From 1758765ca6b0039d6513a802ec791928a7769013 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 10 Feb 2024 02:49:46 -0300 Subject: [PATCH] landlock: add _fs prefix to filesystem functions Relates to #6078. --- src/firejail/firejail.h | 10 +++++----- src/firejail/landlock.c | 20 ++++++++++---------- src/firejail/main.c | 10 +++++----- src/firejail/profile.c | 10 +++++----- 4 files changed, 25 insertions(+), 25 deletions(-) diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 2122649cf..4e018476e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h @@ -152,11 +152,11 @@ typedef struct profile_entry_t { typedef struct landlock_entry_t { struct landlock_entry_t *next; -#define LL_READ 0 -#define LL_WRITE 1 -#define LL_MAKEIPC 2 -#define LL_MAKEDEV 3 -#define LL_EXEC 4 +#define LL_FS_READ 0 +#define LL_FS_WRITE 1 +#define LL_FS_MAKEIPC 2 +#define LL_FS_MAKEDEV 3 +#define LL_FS_EXEC 4 #define LL_MAX 5 int type; char *data; diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index ce222624b..453ad8f10 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c @@ -174,7 +174,7 @@ static void ll_fs(const char *allowed_path, const __u64 allowed_access, free(expanded_path); } -static void ll_read(const char *allowed_path) { +static void ll_fs_read(const char *allowed_path) { __u64 allowed_access = LANDLOCK_ACCESS_FS_READ_DIR | LANDLOCK_ACCESS_FS_READ_FILE; @@ -182,7 +182,7 @@ static void ll_read(const char *allowed_path) { ll_fs(allowed_path, allowed_access, __func__); } -static void ll_write(const char *allowed_path) { +static void ll_fs_write(const char *allowed_path) { __u64 allowed_access = LANDLOCK_ACCESS_FS_MAKE_DIR | LANDLOCK_ACCESS_FS_MAKE_REG | @@ -194,7 +194,7 @@ static void ll_write(const char *allowed_path) { ll_fs(allowed_path, allowed_access, __func__); } -static void ll_makeipc(const char *allowed_path) { +static void ll_fs_makeipc(const char *allowed_path) { __u64 allowed_access = LANDLOCK_ACCESS_FS_MAKE_FIFO | LANDLOCK_ACCESS_FS_MAKE_SOCK; @@ -202,7 +202,7 @@ static void ll_makeipc(const char *allowed_path) { ll_fs(allowed_path, allowed_access, __func__); } -static void ll_makedev(const char *allowed_path) { +static void ll_fs_makedev(const char *allowed_path) { __u64 allowed_access = LANDLOCK_ACCESS_FS_MAKE_BLOCK | LANDLOCK_ACCESS_FS_MAKE_CHAR; @@ -210,7 +210,7 @@ static void ll_makedev(const char *allowed_path) { ll_fs(allowed_path, allowed_access, __func__); } -static void ll_exec(const char *allowed_path) { +static void ll_fs_exec(const char *allowed_path) { __u64 allowed_access = LANDLOCK_ACCESS_FS_EXECUTE; @@ -227,11 +227,11 @@ int ll_restrict(uint32_t flags) { fprintf(stderr, "%s: Starting Landlock restrict\n", __func__); void (*fnc[])(const char *) = { - ll_read, - ll_write, - ll_makeipc, - ll_makedev, - ll_exec, + ll_fs_read, + ll_fs_write, + ll_fs_makeipc, + ll_fs_makedev, + ll_fs_exec, NULL }; diff --git a/src/firejail/main.c b/src/firejail/main.c index 4d8ea20c3..0d56eeb55 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c @@ -1506,15 +1506,15 @@ int main(int argc, char **argv, char **envp) { else if (strncmp(argv[i], "--landlock.enforce", 18) == 0) arg_landlock_enforce = 1; else if (strncmp(argv[i], "--landlock.read=", 16) == 0) - ll_add_profile(LL_READ, argv[i] + 16); + ll_add_profile(LL_FS_READ, argv[i] + 16); else if (strncmp(argv[i], "--landlock.write=", 17) == 0) - ll_add_profile(LL_WRITE, argv[i] + 17); + ll_add_profile(LL_FS_WRITE, argv[i] + 17); else if (strncmp(argv[i], "--landlock.makeipc=", 19) == 0) - ll_add_profile(LL_MAKEIPC, argv[i] + 19); + ll_add_profile(LL_FS_MAKEIPC, argv[i] + 19); else if (strncmp(argv[i], "--landlock.makedev=", 19) == 0) - ll_add_profile(LL_MAKEDEV, argv[i] + 19); + ll_add_profile(LL_FS_MAKEDEV, argv[i] + 19); else if (strncmp(argv[i], "--landlock.execute=", 19) == 0) - ll_add_profile(LL_EXEC, argv[i] + 19); + ll_add_profile(LL_FS_EXEC, argv[i] + 19); #endif else if (strcmp(argv[i], "--memory-deny-write-execute") == 0) { if (checkcfg(CFG_SECCOMP)) diff --git a/src/firejail/profile.c b/src/firejail/profile.c index a5a8393e9..945ed518e 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c @@ -1079,23 +1079,23 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { return 0; } if (strncmp(ptr, "landlock.read ", 14) == 0) { - ll_add_profile(LL_READ, ptr + 14); + ll_add_profile(LL_FS_READ, ptr + 14); return 0; } if (strncmp(ptr, "landlock.write ", 15) == 0) { - ll_add_profile(LL_WRITE, ptr + 15); + ll_add_profile(LL_FS_WRITE, ptr + 15); return 0; } if (strncmp(ptr, "landlock.makeipc ", 17) == 0) { - ll_add_profile(LL_MAKEIPC, ptr + 17); + ll_add_profile(LL_FS_MAKEIPC, ptr + 17); return 0; } if (strncmp(ptr, "landlock.makedev ", 17) == 0) { - ll_add_profile(LL_MAKEDEV, ptr + 17); + ll_add_profile(LL_FS_MAKEDEV, ptr + 17); return 0; } if (strncmp(ptr, "landlock.execute ", 17) == 0) { - ll_add_profile(LL_EXEC, ptr + 17); + ll_add_profile(LL_FS_EXEC, ptr + 17); return 0; } #endif