diff options
| author |  Topi Miettinen <toiwoton@gmail.com> | 2017-08-13 14:07:31 +0300 |
|---|---|---|
| committer | Topi Miettinen <toiwoton@gmail.com> | 2017-08-13 17:31:07 +0300 |
| commit | 63e9d849f662d1a494c6396d4a439cd4c91dfa7e (patch) | |
| tree | 703cc8c9c0eb5b9e528f025961df7f322f797737 /src/firejail/fs_trace.c | |
| parent | merges (diff) | |
| download | firejail-63e9d849f662d1a494c6396d4a439cd4c91dfa7e.tar.gz firejail-63e9d849f662d1a494c6396d4a439cd4c91dfa7e.tar.zst firejail-63e9d849f662d1a494c6396d4a439cd4c91dfa7e.zip | |
Allow any syscall to be blacklisted (#1447)
Allow any syscall to be blacklisted with aid of LD_PRELOAD library,
libpostexecseccomp.so.
Closes: #1447
Diffstat (limited to 'src/firejail/fs_trace.c')
| -rw-r--r-- | src/firejail/fs_trace.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index df76f4fe1..c87d29b5c 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
| @@ -63,6 +63,11 @@ void fs_trace(void) { | |||
| 63 | if (!arg_quiet) | 63 | if (!arg_quiet) |
| 64 | printf("Blacklist violations are logged to syslog\n"); | 64 | printf("Blacklist violations are logged to syslog\n"); |
| 65 | } | 65 | } |
| 66 | if (arg_seccomp_postexec) { | ||
| 67 | fprintf(fp, "%s/libpostexecseccomp.so\n", prefix); | ||
| 68 | if (!arg_quiet) | ||
| 69 | printf("Post-exec seccomp protector enabled\n"); | ||
| 70 | } | ||
| 66 | 71 | ||
| 67 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 72 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); |
| 68 | fclose(fp); | 73 | fclose(fp); |