diff options
author | 2023-10-26 10:21:40 -0400 | |
---|---|---|
committer | 2023-11-07 17:55:14 -0300 | |
commit | b94cc754a0f88ac5b594c52b6a1a3c88b622772c (patch) | |
tree | 50480635c337f305a8f8f2ed27f79cdc0e9b1d4e /src/firejail/main.c | |
parent | landlock: new filesystem for --landlock command (diff) | |
download | firejail-b94cc754a0f88ac5b594c52b6a1a3c88b622772c.tar.gz firejail-b94cc754a0f88ac5b594c52b6a1a3c88b622772c.tar.zst firejail-b94cc754a0f88ac5b594c52b6a1a3c88b622772c.zip |
landlock: apply rules in sandbox before app start
Apply rules in the sandbox thread before the application is started.
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r-- | src/firejail/main.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c index df31fe2ce..8715d9486 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1520,13 +1520,13 @@ int main(int argc, char **argv, char **envp) { | |||
1520 | } | 1520 | } |
1521 | } | 1521 | } |
1522 | else if (strncmp(argv[i], "--landlock.read=", 16) == 0) | 1522 | else if (strncmp(argv[i], "--landlock.read=", 16) == 0) |
1523 | ll_read(argv[i] + 16); | 1523 | ll_add_profile(argv[i] + 2); |
1524 | else if (strncmp(argv[i], "--landlock.write=", 17) == 0) | 1524 | else if (strncmp(argv[i], "--landlock.write=", 17) == 0) |
1525 | ll_write(argv[i] + 17); | 1525 | ll_add_profile(argv[i] + 2); |
1526 | else if (strncmp(argv[i], "--landlock.special=", 19) == 0) | 1526 | else if (strncmp(argv[i], "--landlock.special=", 19) == 0) |
1527 | ll_special(argv[i] + 19); | 1527 | ll_add_profile(argv[i] + 2); |
1528 | else if (strncmp(argv[i], "--landlock.execute=", 19) == 0) | 1528 | else if (strncmp(argv[i], "--landlock.execute=", 19) == 0) |
1529 | ll_exec(argv[i] + 19); | 1529 | ll_add_profile(argv[i] + 2); |
1530 | #endif | 1530 | #endif |
1531 | else if (strcmp(argv[i], "--memory-deny-write-execute") == 0) { | 1531 | else if (strcmp(argv[i], "--memory-deny-write-execute") == 0) { |
1532 | if (checkcfg(CFG_SECCOMP)) | 1532 | if (checkcfg(CFG_SECCOMP)) |