From 9cfeb485eb158217e644955bddc42e3bcf42ccbb Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 10 Feb 2024 04:47:11 -0300 Subject: landlock: use "landlock.fs." prefix in filesystem commands Since Landlock ABI v4 it is possible to restrict actions related to the network and potentially more areas will be added in the future. So use `landlock.fs.` as the prefix in the current filesystem-related commands (and later `landlock.net.` for the network-related commands) to keep them organized and to match what is used in the kernel. Examples of filesystem and network access flags: * `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file. * `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content. * `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port. * `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a remote port. Relates to #6078. --- src/man/firejail-profile.5.in | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src/man/firejail-profile.5.in') diff --git a/src/man/firejail-profile.5.in b/src/man/firejail-profile.5.in index b6672c16b..e274a91d1 100644 --- a/src/man/firejail-profile.5.in +++ b/src/man/firejail-profile.5.in @@ -514,25 +514,25 @@ Enforce the Landlock ruleset. .PP Without it, the other Landlock commands have no effect. .TP -\fBlandlock.read path +\fBlandlock.fs.read path Create a Landlock ruleset (if it doesn't already exist) and add a read access rule for path. .TP -\fBlandlock.write path +\fBlandlock.fs.write path Create a Landlock ruleset (if it doesn't already exist) and add a write access rule for path. .TP -\fBlandlock.makeipc path +\fBlandlock.fs.makeipc path Create a Landlock ruleset (if it doesn't already exist) and add a rule that allows the creation of named pipes (FIFOs) and Unix domain sockets beneath the given path. .TP -\fBlandlock.makedev path +\fBlandlock.fs.makedev path Create a Landlock ruleset (if it doesn't already exist) and add a rule that allows the creation of block devices and character devices beneath the given path. .TP -\fBlandlock.execute path +\fBlandlock.fs.execute path Create a Landlock ruleset (if it doesn't already exist) and add an execution permission rule for path. #endif -- cgit v1.2.3-70-g09d2