diff options
Diffstat (limited to 'src/firejail/sandbox.c')
| -rw-r--r-- | src/firejail/sandbox.c | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 827be5d85..dbc115137 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -516,6 +516,28 @@ void start_application(int no_sandbox, int fd, char *set_sandbox_status) { | |||
| 516 | printf("LD_PRELOAD=%s\n", getenv("LD_PRELOAD")); | 516 | printf("LD_PRELOAD=%s\n", getenv("LD_PRELOAD")); |
| 517 | } | 517 | } |
| 518 | 518 | ||
| 519 | #ifdef HAVE_LANDLOCK | ||
| 520 | //**************************** | ||
| 521 | // Configure Landlock | ||
| 522 | //**************************** | ||
| 523 | if (arg_landlock) | ||
| 524 | ll_basic_system(); | ||
| 525 | |||
| 526 | if (ll_get_fd() != -1) { | ||
| 527 | if (arg_landlock_proc >= 1) | ||
| 528 | ll_read("/proc/"); | ||
| 529 | if (arg_landlock_proc == 2) | ||
| 530 | ll_write("/proc/"); | ||
| 531 | } | ||
| 532 | |||
| 533 | if (ll_restrict(0)) { | ||
| 534 | // It isn't safe to continue if Landlock self-restriction was | ||
| 535 | // enabled and the "landlock_restrict_self" syscall has failed. | ||
| 536 | fprintf(stderr, "Error: ll_restrict() failed, exiting...\n"); | ||
| 537 | exit(1); | ||
| 538 | } | ||
| 539 | #endif | ||
| 540 | |||
| 519 | if (just_run_the_shell) { | 541 | if (just_run_the_shell) { |
| 520 | char *arg[2]; | 542 | char *arg[2]; |
| 521 | arg[0] = cfg.usershell; | 543 | arg[0] = cfg.usershell; |