blob: 7ff6448e2a58765c12e3e0b16ec55da8d283fea0 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
# This file is overwritten during software install.
# Persistent customizations should go in a .local file.
include landlock-common.local
landlock.fs.read / # whole system read
landlock.fs.read /proc
landlock.fs.makeipc / # sockets etc.
# write access
landlock.fs.write ${HOME}
landlock.fs.write ${RUNUSER}
landlock.fs.write /dev
landlock.fs.write /proc
landlock.fs.write /run/shm
landlock.fs.write /tmp
# exec access
## misc
landlock.fs.execute ${PATH}
landlock.fs.execute /opt
landlock.fs.execute /run/firejail # appimage and various firejail features
## lib
landlock.fs.execute /lib
landlock.fs.execute /lib32
landlock.fs.execute /libx32
landlock.fs.execute /lib64
landlock.fs.execute /usr/lib
landlock.fs.execute /usr/lib32
landlock.fs.execute /usr/libx32
landlock.fs.execute /usr/lib64
landlock.fs.execute /usr/local/lib
|
