diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-02-10 04:47:11 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-02-27 22:27:46 -0300 |
commit | 9cfeb485eb158217e644955bddc42e3bcf42ccbb (patch) | |
tree | f15092bed9d126ea3e651726e7215c8b7ee4c4ae /etc/templates | |
parent | landlock: add _fs prefix to filesystem functions (diff) | |
download | firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.tar.gz firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.tar.zst firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.zip |
landlock: use "landlock.fs." prefix in filesystem commands
Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.
So use `landlock.fs.` as the prefix in the current filesystem-related
commands (and later `landlock.net.` for the network-related commands) to
keep them organized and to match what is used in the kernel.
Examples of filesystem and network access flags:
* `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file.
* `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content.
* `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port.
* `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a
remote port.
Relates to #6078.
Diffstat (limited to 'etc/templates')
-rw-r--r-- | etc/templates/profile.template | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 0e6a5734e..29ea55439 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -138,11 +138,11 @@ include globals.local | |||
138 | #include whitelist-var-common.inc | 138 | #include whitelist-var-common.inc |
139 | 139 | ||
140 | # Landlock commands | 140 | # Landlock commands |
141 | ##landlock.read PATH | 141 | ##landlock.fs.read PATH |
142 | ##landlock.write PATH | 142 | ##landlock.fs.write PATH |
143 | ##landlock.makeipc PATH | 143 | ##landlock.fs.makeipc PATH |
144 | ##landlock.makedev PATH | 144 | ##landlock.fs.makedev PATH |
145 | ##landlock.execute PATH | 145 | ##landlock.fs.execute PATH |
146 | #include landlock-common.inc | 146 | #include landlock-common.inc |
147 | 147 | ||
148 | ##allusers | 148 | ##allusers |