feature: use seccomp filters build at install time for --restrict-namespaces

author: netblue30 <netblue30@protonmail.com> 2023-07-12 09:31:49 -0400
committer: netblue30 <netblue30@protonmail.com> 2023-07-12 09:31:49 -0400
commit: 6fa19aab98b0b350c3a77c5f614f1b781760ab53 (patch)
tree: ab1d666b58ce79cad607324ac7869ece36ecae91 /src/include
parent: fix server.profile (diff)
download: firejail-6fa19aab98b0b350c3a77c5f614f1b781760ab53.tar.gz
firejail-6fa19aab98b0b350c3a77c5f614f1b781760ab53.tar.zst
firejail-6fa19aab98b0b350c3a77c5f614f1b781760ab53.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/include/rundefs.h b/src/include/rundefs.h
index 7fc0f21f3..d36851a4e 100644
--- a/src/include/rundefs.h
+++ b/src/include/rundefs.h
@@ -79,6 +79,8 @@
 #define PATH_SECCOMP_DEBUG_32           LIBDIR "/firejail/seccomp.debug32"              // 32bit arch debug filter built during make
 #define PATH_SECCOMP_MDWX               LIBDIR "/firejail/seccomp.mdwx"                 // filter for memory-deny-write-execute built during make
 #define PATH_SECCOMP_MDWX_32            LIBDIR "/firejail/seccomp.mdwx.32"
+#define PATH_SECCOMP_NAMESPACES LIBDIR "/firejail/seccomp.namespaces"   // filter for restrict-namespaces
+#define PATH_SECCOMP_NAMESPACES_32      LIBDIR "/firejail/seccomp.namespaces.32"
 #define PATH_SECCOMP_BLOCK_SECONDARY    LIBDIR "/firejail/seccomp.block_secondary"      // secondary arch blocking filter built during make
 #define RUN_DEV_DIR                     RUN_MNT_DIR "/dev"
author	netblue30 <netblue30@protonmail.com>	2023-07-12 09:31:49 -0400
committer	netblue30 <netblue30@protonmail.com>	2023-07-12 09:31:49 -0400
commit	6fa19aab98b0b350c3a77c5f614f1b781760ab53 (patch)
tree	ab1d666b58ce79cad607324ac7869ece36ecae91 /src/include
parent	fix server.profile (diff)
download	firejail-6fa19aab98b0b350c3a77c5f614f1b781760ab53.tar.gz firejail-6fa19aab98b0b350c3a77c5f614f1b781760ab53.tar.zst firejail-6fa19aab98b0b350c3a77c5f614f1b781760ab53.zip

diff --git a/src/include/rundefs.h b/src/include/rundefs.h index 7fc0f21f3..d36851a4e 100644 --- a/src/include/rundefs.h +++ b/src/include/rundefs.h
@@ -79,6 +79,8 @@
79	#define PATH_SECCOMP_DEBUG_32 LIBDIR "/firejail/seccomp.debug32" // 32bit arch debug filter built during make	79	#define PATH_SECCOMP_DEBUG_32 LIBDIR "/firejail/seccomp.debug32" // 32bit arch debug filter built during make
80	#define PATH_SECCOMP_MDWX LIBDIR "/firejail/seccomp.mdwx" // filter for memory-deny-write-execute built during make	80	#define PATH_SECCOMP_MDWX LIBDIR "/firejail/seccomp.mdwx" // filter for memory-deny-write-execute built during make
81	#define PATH_SECCOMP_MDWX_32 LIBDIR "/firejail/seccomp.mdwx.32"	81	#define PATH_SECCOMP_MDWX_32 LIBDIR "/firejail/seccomp.mdwx.32"
		82	#define PATH_SECCOMP_NAMESPACES LIBDIR "/firejail/seccomp.namespaces" // filter for restrict-namespaces
		83	#define PATH_SECCOMP_NAMESPACES_32 LIBDIR "/firejail/seccomp.namespaces.32"
82	#define PATH_SECCOMP_BLOCK_SECONDARY LIBDIR "/firejail/seccomp.block_secondary" // secondary arch blocking filter built during make	84	#define PATH_SECCOMP_BLOCK_SECONDARY LIBDIR "/firejail/seccomp.block_secondary" // secondary arch blocking filter built during make
83		85
84	#define RUN_DEV_DIR RUN_MNT_DIR "/dev"	86	#define RUN_DEV_DIR RUN_MNT_DIR "/dev"