filed
Job queue using FUSE
git clone git://mccd.space/filed
| Log | Files | Refs | README | LICENSE |
commit c673f28208bebddcd6b7712dbd311792dd4cea83 parent d3921b301603f450d29942c0afd18d0018fddffe Author: Marc Coquand <marc@coquand.email> Date: Thu, 29 Jan 2026 11:34:53 +0100 Add ability to block network to filed-launch Still needs to be added to filed Diffstat:
| M | cmd/filed-launch/main.go | | | 8 | +++++++- |
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/cmd/filed-launch/main.go b/cmd/filed-launch/main.go
@@ -32,6 +32,7 @@ func main() {
rwPaths = append(rwPaths, s)
return nil
})
+ blockNetwork := flag.Bool("block-network", false, "Strictly block all TCP networking")
flag.Parse()
if flag.NArg() < 1 {
@@ -54,7 +55,12 @@ func main() {
if len(rwFilePaths) > 0 {
rules = append(rules, landlock.RWFiles(rwFilePaths...))
}
- if len(rules) > 0 {
+ if len(rules) > 0 && *blockNetwork {
+ err := landlock.V5.BestEffort().Restrict(rules...)
+ if err != nil {
+ log.Fatalf("failed to apply landlock: %v", err)
+ }
+ } else if len(rules) > 0 {
if err := landlock.V5.BestEffort().RestrictPaths(rules...); err != nil {
log.Fatalf("failed to apply landlock: %v", err)
}