aboutsummaryrefslogtreecommitdiffstats
path: root/etc/inc/landlock-common.inc
diff options
context:
space:
mode:
Diffstat (limited to 'etc/inc/landlock-common.inc')
-rw-r--r--etc/inc/landlock-common.inc39
1 files changed, 39 insertions, 0 deletions
diff --git a/etc/inc/landlock-common.inc b/etc/inc/landlock-common.inc
new file mode 100644
index 000000000..ebe9f98dc
--- /dev/null
+++ b/etc/inc/landlock-common.inc
@@ -0,0 +1,39 @@
1# This file is overwritten during software install.
2# Persistent customizations should go in a .local file.
3include landlock-common.local
4
5landlock.read / # whole system read
6landlock.read /proc
7landlock.special / # sockets etc.
8
9# write access
10landlock.write ${HOME}
11landlock.write ${RUNUSER}
12landlock.write /dev
13landlock.write /proc
14landlock.write /run/shm
15landlock.write /tmp
16
17# exec access
18## misc
19landlock.execute /opt
20landlock.execute /run/firejail # appimage and various firejail features
21## bin
22landlock.execute /bin
23landlock.execute /sbin
24landlock.execute /usr/bin
25landlock.execute /usr/sbin
26landlock.execute /usr/games
27landlock.execute /usr/local/bin
28landlock.execute /usr/local/sbin
29landlock.execute /usr/local/games
30## lib
31landlock.execute /lib
32landlock.execute /lib32
33landlock.execute /libx32
34landlock.execute /lib64
35landlock.execute /usr/lib
36landlock.execute /usr/lib32
37landlock.execute /usr/libx32
38landlock.execute /usr/lib64
39landlock.execute /usr/local/lib
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 18:15:03 +0000