diff options
| author | Omar Polo <op@omarpolo.com> | 2023-08-23 20:18:59 +0000 |
|---|---|---|
| committer | Omar Polo <op@omarpolo.com> | 2023-08-23 20:18:59 +0000 |
| commit | 4d9d3093d48025a1a66c125f7878a094cf2c9d10 (patch) | |
| tree | b41280c9e32b33a7dc380d6abfbca08fded10554 /have | |
| parent | cedef5b09c13d8fac119a7ee5595ee253c2a37b4 (diff) | |
resurrect landlock support
this time targetting ABI level 3; partially based on how claudio@
handled it in rpki-client. Fun how this bit of code has come full
circle (gmid inspired what I wrote for got, which inspired what was
written for rpki-client, which has come back.)
Diffstat (limited to 'have')
| -rw-r--r-- | have/Makefile | 1 | ||||
| -rw-r--r-- | have/landlock.c | 42 |
2 files changed, 43 insertions, 0 deletions
diff --git a/have/Makefile b/have/Makefile index d2a1dfa..b9ff6ec 100644 --- a/have/Makefile +++ b/have/Makefile @@ -15,6 +15,7 @@ DISTFILES = ASN1_time_parse.c \ getentropy.c \ getprogname.c \ imsg.c \ + landlock.c \ libevent.c \ libevent2.c \ libtls.c \ diff --git a/have/landlock.c b/have/landlock.c new file mode 100644 index 0000000..6548e88 --- /dev/null +++ b/have/landlock.c @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2023 Omar Polo <op@omarpolo.com> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include <linux/landlock.h> +#include <sys/prctl.h> +#include <sys/stat.h> +#include <sys/syscall.h> + +#ifndef landlock_create_ruleset +static inline int +landlock_create_ruleset(const struct landlock_ruleset_attr *attr, size_t size, + __u32 flags) +{ + return syscall(__NR_landlock_create_ruleset, attr, size, flags); +} +#endif + +int +main(void) +{ + int rfd; + const struct landlock_ruleset_attr rsattr = { + .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_READ_DIR + }; + + rfd = landlock_create_ruleset(&rsattr, sizeof(rsattr), 0); + return rfd == -1; +} |