diff options
| author |  Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-02-10 04:47:11 -0300 |
|---|---|---|
| committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2024-02-27 22:27:46 -0300 |
| commit | 9cfeb485eb158217e644955bddc42e3bcf42ccbb (patch) | |
| tree | f15092bed9d126ea3e651726e7215c8b7ee4c4ae /src/zsh_completion/_firejail.in | |
| parent | landlock: add _fs prefix to filesystem functions (diff) | |
| download | firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.tar.gz firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.tar.zst firejail-9cfeb485eb158217e644955bddc42e3bcf42ccbb.zip | |
landlock: use "landlock.fs." prefix in filesystem commands
Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.
So use `landlock.fs.` as the prefix in the current filesystem-related
commands (and later `landlock.net.` for the network-related commands) to
keep them organized and to match what is used in the kernel.
Examples of filesystem and network access flags:
* `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file.
* `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content.
* `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port.
* `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a
remote port.
Relates to #6078.
Diffstat (limited to 'src/zsh_completion/_firejail.in')
| -rw-r--r-- | src/zsh_completion/_firejail.in | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in index 45f24d5f3..15e9a5111 100644 --- a/src/zsh_completion/_firejail.in +++ b/src/zsh_completion/_firejail.in | |||
| @@ -108,11 +108,11 @@ _firejail_args=( | |||
| 108 | '--keep-var-tmp[/var/tmp directory is untouched]' | 108 | '--keep-var-tmp[/var/tmp directory is untouched]' |
| 109 | #ifdef HAVE_LANDLOCK | 109 | #ifdef HAVE_LANDLOCK |
| 110 | '--landlock.enforce[enforce the Landlock ruleset]' | 110 | '--landlock.enforce[enforce the Landlock ruleset]' |
| 111 | '--landlock.read=-[add a read access rule for the path to the Landlock ruleset]: :_files' | 111 | '--landlock.fs.read=-[add a read access rule for the path to the Landlock ruleset]: :_files' |
| 112 | '--landlock.write=-[add a write access rule for the path to the Landlock ruleset]: :_files' | 112 | '--landlock.fs.write=-[add a write access rule for the path to the Landlock ruleset]: :_files' |
| 113 | '--landlock.makeipc=-[add an access rule for the path to the Landlock ruleset for creating named pipes and sockets]: :_files' | 113 | '--landlock.fs.makeipc=-[add an access rule for the path to the Landlock ruleset for creating named pipes and sockets]: :_files' |
| 114 | '--landlock.makedev=-[add an access rule for the path to the Landlock ruleset for creating block/char devices]: :_files' | 114 | '--landlock.fs.makedev=-[add an access rule for the path to the Landlock ruleset for creating block/char devices]: :_files' |
| 115 | '--landlock.execute=-[add an execute access rule for the path to the Landlock ruleset]: :_files' | 115 | '--landlock.fs.execute=-[add an execute access rule for the path to the Landlock ruleset]: :_files' |
| 116 | #endif | 116 | #endif |
| 117 | '--machine-id[spoof /etc/machine-id with a random id]' | 117 | '--machine-id[spoof /etc/machine-id with a random id]' |
| 118 | '--memory-deny-write-execute[seccomp filter to block attempts to create memory mappings that are both writable and executable]' | 118 | '--memory-deny-write-execute[seccomp filter to block attempts to create memory mappings that are both writable and executable]' |