landlock: use "landlock.fs." prefix in filesystem commands

Since Landlock ABI v4 it is possible to restrict actions related to the network and potentially more areas will be added in the future. So use `landlock.fs.` as the prefix in the current filesystem-related commands (and later `landlock.net.` for the network-related commands) to keep them organized and to match what is used in the kernel. Examples of filesystem and network access flags: * `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file. * `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content. * `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port. * `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a remote port. Relates to #6078.
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2024-02-10 04:47:11 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2024-02-27 22:27:46 -0300
commit: 9cfeb485eb158217e644955bddc42e3bcf42ccbb (patch)
tree: f15092bed9d126ea3e651726e7215c8b7ee4c4ae /etc/templates
parent: landlock: add _fs prefix to filesystem functions (diff)
download: firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.tar.gz
firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.tar.zst
firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index 0e6a5734e..29ea55439 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -138,11 +138,11 @@ include globals.local
 #include whitelist-var-common.inc
 # Landlock commands
-##landlock.read PATH
+##landlock.fs.read PATH
-##landlock.write PATH
+##landlock.fs.write PATH
-##landlock.makeipc PATH
+##landlock.fs.makeipc PATH
-##landlock.makedev PATH
+##landlock.fs.makedev PATH
-##landlock.execute PATH
+##landlock.fs.execute PATH
 #include landlock-common.inc
 ##allusers
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2024-02-10 04:47:11 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2024-02-27 22:27:46 -0300
commit	9cfeb485eb158217e644955bddc42e3bcf42ccbb (patch)
tree	f15092bed9d126ea3e651726e7215c8b7ee4c4ae /etc/templates
parent	landlock: add _fs prefix to filesystem functions (diff)
download	firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.tar.gz firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.tar.zst firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.zip

diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 0e6a5734e..29ea55439 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template
@@ -138,11 +138,11 @@ include globals.local
138	#include whitelist-var-common.inc	138	#include whitelist-var-common.inc
139		139
140	# Landlock commands	140	# Landlock commands
141	##landlock.read PATH	141	##landlock.fs.read PATH
142	##landlock.write PATH	142	##landlock.fs.write PATH
143	##landlock.makeipc PATH	143	##landlock.fs.makeipc PATH
144	##landlock.makedev PATH	144	##landlock.fs.makedev PATH
145	##landlock.execute PATH	145	##landlock.fs.execute PATH
146	#include landlock-common.inc	146	#include landlock-common.inc
147		147
148	##allusers	148	##allusers