From 460fa7a6f98cc1e7aec2953e6523f32677d546c7 Mon Sep 17 00:00:00 2001 From: Азалия Смарагдова Date: Tue, 16 Aug 2022 12:03:50 +0500 Subject: Proposed fixes. --- src/zsh_completion/_firejail.in | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/zsh_completion') diff --git a/src/zsh_completion/_firejail.in b/src/zsh_completion/_firejail.in index da024eae5..ed7337762 100644 --- a/src/zsh_completion/_firejail.in +++ b/src/zsh_completion/_firejail.in @@ -105,10 +105,12 @@ _firejail_args=( '--keep-dev-shm[/dev/shm directory is untouched (even with --private-dev)]' '--keep-fd[inherit open file descriptors to sandbox]: :' '--keep-var-tmp[/var/tmp directory is untouched]' - '--landlock-read=-[Landlock read access rule]: :_files' - '--landlock-write=-[Landlock write access rule]: :_files' - "--landlock-restricted-write=-[Landlock write access rule that doesn't include creation of FIFO pipes, sockets and block devices]: :_files" - '--landlock-execute=-[Landlock execution-permitting rule]: :_files' + '--landlock[Basic Landlock ruleset]' + '--landlock.proc=-[Access to the /proc directory]: :(no ro rw)' + '--landlock.read=-[Landlock read access rule]: :_files' + '--landlock.write=-[Landlock write access rule]: :_files' + "--landlock.special=-[Landlock access rule for creation of FIFO pipes, sockets and block devices]: :_files" + '--landlock.execute=-[Landlock execution-permitting rule]: :_files' '--machine-id[spoof /etc/machine-id with a random id]' '--memory-deny-write-execute[seccomp filter to block attempts to create memory mappings that are both writable and executable]' '*--mkdir=-[create a directory]:' -- cgit v1.2.3-54-g00ecf