diff options
author | netblue30 <netblue30@protonmail.com> | 2023-10-24 12:43:46 -0400 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-11-07 17:55:13 -0300 |
commit | 13b2c566df883269b55f77757bb50a5d2890ec20 (patch) | |
tree | 5c7ccc9d00886b93c4429a91671161fa6464f1f9 /src/firejail/firejail.h | |
parent | cleanup (diff) | |
download | firejail-13b2c566df883269b55f77757bb50a5d2890ec20.tar.gz firejail-13b2c566df883269b55f77757bb50a5d2890ec20.tar.zst firejail-13b2c566df883269b55f77757bb50a5d2890ec20.zip |
feature: add Landlock support
Based on 5315 by ChrysoliteAzalea.
It is based on the same underlying structure, but with a lot of
refactoring/simplification and with bugfixes and improvements.
Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com>
Co-authored-by: Азалия Смарагдова <charming.flurry@yandex.ru>
Diffstat (limited to 'src/firejail/firejail.h')
-rw-r--r-- | src/firejail/firejail.h | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index c791913ea..efeda7228 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -281,6 +281,9 @@ extern int arg_overlay; // overlay option | |||
281 | extern int arg_overlay_keep; // place overlay diff in a known directory | 281 | extern int arg_overlay_keep; // place overlay diff in a known directory |
282 | extern int arg_overlay_reuse; // allow the reuse of overlays | 282 | extern int arg_overlay_reuse; // allow the reuse of overlays |
283 | 283 | ||
284 | extern int arg_landlock; // add basic Landlock rules | ||
285 | extern int arg_landlock_proc; // 0 - no access; 1 -read-only; 2 - read-write | ||
286 | |||
284 | extern int arg_seccomp; // enable default seccomp filter | 287 | extern int arg_seccomp; // enable default seccomp filter |
285 | extern int arg_seccomp32; // enable default seccomp filter for 32 bit arch | 288 | extern int arg_seccomp32; // enable default seccomp filter for 32 bit arch |
286 | extern int arg_seccomp_postexec; // need postexec ld.preload library? | 289 | extern int arg_seccomp_postexec; // need postexec ld.preload library? |
@@ -950,4 +953,23 @@ void run_ids(int argc, char **argv); | |||
950 | // oom.c | 953 | // oom.c |
951 | void oom_set(const char *oom_string); | 954 | void oom_set(const char *oom_string); |
952 | 955 | ||
956 | // landlock.c | ||
957 | #ifdef HAVE_LANDLOCK | ||
958 | int ll_get_fd(void); | ||
959 | int ll_read(const char *allowed_path); | ||
960 | int ll_write(const char *allowed_path); | ||
961 | int ll_special(const char *allowed_path); | ||
962 | int ll_exec(const char *allowed_path); | ||
963 | int ll_basic_system(void); | ||
964 | int ll_restrict(__u32 flags); | ||
965 | #else | ||
966 | static inline int ll_get_fd(void) { return -1; } | ||
967 | static inline int ll_read(...) { return 0; } | ||
968 | static inline int ll_write(...) { return 0; } | ||
969 | static inline int ll_special(...) { return 0; } | ||
970 | static inline int ll_exec(...) { return 0; } | ||
971 | static inline int ll_basic_system(void) { return 0; } | ||
972 | static inline int ll_restrict(...) { return 0; } | ||
973 | #endif /* HAVE_LANDLOCK */ | ||
974 | |||
953 | #endif | 975 | #endif |