aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/main.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/firejail/main.c')
-rw-r--r--src/firejail/main.c20
1 files changed, 3 insertions, 17 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 5bcc3a0e5..aaa7c8a2f 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -75,8 +75,7 @@ int arg_overlay = 0; // overlay option
75int arg_overlay_keep = 0; // place overlay diff in a known directory 75int arg_overlay_keep = 0; // place overlay diff in a known directory
76int arg_overlay_reuse = 0; // allow the reuse of overlays 76int arg_overlay_reuse = 0; // allow the reuse of overlays
77 77
78int arg_landlock = 0; // add basic Landlock rules 78int arg_landlock_enforce = 0; // enforce the Landlock ruleset
79int arg_landlock_proc = 2; // 0 - no access; 1 -read-only; 2 - read-write
80 79
81int arg_seccomp = 0; // enable default seccomp filter 80int arg_seccomp = 0; // enable default seccomp filter
82int arg_seccomp32 = 0; // enable default seccomp filter for 32 bit arch 81int arg_seccomp32 = 0; // enable default seccomp filter for 32 bit arch
@@ -1504,21 +1503,8 @@ int main(int argc, char **argv, char **envp) {
1504 exit_err_feature("seccomp"); 1503 exit_err_feature("seccomp");
1505 } 1504 }
1506#ifdef HAVE_LANDLOCK 1505#ifdef HAVE_LANDLOCK
1507 else if (strcmp(argv[i], "--landlock") == 0) 1506 else if (strncmp(argv[i], "--landlock.enforce", 18) == 0)
1508 arg_landlock = 1; 1507 arg_landlock_enforce = 1;
1509 else if (strncmp(argv[i], "--landlock.proc=", 16) == 0) {
1510 if (strncmp(argv[i] + 16, "no", 2) == 0)
1511 arg_landlock_proc = 0;
1512 else if (strncmp(argv[i] + 16, "ro", 2) == 0)
1513 arg_landlock_proc = 1;
1514 else if (strncmp(argv[i] + 16, "rw", 2) == 0)
1515 arg_landlock_proc = 2;
1516 else {
1517 fprintf(stderr, "Error: invalid landlock.proc value: %s\n",
1518 argv[i] + 16);
1519 exit(1);
1520 }
1521 }
1522 else if (strncmp(argv[i], "--landlock.read=", 16) == 0) 1508 else if (strncmp(argv[i], "--landlock.read=", 16) == 0)
1523 ll_add_profile(LL_READ, argv[i] + 16); 1509 ll_add_profile(LL_READ, argv[i] + 16);
1524 else if (strncmp(argv[i], "--landlock.write=", 17) == 0) 1510 else if (strncmp(argv[i], "--landlock.write=", 17) == 0)
generated by cgit v1.2.3-54-g00ecf (git 2.45.1) at 2024-06-04 08:06:28 +0000