aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/landlock.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/landlock.c')
-rw-r--r--src/firejail/landlock.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c
index 77149a134..c445e74d9 100644
--- a/src/firejail/landlock.c
+++ b/src/firejail/landlock.c
@@ -194,16 +194,22 @@ static void ll_write(const char *allowed_path) {
194 ll_fs(allowed_path, allowed_access, __func__); 194 ll_fs(allowed_path, allowed_access, __func__);
195} 195}
196 196
197static void ll_special(const char *allowed_path) { 197static void ll_makeipc(const char *allowed_path) {
198 __u64 allowed_access = 198 __u64 allowed_access =
199 LANDLOCK_ACCESS_FS_MAKE_BLOCK |
200 LANDLOCK_ACCESS_FS_MAKE_CHAR |
201 LANDLOCK_ACCESS_FS_MAKE_FIFO | 199 LANDLOCK_ACCESS_FS_MAKE_FIFO |
202 LANDLOCK_ACCESS_FS_MAKE_SOCK; 200 LANDLOCK_ACCESS_FS_MAKE_SOCK;
203 201
204 ll_fs(allowed_path, allowed_access, __func__); 202 ll_fs(allowed_path, allowed_access, __func__);
205} 203}
206 204
205static void ll_makedev(const char *allowed_path) {
206 __u64 allowed_access =
207 LANDLOCK_ACCESS_FS_MAKE_BLOCK |
208 LANDLOCK_ACCESS_FS_MAKE_CHAR;
209
210 ll_fs(allowed_path, allowed_access, __func__);
211}
212
207static void ll_exec(const char *allowed_path) { 213static void ll_exec(const char *allowed_path) {
208 __u64 allowed_access = 214 __u64 allowed_access =
209 LANDLOCK_ACCESS_FS_EXECUTE; 215 LANDLOCK_ACCESS_FS_EXECUTE;
@@ -223,7 +229,8 @@ int ll_restrict(uint32_t flags) {
223 void (*fnc[])(const char *) = { 229 void (*fnc[])(const char *) = {
224 ll_read, 230 ll_read,
225 ll_write, 231 ll_write,
226 ll_special, 232 ll_makeipc,
233 ll_makedev,
227 ll_exec, 234 ll_exec,
228 NULL 235 NULL
229 }; 236 };
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-17 16:17:45 +0000