aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/firejail/sbox.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/src/firejail/sbox.c b/src/firejail/sbox.c
index ce43b4832..59b74ec5c 100644
--- a/src/firejail/sbox.c
+++ b/src/firejail/sbox.c
@@ -132,6 +132,24 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char *
132#ifdef SYS_umount2 132#ifdef SYS_umount2
133 BLACKLIST(SYS_umount2), 133 BLACKLIST(SYS_umount2),
134#endif 134#endif
135#ifdef SYS_fsopen
136 BLACKLIST(SYS_fsopen), // mount syscalls introduced 2019
137#endif
138#ifdef SYS_fsconfig
139 BLACKLIST(SYS_fsconfig),
140#endif
141#ifdef SYS_fsmount
142 BLACKLIST(SYS_fsmount),
143#endif
144#ifdef SYS_move_mount
145 BLACKLIST(SYS_move_mount),
146#endif
147#ifdef SYS_fspick
148 BLACKLIST(SYS_fspick),
149#endif
150#ifdef SYS_open_tree
151 BLACKLIST(SYS_open_tree),
152#endif
135#ifdef SYS_ptrace 153#ifdef SYS_ptrace
136 BLACKLIST(SYS_ptrace), // trace processes 154 BLACKLIST(SYS_ptrace), // trace processes
137#endif 155#endif
@@ -186,6 +204,9 @@ static int __attribute__((noreturn)) sbox_do_exec_v(unsigned filtermask, char *
186#ifdef SYS_syslog 204#ifdef SYS_syslog
187 BLACKLIST(SYS_syslog), // kernel printk control 205 BLACKLIST(SYS_syslog), // kernel printk control
188#endif 206#endif
207#ifdef SYS_personality
208 BLACKLIST(SYS_personality), // execution domain
209#endif
189 RETURN_ALLOW 210 RETURN_ALLOW
190 }; 211 };
191 212