diff options
-rw-r--r-- | src/firejail/firejail.h | 10 | ||||
-rw-r--r-- | src/firejail/landlock.c | 20 | ||||
-rw-r--r-- | src/firejail/main.c | 10 | ||||
-rw-r--r-- | src/firejail/profile.c | 10 |
4 files changed, 25 insertions, 25 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2122649cf..4e018476e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -152,11 +152,11 @@ typedef struct profile_entry_t { | |||
152 | 152 | ||
153 | typedef struct landlock_entry_t { | 153 | typedef struct landlock_entry_t { |
154 | struct landlock_entry_t *next; | 154 | struct landlock_entry_t *next; |
155 | #define LL_READ 0 | 155 | #define LL_FS_READ 0 |
156 | #define LL_WRITE 1 | 156 | #define LL_FS_WRITE 1 |
157 | #define LL_MAKEIPC 2 | 157 | #define LL_FS_MAKEIPC 2 |
158 | #define LL_MAKEDEV 3 | 158 | #define LL_FS_MAKEDEV 3 |
159 | #define LL_EXEC 4 | 159 | #define LL_FS_EXEC 4 |
160 | #define LL_MAX 5 | 160 | #define LL_MAX 5 |
161 | int type; | 161 | int type; |
162 | char *data; | 162 | char *data; |
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index ce222624b..453ad8f10 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c | |||
@@ -174,7 +174,7 @@ static void ll_fs(const char *allowed_path, const __u64 allowed_access, | |||
174 | free(expanded_path); | 174 | free(expanded_path); |
175 | } | 175 | } |
176 | 176 | ||
177 | static void ll_read(const char *allowed_path) { | 177 | static void ll_fs_read(const char *allowed_path) { |
178 | __u64 allowed_access = | 178 | __u64 allowed_access = |
179 | LANDLOCK_ACCESS_FS_READ_DIR | | 179 | LANDLOCK_ACCESS_FS_READ_DIR | |
180 | LANDLOCK_ACCESS_FS_READ_FILE; | 180 | LANDLOCK_ACCESS_FS_READ_FILE; |
@@ -182,7 +182,7 @@ static void ll_read(const char *allowed_path) { | |||
182 | ll_fs(allowed_path, allowed_access, __func__); | 182 | ll_fs(allowed_path, allowed_access, __func__); |
183 | } | 183 | } |
184 | 184 | ||
185 | static void ll_write(const char *allowed_path) { | 185 | static void ll_fs_write(const char *allowed_path) { |
186 | __u64 allowed_access = | 186 | __u64 allowed_access = |
187 | LANDLOCK_ACCESS_FS_MAKE_DIR | | 187 | LANDLOCK_ACCESS_FS_MAKE_DIR | |
188 | LANDLOCK_ACCESS_FS_MAKE_REG | | 188 | LANDLOCK_ACCESS_FS_MAKE_REG | |
@@ -194,7 +194,7 @@ static void ll_write(const char *allowed_path) { | |||
194 | ll_fs(allowed_path, allowed_access, __func__); | 194 | ll_fs(allowed_path, allowed_access, __func__); |
195 | } | 195 | } |
196 | 196 | ||
197 | static void ll_makeipc(const char *allowed_path) { | 197 | static void ll_fs_makeipc(const char *allowed_path) { |
198 | __u64 allowed_access = | 198 | __u64 allowed_access = |
199 | LANDLOCK_ACCESS_FS_MAKE_FIFO | | 199 | LANDLOCK_ACCESS_FS_MAKE_FIFO | |
200 | LANDLOCK_ACCESS_FS_MAKE_SOCK; | 200 | LANDLOCK_ACCESS_FS_MAKE_SOCK; |
@@ -202,7 +202,7 @@ static void ll_makeipc(const char *allowed_path) { | |||
202 | ll_fs(allowed_path, allowed_access, __func__); | 202 | ll_fs(allowed_path, allowed_access, __func__); |
203 | } | 203 | } |
204 | 204 | ||
205 | static void ll_makedev(const char *allowed_path) { | 205 | static void ll_fs_makedev(const char *allowed_path) { |
206 | __u64 allowed_access = | 206 | __u64 allowed_access = |
207 | LANDLOCK_ACCESS_FS_MAKE_BLOCK | | 207 | LANDLOCK_ACCESS_FS_MAKE_BLOCK | |
208 | LANDLOCK_ACCESS_FS_MAKE_CHAR; | 208 | LANDLOCK_ACCESS_FS_MAKE_CHAR; |
@@ -210,7 +210,7 @@ static void ll_makedev(const char *allowed_path) { | |||
210 | ll_fs(allowed_path, allowed_access, __func__); | 210 | ll_fs(allowed_path, allowed_access, __func__); |
211 | } | 211 | } |
212 | 212 | ||
213 | static void ll_exec(const char *allowed_path) { | 213 | static void ll_fs_exec(const char *allowed_path) { |
214 | __u64 allowed_access = | 214 | __u64 allowed_access = |
215 | LANDLOCK_ACCESS_FS_EXECUTE; | 215 | LANDLOCK_ACCESS_FS_EXECUTE; |
216 | 216 | ||
@@ -227,11 +227,11 @@ int ll_restrict(uint32_t flags) { | |||
