diff options
Diffstat (limited to 'src/firejail/firejail.h')
-rw-r--r-- | src/firejail/firejail.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 90f88ef37..71c5ae87c 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -57,12 +57,14 @@ | |||
57 | #define RUN_SECCOMP_AMD64 "/run/firejail/mnt/seccomp.amd64" // amd64 filter installed on i386 architectures | 57 | #define RUN_SECCOMP_AMD64 "/run/firejail/mnt/seccomp.amd64" // amd64 filter installed on i386 architectures |
58 | #define RUN_SECCOMP_I386 "/run/firejail/mnt/seccomp.i386" // i386 filter installed on amd64 architectures | 58 | #define RUN_SECCOMP_I386 "/run/firejail/mnt/seccomp.i386" // i386 filter installed on amd64 architectures |
59 | #define RUN_SECCOMP_MDWX "/run/firejail/mnt/seccomp.mdwx" // filter for memory-deny-write-execute | 59 | #define RUN_SECCOMP_MDWX "/run/firejail/mnt/seccomp.mdwx" // filter for memory-deny-write-execute |
60 | #define RUN_SECCOMP_BLOCK_SECONDARY "/run/firejail/mnt/seccomp.block_secondary" // secondary arch blocking filter | ||
60 | #define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp.postexec" // filter for post-exec library | 61 | #define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp.postexec" // filter for post-exec library |
61 | #define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp") // default filter built during make | 62 | #define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp") // default filter built during make |
62 | #define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug") // default filter built during make | 63 | #define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug") // default filter built during make |
63 | #define PATH_SECCOMP_AMD64 (LIBDIR "/firejail/seccomp.amd64") // amd64 filter built during make | 64 | #define PATH_SECCOMP_AMD64 (LIBDIR "/firejail/seccomp.amd64") // amd64 filter built during make |
64 | #define PATH_SECCOMP_I386 (LIBDIR "/firejail/seccomp.i386") // i386 filter built during make | 65 | #define PATH_SECCOMP_I386 (LIBDIR "/firejail/seccomp.i386") // i386 filter built during make |
65 | #define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx") // filter for memory-deny-write-execute built during make | 66 | #define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx") // filter for memory-deny-write-execute built during make |
67 | #define PATH_SECCOMP_BLOCK_SECONDARY (LIBDIR "/firejail/seccomp.block_secondary") // secondary arch blocking filter built during make | ||
66 | 68 | ||
67 | 69 | ||
68 | #define RUN_DEV_DIR "/run/firejail/mnt/dev" | 70 | #define RUN_DEV_DIR "/run/firejail/mnt/dev" |
@@ -307,6 +309,7 @@ extern int arg_overlay_reuse; // allow the reuse of overlays | |||
307 | 309 | ||
308 | extern int arg_seccomp; // enable default seccomp filter | 310 | extern int arg_seccomp; // enable default seccomp filter |
309 | extern int arg_seccomp_postexec; // need postexec ld.preload library? | 311 | extern int arg_seccomp_postexec; // need postexec ld.preload library? |
312 | extern int arg_seccomp_block_secondary; // block any secondary architectures | ||
310 | 313 | ||
311 | extern int arg_caps_default_filter; // enable default capabilities filter | 314 | extern int arg_caps_default_filter; // enable default capabilities filter |
312 | extern int arg_caps_drop; // drop list | 315 | extern int arg_caps_drop; // drop list |
@@ -538,8 +541,6 @@ void fs_private_home_list(void); | |||
538 | char *seccomp_check_list(const char *str); | 541 | char *seccomp_check_list(const char *str); |
539 | int seccomp_install_filters(void); | 542 | int seccomp_install_filters(void); |
540 | int seccomp_load(const char *fname); | 543 | int seccomp_load(const char *fname); |
541 | void seccomp_filter_32(void); | ||
542 | void seccomp_filter_64(void); | ||
543 | int seccomp_filter_drop(int enforce_seccomp); | 544 | int seccomp_filter_drop(int enforce_seccomp); |
544 | int seccomp_filter_keep(void); | 545 | int seccomp_filter_keep(void); |
545 | void seccomp_print_filter(pid_t pid); | 546 | void seccomp_print_filter(pid_t pid); |