Allow exceptions to seccomp lists

Prefix ! can be used to make exceptions to system call blacklists and whitelists used by seccomp, seccomp.drop and seccomp.keep. Closes #1366
author: Topi Miettinen <toiwoton@gmail.com> 2019-08-25 18:37:05 +0300
committer: Topi Miettinen <toiwoton@gmail.com> 2019-08-25 18:37:05 +0300
commit: 39f9b1a2229f8624f92bdcf823ef755c15e28de2 (patch)
tree: c15cdcdd4abbccfdfbed58764de45827ff2e503c /src/fseccomp/fseccomp.h
parent: Merge pull request #2921 from rusty-snake/allow-common-devel.inc (diff)
download: firejail-39f9b1a2229f8624f92bdcf823ef755c15e28de2.tar.gz
firejail-39f9b1a2229f8624f92bdcf823ef755c15e28de2.tar.zst
firejail-39f9b1a2229f8624f92bdcf823ef755c15e28de2.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/fseccomp/fseccomp.h b/src/fseccomp/fseccomp.h
index 593963e76..e1579d098 100644
--- a/src/fseccomp/fseccomp.h
+++ b/src/fseccomp/fseccomp.h
@@ -52,7 +52,9 @@ void seccomp_secondary_block(const char *fname);
 void write_to_file(int fd, const void *data, int size);
 void filter_init(int fd);
 void filter_add_whitelist(int fd, int syscall, int arg, void *ptrarg);
+void filter_add_whitelist_for_excluded(int fd, int syscall, int arg, void *ptrarg);
 void filter_add_blacklist(int fd, int syscall, int arg, void *ptrarg);
+void filter_add_blacklist_for_excluded(int fd, int syscall, int arg, void *ptrarg);
 void filter_add_errno(int fd, int syscall, int arg, void *ptrarg);
 void filter_end_blacklist(int fd);
 void filter_end_whitelist(int fd);
author	Topi Miettinen <toiwoton@gmail.com>	2019-08-25 18:37:05 +0300
committer	Topi Miettinen <toiwoton@gmail.com>	2019-08-25 18:37:05 +0300
commit	39f9b1a2229f8624f92bdcf823ef755c15e28de2 (patch)
tree	c15cdcdd4abbccfdfbed58764de45827ff2e503c /src/fseccomp/fseccomp.h
parent	Merge pull request #2921 from rusty-snake/allow-common-devel.inc (diff)
download	firejail-39f9b1a2229f8624f92bdcf823ef755c15e28de2.tar.gz firejail-39f9b1a2229f8624f92bdcf823ef755c15e28de2.tar.zst firejail-39f9b1a2229f8624f92bdcf823ef755c15e28de2.zip