cmd/fpkg: expose syscall policy options

Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-01-22 12:01:30 +09:00
parent 23e1152baa
commit 580128922b
3 changed files with 12 additions and 0 deletions
--- a/cmd/fpkg/start.go
+++ b/cmd/fpkg/start.go
@@ -5,6 +5,7 @@ import (
 	"path"

 	"git.gensokyo.uk/security/fortify/fst"
+	"git.gensokyo.uk/security/fortify/helper/bwrap"
 	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

@@ -96,6 +97,7 @@ func actionStart(args []string) {
 				UserNS:        app.UserNS,
 				Net:           app.Net,
 				Dev:           app.Dev,
+				Syscall:       &bwrap.SyscallPolicy{DenyDevel: !app.Devel, Multiarch: app.Multiarch, Bluetooth: app.Bluetooth},
 				NoNewSession:  app.NoNewSession || dropShell,
 				MapRealUID:    app.MapRealUID,
 				DirectWayland: app.DirectWayland,