1 files changed, 14 insertions, 0 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index e6c5b50b0..55f623138 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1400,6 +1400,20 @@ int main(int argc, char **argv, char **envp) {
                        else
                                exit_err_feature("seccomp");
                }
+                else if (strcmp(argv[i], "--restrict-namespaces") == 0) {
+                        if (checkcfg(CFG_SECCOMP))
+                                profile_list_augment(&cfg.restrict_namespaces, "cgroup,ipc,net,mnt,pid,time,user,uts");
+                        else
+                                exit_err_feature("seccomp");
+                }
+                else if (strncmp(argv[i], "--restrict-namespaces=", 22) == 0) {
+                        if (checkcfg(CFG_SECCOMP)) {
+                                const char *add = argv[i] + 22;
+                                profile_list_augment(&cfg.restrict_namespaces, add);
+                        }
+                        else
+                                exit_err_feature("seccomp");
+                }
                else if (strncmp(argv[i], "--seccomp-error-action=", 23) == 0) {
                        if (checkcfg(CFG_SECCOMP)) {
                                int config_seccomp_error_action = checkcfg(CFG_SECCOMP_ERROR_ACTION);

diff --git a/src/firejail/main.c b/src/firejail/main.c index e6c5b50b0..55f623138 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -1400,6 +1400,20 @@ int main(int argc, char argv, char envp) {
1400	else	1400	else
1401	exit_err_feature("seccomp");	1401	exit_err_feature("seccomp");
1402	}	1402	}
		1403	else if (strcmp(argv[i], "--restrict-namespaces") == 0) {
		1404	if (checkcfg(CFG_SECCOMP))
		1405	profile_list_augment(&cfg.restrict_namespaces, "cgroup,ipc,net,mnt,pid,time,user,uts");
		1406	else
		1407	exit_err_feature("seccomp");
		1408	}
		1409	else if (strncmp(argv[i], "--restrict-namespaces=", 22) == 0) {
		1410	if (checkcfg(CFG_SECCOMP)) {
		1411	const char *add = argv[i] + 22;
		1412	profile_list_augment(&cfg.restrict_namespaces, add);
		1413	}
		1414	else
		1415	exit_err_feature("seccomp");
		1416	}
1403	else if (strncmp(argv[i], "--seccomp-error-action=", 23) == 0) {	1417	else if (strncmp(argv[i], "--seccomp-error-action=", 23) == 0) {
1404	if (checkcfg(CFG_SECCOMP)) {	1418	if (checkcfg(CFG_SECCOMP)) {
1405	int config_seccomp_error_action = checkcfg(CFG_SECCOMP_ERROR_ACTION);	1419	int config_seccomp_error_action = checkcfg(CFG_SECCOMP_ERROR_ACTION);