[PR #6228] [MERGED] landlock: use "landlock.fs." prefix in filesystem commands #5885

New issue

Closed

opened 2026-05-05 10:46:43 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:46:43 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/6228
Author: @kmk3
Created: 2/28/2024
Status: ✅ Merged
Merged: 2/29/2024
Merged by: @netblue30

Base: master ← Head: landlock-add-fs

📝 Commits (2)

1758765 landlock: add _fs prefix to filesystem functions
9cfeb48 landlock: use "landlock.fs." prefix in filesystem commands

📊 Changes

12 files changed (+101 additions, -101 deletions)

View changed files

📝 contrib/syntax/lists/profile_commands_arg1.list (+5 -5)
📝 etc/inc/landlock-common.inc (+28 -28)
📝 etc/templates/profile.template (+5 -5)
📝 src/bash_completion/firejail.bash_completion.in (+5 -5)
📝 src/firejail/firejail.h (+5 -5)
📝 src/firejail/landlock.c (+10 -10)
📝 src/firejail/main.c (+10 -10)
📝 src/firejail/profile.c (+10 -10)
📝 src/firejail/usage.c (+5 -5)
📝 src/man/firejail-profile.5.in (+5 -5)
📝 src/man/firejail.1.in (+8 -8)
📝 src/zsh_completion/_firejail.in (+5 -5)

📄 Description

Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.

So use landlock.fs. as the prefix in the current filesystem-related
commands (and later landlock.net. for the network-related commands) to
keep them organized and to match what is used in the kernel.

Examples of filesystem and network access flags:

LANDLOCK_ACCESS_FS_EXECUTE: Execute a file.
LANDLOCK_ACCESS_FS_READ_DIR: Open a directory or list its content.
LANDLOCK_ACCESS_NET_BIND_TCP: Bind a TCP socket to a local port.
LANDLOCK_ACCESS_NET_CONNECT_TCP: Connect an active TCP socket to a
remote port.

Relates to #6078.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/6228 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 2/28/2024 **Status:** ✅ Merged **Merged:** 2/29/2024 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `landlock-add-fs` --- ### 📝 Commits (2) - [`1758765`](https://github.com/netblue30/firejail/commit/1758765ca6b0039d6513a802ec791928a7769013) landlock: add _fs prefix to filesystem functions - [`9cfeb48`](https://github.com/netblue30/firejail/commit/9cfeb485eb158217e644955bddc42e3bcf42ccbb) landlock: use "landlock.fs." prefix in filesystem commands ### 📊 Changes **12 files changed** (+101 additions, -101 deletions) <details> <summary>View changed files</summary> 📝 `contrib/syntax/lists/profile_commands_arg1.list` (+5 -5) 📝 `etc/inc/landlock-common.inc` (+28 -28) 📝 `etc/templates/profile.template` (+5 -5) 📝 `src/bash_completion/firejail.bash_completion.in` (+5 -5) 📝 `src/firejail/firejail.h` (+5 -5) 📝 `src/firejail/landlock.c` (+10 -10) 📝 `src/firejail/main.c` (+10 -10) 📝 `src/firejail/profile.c` (+10 -10) 📝 `src/firejail/usage.c` (+5 -5) 📝 `src/man/firejail-profile.5.in` (+5 -5) 📝 `src/man/firejail.1.in` (+8 -8) 📝 `src/zsh_completion/_firejail.in` (+5 -5) </details> ### 📄 Description Since Landlock ABI v4 it is possible to restrict actions related to the network and potentially more areas will be added in the future. So use `landlock.fs.` as the prefix in the current filesystem-related commands (and later `landlock.net.` for the network-related commands) to keep them organized and to match what is used in the kernel. Examples of filesystem and network access flags: * `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file. * `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content. * `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port. * `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a remote port. Relates to #6078. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:46:43 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#5885

No description provided.

Rows
Columns