diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 23:22:38 +0300 |
---|---|---|
committer | Topi Miettinen <toiwoton@gmail.com> | 2017-08-19 23:33:11 +0300 |
commit | d01216de45884300c87e7d3ccb70e53ebb461449 (patch) | |
tree | 480519f5849df4c6048a7f62ec97f96e51174c3e /src/fseccomp/fseccomp.h | |
parent | Merge update after #1483 (diff) | |
download | firejail-d01216de45884300c87e7d3ccb70e53ebb461449.tar.gz firejail-d01216de45884300c87e7d3ccb70e53ebb461449.tar.zst firejail-d01216de45884300c87e7d3ccb70e53ebb461449.zip |
Feature: switch/config option to block secondary architectures
Add a feature for a new (opt-in) command line switch and config file
option to block secondary architectures entirely. Also block changing
Linux execution domain with personality() system call for the primary
architecture.
Closes #1479
Diffstat (limited to 'src/fseccomp/fseccomp.h')
-rw-r--r-- | src/fseccomp/fseccomp.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h index 144b612ae..2deb282f5 100644 --- a/src/fseccomp/fseccomp.h +++ b/src/fseccomp/fseccomp.h | |||
@@ -46,6 +46,7 @@ void protocol_build_filter(const char *prlist, const char *fname); | |||
46 | // seccomp_secondary.c | 46 | // seccomp_secondary.c |
47 | void seccomp_secondary_64(const char *fname); | 47 | void seccomp_secondary_64(const char *fname); |
48 | void seccomp_secondary_32(const char *fname); | 48 | void seccomp_secondary_32(const char *fname); |
49 | void seccomp_secondary_block(const char *fname); | ||
49 | 50 | ||
50 | // seccomp_file.c | 51 | // seccomp_file.c |
51 | void write_to_file(int fd, const void *data, int size); | 52 | void write_to_file(int fd, const void *data, int size); |