diff options
Diffstat (limited to 'src/firejail/firejail.h')
-rw-r--r-- | src/firejail/firejail.h | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 6a679f849..35e2dbf50 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -22,15 +22,33 @@ | |||
22 | #include "../include/common.h" | 22 | #include "../include/common.h" |
23 | #include "../include/euid_common.h" | 23 | #include "../include/euid_common.h" |
24 | #include "../include/rundefs.h" | 24 | #include "../include/rundefs.h" |
25 | #include <linux/limits.h> // Note: Plain limits.h may break ARG_MAX (see #4583) | 25 | #ifdef HAVE_LANDLOCK |
26 | #include <linux/landlock.h> | 26 | #include <linux/landlock.h> |
27 | #endif | ||
28 | #include <linux/limits.h> // Note: Plain limits.h may break ARG_MAX (see #4583) | ||
27 | #include <stdarg.h> | 29 | #include <stdarg.h> |
28 | #include <sys/stat.h> | 30 | #include <sys/stat.h> |
29 | 31 | ||
30 | // debug restricted shell | 32 | // debug restricted shell |
31 | //#define DEBUG_RESTRICTED_SHELL | 33 | //#define DEBUG_RESTRICTED_SHELL |
32 | 34 | ||
35 | #ifdef HAVE_LANDLOCK | ||
36 | |||
37 | extern int landlock_create_ruleset(struct landlock_ruleset_attr *rsattr,size_t size,__u32 flags); | ||
38 | |||
39 | extern int landlock_add_rule(int fd,enum landlock_rule_type t,void *attr,__u32 flags); | ||
40 | |||
41 | extern int landlock_restrict_self(int fd,__u32 flags); | ||
33 | 42 | ||
43 | extern int create_full_ruleset(); | ||
44 | |||
45 | extern int add_read_access_rule_by_path(int rset_fd,char *allowed_path); | ||
46 | |||
47 | extern int add_write_access_rule_by_path(int rset_fd,char *allowed_path,int restricted); | ||
48 | |||
49 | extern int add_execute_rule_by_path(int rset_fd,char *allowed_path); | ||
50 | |||
51 | #endif | ||
34 | 52 | ||
35 | // profiles | 53 | // profiles |
36 | #define DEFAULT_USER_PROFILE "default" | 54 | #define DEFAULT_USER_PROFILE "default" |