diff options
| author |  smitsohu <smitsohu@gmail.com> | 2019-06-17 03:46:11 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2019-06-17 03:46:11 +0200 |
| commit | dba9dff9c52e436a37c82a72ec82c95bcd9684ce (patch) | |
| tree | b0e77cb4190e2adc377964b617f4ef5402b902c1 /src/firejail/firejail.h | |
| parent | tighten gnome-maps (diff) | |
| download | firejail-dba9dff9c52e436a37c82a72ec82c95bcd9684ce.tar.gz firejail-dba9dff9c52e436a37c82a72ec82c95bcd9684ce.tar.zst firejail-dba9dff9c52e436a37c82a72ec82c95bcd9684ce.zip | |
streamline remounting (ro,rw,noexec)
Diffstat (limited to 'src/firejail/firejail.h')
| -rw-r--r-- | src/firejail/firejail.h | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index fd6cb9ff2..912a1864a 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
| @@ -364,16 +364,23 @@ void preproc_mount_mnt_dir(void); | |||
| 364 | void preproc_clean_run(void); | 364 | void preproc_clean_run(void); |
| 365 | 365 | ||
| 366 | // fs.c | 366 | // fs.c |
| 367 | typedef enum { | ||
| 368 | BLACKLIST_FILE, | ||
| 369 | BLACKLIST_NOLOG, | ||
| 370 | MOUNT_READONLY, | ||
| 371 | MOUNT_TMPFS, | ||
| 372 | MOUNT_NOEXEC, | ||
| 373 | MOUNT_RDWR, | ||
| 374 | OPERATION_MAX | ||
| 375 | } OPERATION; | ||
| 376 | |||
| 367 | // blacklist files or directories by mounting empty files on top of them | 377 | // blacklist files or directories by mounting empty files on top of them |
| 368 | void fs_blacklist(void); | 378 | void fs_blacklist(void); |
| 369 | // mount a writable tmpfs | 379 | // mount a writable tmpfs |
| 370 | void fs_tmpfs(const char *dir, unsigned check_owner); | 380 | void fs_tmpfs(const char *dir, unsigned check_owner); |
| 371 | // remount a directory read-only | 381 | // remount noexec/nodev/nosuid or read-only or read-write |
| 372 | void fs_rdonly(const char *dir); | 382 | void fs_remount(const char *dir, OPERATION op); |
| 373 | void fs_rdonly_rec(const char *dir); | 383 | void fs_remount_rec(const char *dir, OPERATION op); |
| 374 | // remount a directory noexec, nodev and nosuid | ||
| 375 | void fs_noexec(const char *dir); | ||
| 376 | void fs_noexec_rec(const char *dir); | ||
| 377 | // mount /proc and /sys directories | 384 | // mount /proc and /sys directories |
| 378 | void fs_proc_sys_dev_boot(void); | 385 | void fs_proc_sys_dev_boot(void); |
| 379 | // build a basic read-only filesystem | 386 | // build a basic read-only filesystem |