diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2017-07-29 19:53:27 +0300 |
---|---|---|
committer | Topi Miettinen <topimiettinen@users.noreply.github.com> | 2017-07-30 16:48:16 +0000 |
commit | 53606495188a5cc16ea67e3b65561127a98925b3 (patch) | |
tree | 554c6e90c785ae015f8d784b593d9cdf75fde315 /src/fseccomp/main.c | |
parent | Improve loading of seccomp filter (diff) | |
download | firejail-53606495188a5cc16ea67e3b65561127a98925b3.tar.gz firejail-53606495188a5cc16ea67e3b65561127a98925b3.tar.zst firejail-53606495188a5cc16ea67e3b65561127a98925b3.zip |
Memory-deny-write-execute feature
Feature to block attempts to create writable and executable memory.
Diffstat (limited to 'src/fseccomp/main.c')
-rw-r--r-- | src/fseccomp/main.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index e322b5bbb..3d95d5bb2 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c | |||
@@ -35,6 +35,7 @@ static void usage(void) { | |||
35 | printf("\tfseccomp default drop file list\n"); | 35 | printf("\tfseccomp default drop file list\n"); |
36 | printf("\tfseccomp default drop file list allow-debuggers\n"); | 36 | printf("\tfseccomp default drop file list allow-debuggers\n"); |
37 | printf("\tfseccomp keep file list\n"); | 37 | printf("\tfseccomp keep file list\n"); |
38 | printf("\tfseccomp memory-deny-write-execute file\n"); | ||
38 | printf("\tfseccomp print file\n"); | 39 | printf("\tfseccomp print file\n"); |
39 | } | 40 | } |
40 | 41 | ||
@@ -87,6 +88,8 @@ printf("\n"); | |||
87 | seccomp_default_drop(argv[3], argv[4], 1); | 88 | seccomp_default_drop(argv[3], argv[4], 1); |
88 | else if (argc == 4 && strcmp(argv[1], "keep") == 0) | 89 | else if (argc == 4 && strcmp(argv[1], "keep") == 0) |
89 | seccomp_keep(argv[2], argv[3]); | 90 | seccomp_keep(argv[2], argv[3]); |
91 | else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute") == 0) | ||
92 | memory_deny_write_execute(argv[2]); | ||
90 | else if (argc == 3 && strcmp(argv[1], "print") == 0) | 93 | else if (argc == 3 && strcmp(argv[1], "print") == 0) |
91 | filter_print(argv[2]); | 94 | filter_print(argv[2]); |
92 | else { | 95 | else { |