1 files changed, 39 insertions, 2 deletions
diff --git a/src/firejail/profile.c b/src/firejail/profile.c
index 0f60e9b7d..62d3c78e7 100644
--- a/src/firejail/profile.c
+++ b/src/firejail/profile.c
@@ -1073,6 +1073,44 @@ int profile_check_line(char *ptr, int lineno, const char *fname) {
                return 0;
        }
+#ifdef HAVE_LANDLOCK
+        // Landlock ruleset paths
+        if (strcmp(ptr, "landlock") == 0) {
+                arg_landlock = 1;
+                return 0;
+        }
+        if (strncmp(ptr, "landlock.proc ", 14) == 0) {
+                        if (strncmp(ptr + 14, "no", 2) == 0)
+                                arg_landlock_proc = 0;
+                        else if (strncmp(ptr + 14, "ro", 2) == 0)
+                                arg_landlock_proc = 1;
+                        else if (strncmp(ptr + 14, "rw", 2) == 0)
+                                arg_landlock_proc = 2;
+                        else {
+                                fprintf(stderr, "Error: invalid landlock.proc value: %s\n",
+                                        ptr + 14);
+                                exit(1);
+                        }
+                        return 0;
+        }
+        if (strncmp(ptr, "landlock.read ", 14) == 0) {
+                ll_add_profile(LL_READ, ptr + 14);
+                return 0;
+        }
+        if (strncmp(ptr, "landlock.write ", 15) == 0) {
+                ll_add_profile(LL_WRITE, ptr + 15);
+                return 0;
+        }
+        if (strncmp(ptr, "landlock.special ", 17) == 0) {
+                ll_add_profile(LL_SPECIAL, ptr + 17);
+                return 0;
+        }
+        if (strncmp(ptr, "landlock.execute ", 17) == 0) {
+                ll_add_profile(LL_EXEC, ptr + 17);
+                return 0;
+        }
+#endif
        // memory deny write&execute
        if (strcmp(ptr, "memory-deny-write-execute") == 0) {
                if (checkcfg(CFG_SECCOMP))
@@ -1897,8 +1935,7 @@ void profile_read(const char *fname) {
        fclose(fp);
 }
-char *profile_list_normalize(char *list)
+char *profile_list_normalize(char *list) {
-{
        /* Remove redundant commas.
         *
         * As result is always shorter than original,

diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 0f60e9b7d..62d3c78e7 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c
@@ -1073,6 +1073,44 @@ int profile_check_line(char ptr, int lineno, const char fname) {
1073	return 0;	1073	return 0;
1074	}	1074	}
1075		1075
		1076	#ifdef HAVE_LANDLOCK
		1077	// Landlock ruleset paths
		1078	if (strcmp(ptr, "landlock") == 0) {
		1079	arg_landlock = 1;
		1080	return 0;
		1081	}
		1082	if (strncmp(ptr, "landlock.proc ", 14) == 0) {
		1083	if (strncmp(ptr + 14, "no", 2) == 0)
		1084	arg_landlock_proc = 0;
		1085	else if (strncmp(ptr + 14, "ro", 2) == 0)
		1086	arg_landlock_proc = 1;
		1087	else if (strncmp(ptr + 14, "rw", 2) == 0)
		1088	arg_landlock_proc = 2;
		1089	else {
		1090	fprintf(stderr, "Error: invalid landlock.proc value: %s\n",
		1091	ptr + 14);
		1092	exit(1);
		1093	}
		1094	return 0;
		1095	}
		1096	if (strncmp(ptr, "landlock.read ", 14) == 0) {
		1097	ll_add_profile(LL_READ, ptr + 14);
		1098	return 0;
		1099	}
		1100	if (strncmp(ptr, "landlock.write ", 15) == 0) {
		1101	ll_add_profile(LL_WRITE, ptr + 15);
		1102	return 0;
		1103	}
		1104	if (strncmp(ptr, "landlock.special ", 17) == 0) {
		1105	ll_add_profile(LL_SPECIAL, ptr + 17);
		1106	return 0;
		1107	}
		1108	if (strncmp(ptr, "landlock.execute ", 17) == 0) {
		1109	ll_add_profile(LL_EXEC, ptr + 17);
		1110	return 0;
		1111	}
		1112	#endif
		1113
1076	// memory deny write&execute	1114	// memory deny write&execute
1077	if (strcmp(ptr, "memory-deny-write-execute") == 0) {	1115	if (strcmp(ptr, "memory-deny-write-execute") == 0) {
1078	if (checkcfg(CFG_SECCOMP))	1116	if (checkcfg(CFG_SECCOMP))
@@ -1897,8 +1935,7 @@ void profile_read(const char *fname) {
1897	fclose(fp);	1935	fclose(fp);
1898	}	1936	}
1899		1937
1900	char profile_list_normalize(char list)	1938	char profile_list_normalize(char list) {
1901	{
1902	/* Remove redundant commas.	1939	/* Remove redundant commas.
1903	*	1940	*
1904	* As result is always shorter than original,	1941	* As result is always shorter than original,