diff options
author | smitsohu <smitsohu@gmail.com> | 2022-07-19 15:19:24 +0200 |
---|---|---|
committer | smitsohu <smitsohu@gmail.com> | 2022-07-23 16:21:14 +0200 |
commit | 87afef810c2dfbf67420dc76a67c707fbb7353db (patch) | |
tree | d44aed25d9c050967eb6abe31b4081c0956f4a74 /src/fseccomp/main.c | |
parent | protocol filter: add x32 ABI handling (diff) | |
download | firejail-87afef810c2dfbf67420dc76a67c707fbb7353db.tar.gz firejail-87afef810c2dfbf67420dc76a67c707fbb7353db.tar.zst firejail-87afef810c2dfbf67420dc76a67c707fbb7353db.zip |
introduce new option restrict-namespaces
Diffstat (limited to 'src/fseccomp/main.c')
-rw-r--r-- | src/fseccomp/main.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/fseccomp/main.c b/src/fseccomp/main.c index 48665ab71..01d7dd8cf 100644 --- a/src/fseccomp/main.c +++ b/src/fseccomp/main.c | |||
@@ -48,6 +48,8 @@ static void usage(void) { | |||
48 | printf("\tfseccomp keep32 file1 file2 list\n"); | 48 | printf("\tfseccomp keep32 file1 file2 list\n"); |
49 | printf("\tfseccomp memory-deny-write-execute file\n"); | 49 | printf("\tfseccomp memory-deny-write-execute file\n"); |
50 | printf("\tfseccomp memory-deny-write-execute.32 file\n"); | 50 | printf("\tfseccomp memory-deny-write-execute.32 file\n"); |
51 | printf("\tfseccomp restrict-namespaces file list\n"); | ||
52 | printf("\tfseccomp restrict-namespaces.32 file list\n"); | ||
51 | } | 53 | } |
52 | 54 | ||
53 | int main(int argc, char **argv) { | 55 | int main(int argc, char **argv) { |
@@ -135,6 +137,10 @@ printf("\n"); | |||
135 | memory_deny_write_execute(argv[2]); | 137 | memory_deny_write_execute(argv[2]); |
136 | else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute.32") == 0) | 138 | else if (argc == 3 && strcmp(argv[1], "memory-deny-write-execute.32") == 0) |
137 | memory_deny_write_execute_32(argv[2]); | 139 | memory_deny_write_execute_32(argv[2]); |
140 | else if (argc == 4 && strcmp(argv[1], "restrict-namespaces") == 0) | ||
141 | deny_ns(argv[2], argv[3]); | ||
142 | else if (argc == 4 && strcmp(argv[1], "restrict-namespaces.32") == 0) | ||
143 | deny_ns_32(argv[2], argv[3]); | ||
138 | else { | 144 | else { |
139 | fprintf(stderr, "Error fseccomp: invalid arguments\n"); | 145 | fprintf(stderr, "Error fseccomp: invalid arguments\n"); |
140 | return 1; | 146 | return 1; |