mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
f70ffbe76c
As discussed with @topimiettinen[1], it is unlikely that an unprivileged process would need to directly create block or character devices. Also, `landlock.special` is not very descriptive of what it allows. So split `landlock.special` into: * `landlock.makeipc`: allow creating named pipes and sockets (which are usually used for inter-process communication) * `landlock.makedev`: allow creating block and character devices Misc: The `makedev` name is based on `nodev` from mount(8), which makes mount not interpret block and character devices. `ipc` was suggested by @rusty-snake[2]. Relates to #6078. [1] https://github.com/netblue30/firejail/pull/6078#pullrequestreview-1740569786 [2] https://github.com/netblue30/firejail/pull/6187#issuecomment-1924107294 |
||
|---|---|---|
| .. | ||
| profile.template | ||
| redirect_alias-profile.template | ||
| syscalls.txt | ||