diff options
author | netblue30 <netblue30@protonmail.com> | 2022-08-29 08:44:41 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-08-29 08:44:41 -0400 |
commit | 54cb3e741e972c754e595d56de0bca0792299f83 (patch) | |
tree | 60ec6ead9fa5931c350b6a8724bf3c08c443929f /src/zsh_completion/_firejail.in | |
parent | merges, fixed lbry-viewer as suggested (diff) | |
parent | tinyLL has been removed as it's no longer needed (diff) | |
download | firejail-54cb3e741e972c754e595d56de0bca0792299f83.tar.gz firejail-54cb3e741e972c754e595d56de0bca0792299f83.tar.zst firejail-54cb3e741e972c754e595d56de0bca0792299f83.zip |
Merge pull request #5315 from ChrysoliteAzalea/landlock
Add Landlock support to Firejail
Diffstat (limited to 'src/zsh_completion/_firejail.in')
-rw-r--r-- | src/zsh_completion/_firejail.in | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in index 2b67c2a00..ed7337762 100644 --- a/src/zsh_completion/_firejail.in +++ b/src/zsh_completion/_firejail.in | |||
@@ -105,6 +105,12 @@ _firejail_args=( | |||
105 | '--keep-dev-shm[/dev/shm directory is untouched (even with --private-dev)]' | 105 | '--keep-dev-shm[/dev/shm directory is untouched (even with --private-dev)]' |
106 | '--keep-fd[inherit open file descriptors to sandbox]: :' | 106 | '--keep-fd[inherit open file descriptors to sandbox]: :' |
107 | '--keep-var-tmp[/var/tmp directory is untouched]' | 107 | '--keep-var-tmp[/var/tmp directory is untouched]' |
108 | '--landlock[Basic Landlock ruleset]' | ||
109 | '--landlock.proc=-[Access to the /proc directory]: :(no ro rw)' | ||
110 | '--landlock.read=-[Landlock read access rule]: :_files' | ||
111 | '--landlock.write=-[Landlock write access rule]: :_files' | ||
112 | "--landlock.special=-[Landlock access rule for creation of FIFO pipes, sockets and block devices]: :_files" | ||
113 | '--landlock.execute=-[Landlock execution-permitting rule]: :_files' | ||
108 | '--machine-id[spoof /etc/machine-id with a random id]' | 114 | '--machine-id[spoof /etc/machine-id with a random id]' |
109 | '--memory-deny-write-execute[seccomp filter to block attempts to create memory mappings that are both writable and executable]' | 115 | '--memory-deny-write-execute[seccomp filter to block attempts to create memory mappings that are both writable and executable]' |
110 | '*--mkdir=-[create a directory]:' | 116 | '*--mkdir=-[create a directory]:' |