diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-02-10 04:47:11 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-02-27 22:27:46 -0300 |
commit | 9cfeb485eb158217e644955bddc42e3bcf42ccbb (patch) | |
tree | f15092bed9d126ea3e651726e7215c8b7ee4c4ae /src/man/firejail.1.in | |
parent | landlock: add _fs prefix to filesystem functions (diff) | |
download | firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.tar.gz firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.tar.zst firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.zip |
landlock: use "landlock.fs." prefix in filesystem commands
Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.
So use `landlock.fs.` as the prefix in the current filesystem-related
commands (and later `landlock.net.` for the network-related commands) to
keep them organized and to match what is used in the kernel.
Examples of filesystem and network access flags:
* `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file.
* `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content.
* `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port.
* `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a
remote port.
Relates to #6078.
Diffstat (limited to 'src/man/firejail.1.in')
-rw-r--r-- | src/man/firejail.1.in | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/man/firejail.1.in b/src/man/firejail.1.in index 6548b8e5d..618b4955e 100644 --- a/src/man/firejail.1.in +++ b/src/man/firejail.1.in | |||
@@ -1241,25 +1241,25 @@ Enforce the Landlock ruleset. | |||
1241 | Without it, the other Landlock commands have no effect. | 1241 | Without it, the other Landlock commands have no effect. |
1242 | See the \fBLANDLOCK\fR section for more information. | 1242 | See the \fBLANDLOCK\fR section for more information. |
1243 | .TP | 1243 | .TP |
1244 | \fB\-\-landlock.read=path | 1244 | \fB\-\-landlock.fs.read=path |
1245 | Create a Landlock ruleset (if it doesn't already exist) and add a read access | 1245 | Create a Landlock ruleset (if it doesn't already exist) and add a read access |
1246 | rule for path. | 1246 | rule for path. |
1247 | .TP | 1247 | .TP |
1248 | \fB\-\-landlock.write=path | 1248 | \fB\-\-landlock.fs.write=path |
1249 | Create a Landlock ruleset (if it doesn't already exist) and add a write access | 1249 | Create a Landlock ruleset (if it doesn't already exist) and add a write access |
1250 | rule for path. | 1250 | rule for path. |
1251 | .TP | 1251 | .TP |
1252 | \fB\-\-landlock.makeipc=path | 1252 | \fB\-\-landlock.fs.makeipc=path |
1253 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that | 1253 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that |
1254 | allows the creation of named pipes (FIFOs) and Unix domain sockets beneath | 1254 | allows the creation of named pipes (FIFOs) and Unix domain sockets beneath |
1255 | the given path. | 1255 | the given path. |
1256 | .TP | 1256 | .TP |
1257 | \fB\-\-landlock.makedev=path | 1257 | \fB\-\-landlock.fs.makedev=path |
1258 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that | 1258 | Create a Landlock ruleset (if it doesn't already exist) and add a rule that |
1259 | allows the creation of block devices and character devices beneath the given | 1259 | allows the creation of block devices and character devices beneath the given |
1260 | path. | 1260 | path. |
1261 | .TP | 1261 | .TP |
1262 | \fB\-\-landlock.execute=path | 1262 | \fB\-\-landlock.fs.execute=path |
1263 | Create a Landlock ruleset (if it doesn't already exist) and add an execution | 1263 | Create a Landlock ruleset (if it doesn't already exist) and add an execution |
1264 | permission rule for path. | 1264 | permission rule for path. |
1265 | .br | 1265 | .br |
@@ -1267,8 +1267,8 @@ permission rule for path. | |||
1267 | .br | 1267 | .br |
1268 | Example: | 1268 | Example: |
1269 | .br | 1269 | .br |
1270 | $ firejail \-\-landlock.read=/ \-\-landlock.write=/home | 1270 | $ firejail \-\-landlock.fs.read=/ \-\-landlock.fs.write=/home |
1271 | \-\-landlock.execute=/usr \-\-landlock.enforce | 1271 | \-\-landlock.fs.execute=/usr \-\-landlock.enforce |
1272 | #endif | 1272 | #endif |
1273 | .TP | 1273 | .TP |
1274 | \fB\-\-list | 1274 | \fB\-\-list |
@@ -3404,7 +3404,7 @@ features, pass \fB\-\-landlock.enforce\fR flag to Firejail command line. | |||
3404 | Without it, the other Landlock commands have no effect. | 3404 | Without it, the other Landlock commands have no effect. |
3405 | Example: | 3405 | Example: |
3406 | .PP | 3406 | .PP |
3407 | $ firejail \-\-landlock.enforce \-\-landlock.read=/media mc | 3407 | $ firejail \-\-landlock.enforce \-\-landlock.fs.read=/media mc |
3408 | .PP | 3408 | .PP |
3409 | To disable Landlock self-restriction, use \fB\-\-ignore=landlock.enforce\fR. | 3409 | To disable Landlock self-restriction, use \fB\-\-ignore=landlock.enforce\fR. |
3410 | #endif | 3410 | #endif |