock.read /proc
+landlock.fs.read /proc
-landlock.makeipc /       # sockets etc.
+landlock.fs.makeipc /       # sockets etc.
 # write access
-landlock.write ${HOME}
+landlock.fs.write ${HOME}
-landlock.write ${RUNUSER}
+landlock.fs.write ${RUNUSER}
-landlock.write /dev
+landlock.fs.write /dev
-landlock.write /proc
+landlock.fs.write /proc
-landlock.write /run/shm
+landlock.fs.write /run/shm
-landlock.write /tmp
+landlock.fs.write /tmp
 # exec access
 ## misc
-landlock.execute /opt
+landlock.fs.execute /opt
-landlock.execute /run/firejail # appimage and various firejail features
+landlock.fs.execute /run/firejail # appimage and various firejail features
 ## bin
-landlock.execute /bin
+landlock.fs.execute /bin
-landlock.execute /sbin
+landlock.fs.execute /sbin
-landlock.execute /usr/bin
+landlock.fs.execute /usr/bin
-landlock.execute /usr/sbin
+landlock.fs.execute /usr/sbin
-landlock.execute /usr/games
+landlock.fs.execute /usr/games
-landlock.execute /usr/local/bin
+landlock.fs.execute /usr/local/bin
-landlock.execute /usr/local/sbin
+landlock.fs.execute /usr/local/sbin
-landlock.execute /usr/local/games
+landlock.fs.execute /usr/local/games
 ## lib
-landlock.execute /lib
+landlock.fs.execute /lib
-landlock.execute /lib32
+landlock.fs.execute /lib32
-landlock.execute /libx32
+landlock.fs.execute /libx32
-landlock.execute /lib64
+landlock.fs.execute /lib64
-landlock.execute /usr/lib
+landlock.fs.execute /usr/lib
-landlock.execute /usr/lib32
+landlock.fs.execute /usr/lib32
-landlock.execute /usr/libx32
+landlock.fs.execute /usr/libx32
-landlock.execute /usr/lib64
+landlock.fs.execute /usr/lib64
-landlock.execute /usr/local/lib
+landlock.fs.execute /usr/local/lib
author	netblue30 <netblue30@protonmail.com>	2024-02-29 10:08:08 -0500
committer	GitHub <noreply@github.com>	2024-02-29 10:08:08 -0500
commit	d9951088b1abd2e551d42c5a3405ab2d1c47a291 (patch)
tree	0ee5fa9e7489b9d4e38bbb208140c8a4abd34a71 /etc/inc
parent	Merge pull request #6227 from glitsj16/virt-manager (diff)
parent	landlock: use "landlock.fs." prefix in filesystem commands (diff)
download	firejail-d9951088b1abd2e551d42c5a3405ab2d1c47a291.tar.gz firejail-d9951088b1abd2e551d42c5a3405ab2d1c47a291.tar.zst firejail-d9951088b1abd2e551d42c5a3405ab2d1c47a291.zip

diff --git a/etc/inc/landlock-common.inc b/etc/inc/landlock-common.inc index 694d447b5..e147963a6 100644 --- a/etc/inc/landlock-common.inc +++ b/etc/inc/landlock-common.inc
@@ -2,38 +2,38 @@
2	# Persistent customizations should go in a .local file.	2	# Persistent customizations should go in a .local file.
3	include landlock-common.local	3	include landlock-common.local
4		4
5	landlock.read / # whole system read	5	landlock.fs.read / # whole system read
6	landlock.read /proc	6	landlock.fs.read /proc
7	landlock.makeipc / # sockets etc.	7	landlock.fs.makeipc / # sockets etc.
8		8
9	# write access	9	# write access
10	landlock.write ${HOME}	10	landlock.fs.write ${HOME}
11	landlock.write ${RUNUSER}	11	landlock.fs.write ${RUNUSER}
12	landlock.write /dev	12	landlock.fs.write /dev
13	landlock.write /proc	13	landlock.fs.write /proc
14	landlock.write /run/shm	14	landlock.fs.write /run/shm
15	landlock.write /tmp	15	landlock.fs.write /tmp
16		16
17	# exec access	17	# exec access
18	## misc	18	## misc
19	landlock.execute /opt	19	landlock.fs.execute /opt
20	landlock.execute /run/firejail # appimage and various firejail features	20	landlock.fs.execute /run/firejail # appimage and various firejail features
21	## bin	21	## bin
22	landlock.execute /bin	22	landlock.fs.execute /bin
23	landlock.execute /sbin	23	landlock.fs.execute /sbin
24	landlock.execute /usr/bin	24	landlock.fs.execute /usr/bin
25	landlock.execute /usr/sbin	25	landlock.fs.execute /usr/sbin
26	landlock.execute /usr/games	26	landlock.fs.execute /usr/games
27	landlock.execute /usr/local/bin	27	landlock.fs.execute /usr/local/bin
28	landlock.execute /usr/local/sbin	28	landlock.fs.execute /usr/local/sbin
29	landlock.execute /usr/local/games	29	landlock.fs.execute /usr/local/games
30	## lib	30	## lib
31	landlock.execute /lib	31	landlock.fs.execute /lib
32	landlock.execute /lib32	32	landlock.fs.execute /lib32
33	landlock.execute /libx32	33	landlock.fs.execute /libx32
34	landlock.execute /lib64	34	landlock.fs.execute /lib64
35	landlock.execute /usr/lib	35	landlock.fs.execute /usr/lib
36	landlock.execute /usr/lib32	36	landlock.fs.execute /usr/lib32
37	landlock.execute /usr/libx32	37	landlock.fs.execute /usr/libx32
38	landlock.execute /usr/lib64	38	landlock.fs.execute /usr/lib64
39	landlock.execute /usr/local/lib	39	landlock.fs.execute /usr/local/lib