dietshasta
/
Sandbox
1
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more landlock rules

main
dietshasta 2024-03-15 19:37:40 +00:00
parent eca7410d43
commit 19d6d266bc
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
daemon/Sandbox.cpp
View File

@ -208,6 +208,12 @@ namespace i2p {
return false;
if(!addrule("/usr/share/zoneinfo/", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
return false;
if(!addrule("/proc/sys/vm", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
return false;
if(!addrule("/sys/devices/system/cpu/", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
return false;
if(!addrule("/dev/urandom", LANDLOCK_ACCESS_FS_READ_FILE, ruleset_fd))
return false;
if(!addrule("/etc/ld.so.cache", LANDLOCK_ACCESS_FS_READ_FILE, ruleset_fd))
return false;
if(!addrule("/etc/nsswitch.conf", LANDLOCK_ACCESS_FS_READ_FILE, ruleset_fd))