diff options
Diffstat (limited to 'src/firejail/firejail.h')
-rw-r--r-- | src/firejail/firejail.h | 29 |
1 files changed, 13 insertions, 16 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index ac2fd279e..1c1ad4e97 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -122,26 +122,22 @@ typedef struct interface_t { | |||
122 | uint8_t configured; | 122 | uint8_t configured; |
123 | } Interface; | 123 | } Interface; |
124 | 124 | ||
125 | typedef struct topdir_t { | ||
126 | char *path; | ||
127 | int fd; | ||
128 | } TopDir; | ||
129 | |||
125 | typedef struct profile_entry_t { | 130 | typedef struct profile_entry_t { |
126 | struct profile_entry_t *next; | 131 | struct profile_entry_t *next; |
127 | char *data; // command | 132 | char *data; // command |
128 | 133 | ||
129 | // whitelist command parameters | 134 | // whitelist command parameters |
130 | char *link; // link name - set if the file is a link | 135 | struct wparam_t { |
131 | enum { | 136 | char *file; // resolved file path |
132 | WLDIR_HOME = 1, // whitelist in home directory | 137 | char *link; // link path |
133 | WLDIR_TMP, // whitelist in /tmp directory | 138 | TopDir *top; // top level directory |
134 | WLDIR_MEDIA, // whitelist in /media directory | 139 | } *wparam; |
135 | WLDIR_MNT, // whitelist in /mnt directory | 140 | |
136 | WLDIR_VAR, // whitelist in /var directory | ||
137 | WLDIR_DEV, // whitelist in /dev directory | ||
138 | WLDIR_OPT, // whitelist in /opt directory | ||
139 | WLDIR_SRV, // whitelist in /srv directory | ||
140 | WLDIR_ETC, // whitelist in /etc directory | ||
141 | WLDIR_SHARE, // whitelist in /usr/share directory | ||
142 | WLDIR_MODULE, // whitelist in /sys/module directory | ||
143 | WLDIR_RUN // whitelist in /run/user/$uid directory | ||
144 | } wldir; | ||
145 | } ProfileEntry; | 141 | } ProfileEntry; |
146 | 142 | ||
147 | typedef struct config_t { | 143 | typedef struct config_t { |
@@ -529,7 +525,7 @@ void mkdir_attr(const char *fname, mode_t mode, uid_t uid, gid_t gid); | |||
529 | unsigned extract_timeout(const char *str); | 525 | unsigned extract_timeout(const char *str); |
530 | void disable_file_or_dir(const char *fname); | 526 | void disable_file_or_dir(const char *fname); |
531 | void disable_file_path(const char *path, const char *file); | 527 | void disable_file_path(const char *path, const char *file); |
532 | int safe_fd(const char *path, int flags); | 528 | int safer_openat(int dirfd, const char *path, int flags); |
533 | int has_handler(pid_t pid, int signal); | 529 | int has_handler(pid_t pid, int signal); |
534 | void enter_network_namespace(pid_t pid); | 530 | void enter_network_namespace(pid_t pid); |
535 | int read_pid(const char *name, pid_t *pid); | 531 | int read_pid(const char *name, pid_t *pid); |
@@ -794,6 +790,7 @@ extern char *xvfb_extra_params; | |||
794 | extern char *netfilter_default; | 790 | extern char *netfilter_default; |
795 | extern unsigned long join_timeout; | 791 | extern unsigned long join_timeout; |
796 | extern char *config_seccomp_error_action_str; | 792 | extern char *config_seccomp_error_action_str; |
793 | extern char **whitelist_reject_topdirs; | ||
797 | 794 | ||
798 | int checkcfg(int val); | 795 | int checkcfg(int val); |
799 | void print_compiletime_support(void); | 796 | void print_compiletime_support(void); |