diff options
author | 2017-08-13 14:07:31 +0300 | |
---|---|---|
committer | 2017-08-13 17:31:07 +0300 | |
commit | 63e9d849f662d1a494c6396d4a439cd4c91dfa7e (patch) | |
tree | 703cc8c9c0eb5b9e528f025961df7f322f797737 /src/firejail/fs_trace.c | |
parent | merges (diff) | |
download | firejail-63e9d849f662d1a494c6396d4a439cd4c91dfa7e.tar.gz firejail-63e9d849f662d1a494c6396d4a439cd4c91dfa7e.tar.zst firejail-63e9d849f662d1a494c6396d4a439cd4c91dfa7e.zip |
Allow any syscall to be blacklisted (#1447)
Allow any syscall to be blacklisted with aid of LD_PRELOAD library,
libpostexecseccomp.so.
Closes: #1447
Diffstat (limited to 'src/firejail/fs_trace.c')
-rw-r--r-- | src/firejail/fs_trace.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index df76f4fe1..c87d29b5c 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
@@ -63,6 +63,11 @@ void fs_trace(void) { | |||
63 | if (!arg_quiet) | 63 | if (!arg_quiet) |
64 | printf("Blacklist violations are logged to syslog\n"); | 64 | printf("Blacklist violations are logged to syslog\n"); |
65 | } | 65 | } |
66 | if (arg_seccomp_postexec) { | ||
67 | fprintf(fp, "%s/libpostexecseccomp.so\n", prefix); | ||
68 | if (!arg_quiet) | ||
69 | printf("Post-exec seccomp protector enabled\n"); | ||
70 | } | ||
66 | 71 | ||
67 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 72 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); |
68 | fclose(fp); | 73 | fclose(fp); |