227 | fprintf(stderr, "%s: Starting Landlock restrict\n", __func__); | 227 | fprintf(stderr, "%s: Starting Landlock restrict\n", __func__); |
228 | 228 | ||
229 | void (*fnc[])(const char *) = { | 229 | void (*fnc[])(const char *) = { |
230 | ll_read, | 230 | ll_fs_read, |
231 | ll_write, | 231 | ll_fs_write, |
232 | ll_makeipc, | 232 | ll_fs_makeipc, |
233 | ll_makedev, | 233 | ll_fs_makedev, |
234 | ll_exec, | 234 | ll_fs_exec, |
235 | NULL | 235 | NULL |
236 | }; | 236 | }; |
237 | 237 | ||
diff --git a/src/firejail/main.c b/src/firejail/main.c index 4d8ea20c3..0d56eeb55 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -1506,15 +1506,15 @@ int main(int argc, char **argv, char **envp) { | |||
1506 | else if (strncmp(argv[i], "--landlock.enforce", 18) == 0) | 1506 | else if (strncmp(argv[i], "--landlock.enforce", 18) == 0) |
1507 | arg_landlock_enforce = 1; | 1507 | arg_landlock_enforce = 1; |
1508 | else if (strncmp(argv[i], "--landlock.read=", 16) == 0) | 1508 | else if (strncmp(argv[i], "--landlock.read=", 16) == 0) |
1509 | ll_add_profile(LL_READ, argv[i] + 16); | 1509 | ll_add_profile(LL_FS_READ, argv[i] + 16); |
1510 | else if (strncmp(argv[i], "--landlock.write=", 17) == 0) | 1510 | else if (strncmp(argv[i], "--landlock.write=", 17) == 0) |
1511 | ll_add_profile(LL_WRITE, argv[i] + 17); | 1511 | ll_add_profile(LL_FS_WRITE, argv[i] + 17); |
1512 | else if (strncmp(argv[i], "--landlock.makeipc=", 19) == 0) | 1512 | else if (strncmp(argv[i], "--landlock.makeipc=", 19) == 0) |
1513 | ll_add_profile(LL_MAKEIPC, argv[i] + 19); | 1513 | ll_add_profile(LL_FS_MAKEIPC, argv[i] + 19); |
1514 | else if (strncmp(argv[i], "--landlock.makedev=", 19) == 0) | 1514 | else if (strncmp(argv[i], "--landlock.makedev=", 19) == 0) |
1515 | ll_add_profile(LL_MAKEDEV, argv[i] + 19); | 1515 | ll_add_profile(LL_FS_MAKEDEV, argv[i] + 19); |
1516 | else if (strncmp(argv[i], "--landlock.execute=", 19) == 0) | 1516 | else if (strncmp(argv[i], "--landlock.execute=", 19) == 0) |
1517 | ll_add_profile(LL_EXEC, argv[i] + 19); | 1517 | ll_add_profile(LL_FS_EXEC, argv[i] + 19); |
1518 | #endif | 1518 | #endif |
1519 | else if (strcmp(argv[i], "--memory-deny-write-execute") == 0) { | 1519 | else if (strcmp(argv[i], "--memory-deny-write-execute") == 0) { |
1520 | if (checkcfg(CFG_SECCOMP)) | 1520 | if (checkcfg(CFG_SECCOMP)) |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index a5a8393e9..945ed518e 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -1079,23 +1079,23 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
1079 | return 0; | 1079 | return 0; |
1080 | } | 1080 | } |
1081 | if (strncmp(ptr, "landlock.read ", 14) == 0) { | 1081 | if (strncmp(ptr, "landlock.read ", 14) == 0) { |
1082 | ll_add_profile(LL_READ, ptr + 14); | 1082 | ll_add_profile(LL_FS_READ, ptr + 14); |
1083 | return 0; | 1083 | return 0; |
1084 | } | 1084 | } |
1085 | if (strncmp(ptr, "landlock.write ", 15) == 0) { | 1085 | if (strncmp(ptr, "landlock.write ", 15) == 0) { |
1086 | ll_add_profile(LL_WRITE, ptr + 15); | 1086 | ll_add_profile(LL_FS_WRITE, ptr + 15); |
1087 | return 0; | 1087 | return 0; |
1088 | } | 1088 | } |
1089 | if (strncmp(ptr, "landlock.makeipc ", 17) == 0) { | 1089 | if (strncmp(ptr, "landlock.makeipc ", 17) == 0) { |
1090 | ll_add_profile(LL_MAKEIPC, ptr + 17); | 1090 | ll_add_profile(LL_FS_MAKEIPC, ptr + 17); |
1091 | return 0; | 1091 | return 0; |
1092 | } | 1092 | } |
1093 | if (strncmp(ptr, "landlock.makedev ", 17) == 0) { | 1093 | if (strncmp(ptr, "landlock.makedev ", 17) == 0) { |
1094 | ll_add_profile(LL_MAKEDEV, ptr + 17); | 1094 | ll_add_profile(LL_FS_MAKEDEV, ptr + 17); |
1095 | return 0; | 1095 | return 0; |
1096 | } | 1096 | } |
1097 | if (strncmp(ptr, "landlock.execute ", 17) == 0) { | 1097 | if (strncmp(ptr, "landlock.execute ", 17) == 0) { |
1098 | ll_add_profile(LL_EXEC, ptr + 17); | 1098 | ll_add_profile(LL_FS_EXEC, ptr + 17); |
1099 | return 0; | 1099 | return 0; |
1100 | } | 1100 | } |
1101 | #endif | 1101 | #endif |