aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/firejail.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/firejail.h')
-rw-r--r--src/firejail/firejail.h5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 90f88ef37..71c5ae87c 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -57,12 +57,14 @@
57#define RUN_SECCOMP_AMD64 "/run/firejail/mnt/seccomp.amd64" // amd64 filter installed on i386 architectures 57#define RUN_SECCOMP_AMD64 "/run/firejail/mnt/seccomp.amd64" // amd64 filter installed on i386 architectures
58#define RUN_SECCOMP_I386 "/run/firejail/mnt/seccomp.i386" // i386 filter installed on amd64 architectures 58#define RUN_SECCOMP_I386 "/run/firejail/mnt/seccomp.i386" // i386 filter installed on amd64 architectures
59#define RUN_SECCOMP_MDWX "/run/firejail/mnt/seccomp.mdwx" // filter for memory-deny-write-execute 59#define RUN_SECCOMP_MDWX "/run/firejail/mnt/seccomp.mdwx" // filter for memory-deny-write-execute
60#define RUN_SECCOMP_BLOCK_SECONDARY "/run/firejail/mnt/seccomp.block_secondary" // secondary arch blocking filter
60#define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp.postexec" // filter for post-exec library 61#define RUN_SECCOMP_POSTEXEC "/run/firejail/mnt/seccomp.postexec" // filter for post-exec library
61#define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp") // default filter built during make 62#define PATH_SECCOMP_DEFAULT (LIBDIR "/firejail/seccomp") // default filter built during make
62#define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug") // default filter built during make 63#define PATH_SECCOMP_DEFAULT_DEBUG (LIBDIR "/firejail/seccomp.debug") // default filter built during make
63#define PATH_SECCOMP_AMD64 (LIBDIR "/firejail/seccomp.amd64") // amd64 filter built during make 64#define PATH_SECCOMP_AMD64 (LIBDIR "/firejail/seccomp.amd64") // amd64 filter built during make
64#define PATH_SECCOMP_I386 (LIBDIR "/firejail/seccomp.i386") // i386 filter built during make 65#define PATH_SECCOMP_I386 (LIBDIR "/firejail/seccomp.i386") // i386 filter built during make
65#define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx") // filter for memory-deny-write-execute built during make 66#define PATH_SECCOMP_MDWX (LIBDIR "/firejail/seccomp.mdwx") // filter for memory-deny-write-execute built during make
67#define PATH_SECCOMP_BLOCK_SECONDARY (LIBDIR "/firejail/seccomp.block_secondary") // secondary arch blocking filter built during make
66 68
67 69
68#define RUN_DEV_DIR "/run/firejail/mnt/dev" 70#define RUN_DEV_DIR "/run/firejail/mnt/dev"
@@ -307,6 +309,7 @@ extern int arg_overlay_reuse; // allow the reuse of overlays
307 309
308extern int arg_seccomp; // enable default seccomp filter 310extern int arg_seccomp; // enable default seccomp filter
309extern int arg_seccomp_postexec; // need postexec ld.preload library? 311extern int arg_seccomp_postexec; // need postexec ld.preload library?
312extern int arg_seccomp_block_secondary; // block any secondary architectures
310 313
311extern int arg_caps_default_filter; // enable default capabilities filter 314extern int arg_caps_default_filter; // enable default capabilities filter
312extern int arg_caps_drop; // drop list 315extern int arg_caps_drop; // drop list
@@ -538,8 +541,6 @@ void fs_private_home_list(void);
538char *seccomp_check_list(const char *str); 541char *seccomp_check_list(const char *str);
539int seccomp_install_filters(void); 542int seccomp_install_filters(void);
540int seccomp_load(const char *fname); 543int seccomp_load(const char *fname);
541void seccomp_filter_32(void);
542void seccomp_filter_64(void);
543int seccomp_filter_drop(int enforce_seccomp); 544int seccomp_filter_drop(int enforce_seccomp);
544int seccomp_filter_keep(void); 545int seccomp_filter_keep(void);
545void seccomp_print_filter(pid_t pid); 546void seccomp_print_filter(pid_t pid);
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 19:34:08 +0000