diff options
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/landlock-common.inc | 56 | ||||
-rw-r--r-- | etc/templates/profile.template | 10 |
2 files changed, 33 insertions, 33 deletions
diff --git a/etc/inc/landlock-common.inc b/etc/inc/landlock-common.inc index 694d447b5..e147963a6 100644 --- a/etc/inc/landlock-common.inc +++ b/etc/inc/landlock-common.inc | |||
@@ -2,38 +2,38 @@ | |||
2 | # Persistent customizations should go in a .local file. | 2 | # Persistent customizations should go in a .local file. |
3 | include landlock-common.local | 3 | include landlock-common.local |
4 | 4 | ||
5 | landlock.read / # whole system read | 5 | landlock.fs.read / # whole system read |
6 | landlock.read /proc | 6 | landlock.fs.read /proc |
7 | landlock.makeipc / # sockets etc. | 7 | landlock.fs.makeipc / # sockets etc. |
8 | 8 | ||
9 | # write access | 9 | # write access |
10 | landlock.write ${HOME} | 10 | landlock.fs.write ${HOME} |
11 | landlock.write ${RUNUSER} | 11 | landlock.fs.write ${RUNUSER} |
12 | landlock.write /dev | 12 | landlock.fs.write /dev |
13 | landlock.write /proc | 13 | landlock.fs.write /proc |
14 | landlock.write /run/shm | 14 | landlock.fs.write /run/shm |
15 | landlock.write /tmp | 15 | landlock.fs.write /tmp |
16 | 16 | ||
17 | # exec access | 17 | # exec access |
18 | ## misc | 18 | ## misc |
19 | landlock.execute /opt | 19 | landlock.fs.execute /opt |
20 | landlock.execute /run/firejail # appimage and various firejail features | 20 | landlock.fs.execute /run/firejail # appimage and various firejail features |
21 | ## bin | 21 | ## bin |
22 | landlock.execute /bin | 22 | landlock.fs.execute /bin |
23 | landlock.execute /sbin | 23 | landlock.fs.execute /sbin |
24 | landlock.execute /usr/bin | 24 | landlock.fs.execute /usr/bin |
25 | landlock.execute /usr/sbin | 25 | landlock.fs.execute /usr/sbin |
26 | landlock.execute /usr/games | 26 | landlock.fs.execute /usr/games |
27 | landlock.execute /usr/local/bin | 27 | landlock.fs.execute /usr/local/bin |
28 | landlock.execute /usr/local/sbin | 28 | landlock.fs.execute /usr/local/sbin |
29 | landlock.execute /usr/local/games | 29 | landlock.fs.execute /usr/local/games |
30 | ## lib | 30 | ## lib |
31 | landlock.execute /lib | 31 | landlock.fs.execute /lib |
32 | landlock.execute /lib32 | 32 | landlock.fs.execute /lib32 |
33 | landlock.execute /libx32 | 33 | landlock.fs.execute /libx32 |
34 | landlock.execute /lib64 | 34 | landlock.fs.execute /lib64 |
35 | landlock.execute /usr/lib | 35 | landlock.fs.execute /usr/lib |
36 | landlock.execute /usr/lib32 | 36 | landlock.fs.execute /usr/lib32 |
37 | landlock.execute /usr/libx32 | 37 | landlock.fs.execute /usr/libx32 |
38 | landlock.execute /usr/lib64 | 38 | landlock.fs.execute /usr/lib64 |
39 | landlock.execute /usr/local/lib | 39 | landlock.fs.execute /usr/local/lib |
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 0e6a5734e..29ea55439 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -138,11 +138,11 @@ include globals.local | |||
138 | #include whitelist-var-common.inc | 138 | #include whitelist-var-common.inc |
139 | 139 | ||
140 | # Landlock commands | 140 | # Landlock commands |
141 | ##landlock.read PATH | 141 | ##landlock.fs.read PATH |
142 | ##landlock.write PATH | 142 | ##landlock.fs.write PATH |
143 | ##landlock.makeipc PATH | 143 | ##landlock.fs.makeipc PATH |
144 | ##landlock.makedev PATH | 144 | ##landlock.fs.makedev PATH |
145 | ##landlock.execute PATH | 145 | ##landlock.fs.execute PATH |
146 | #include landlock-common.inc | 146 | #include landlock-common.inc |
147 | 147 | ||
148 | ##allusers | 148 | ##allusers |