landlock: avoid parsing landlock commands twice

author: netblue30 <netblue30@protonmail.com> 2023-11-02 08:34:59 -0400
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-11-07 17:55:14 -0300
commit: 520508d5be10e7579635193d24bc1ff004ed682b (patch)
tree: 32b2df274a144365e68c57e3735b30ddc0b9b68f /src/firejail/firejail.h
parent: landlock: apply rules in sandbox before app start (diff)
download: firejail-520508d5be10e7579635193d24bc1ff004ed682b.tar.gz
firejail-520508d5be10e7579635193d24bc1ff004ed682b.tar.zst
firejail-520508d5be10e7579635193d24bc1ff004ed682b.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 43325de62..f9f4cb473 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -152,6 +152,12 @@ typedef struct profile_entry_t {
 typedef struct landlock_entry_t {
        struct landlock_entry_t *next;
+#define LL_READ 0
+#define LL_WRITE 1
+#define LL_SPECIAL 2
+#define LL_EXEC 3
+#define LL_MAX 4
+        int type;
        char *data;
 } LandlockEntry;
@@ -968,7 +974,7 @@ int ll_special(const char *allowed_path);
 int ll_exec(const char *allowed_path);
 int ll_basic_system(void);
 int ll_restrict(__u32 flags);
-void ll_add_profile(const char *data);
+void ll_add_profile(int type, const char *data);
 #else
 static inline int ll_get_fd(void) { return -1; }
 static inline int ll_read(...) { return 0; }
author	netblue30 <netblue30@protonmail.com>	2023-11-02 08:34:59 -0400
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-11-07 17:55:14 -0300
commit	520508d5be10e7579635193d24bc1ff004ed682b (patch)
tree	32b2df274a144365e68c57e3735b30ddc0b9b68f /src/firejail/firejail.h
parent	landlock: apply rules in sandbox before app start (diff)
download	firejail-520508d5be10e7579635193d24bc1ff004ed682b.tar.gz firejail-520508d5be10e7579635193d24bc1ff004ed682b.tar.zst firejail-520508d5be10e7579635193d24bc1ff004ed682b.zip