Commits


fmt


support landlock ABI v2 and v3 Add the right #ifdef for backward-compatibility and block REFER and TRUNCATE as well, otherwise they're silently and implicitly allowed. The funny part is that LANDLOCK_ACCESS_FS_TRUNCATE doesn't even need write permissions. ok thomas


remove needless newline escaping


don't include linux/prctl.h On some libc implementations (at least musl) linux/prctl.h conflicts with sys/prctl.h as they both define the same structs. Fixes the build on alpine linux; reported by omni on IRC, thanks! ok thomas


dropping unused includes


fix landlock usage: handled_access_fs must list all actions The ruleset's handled_access_fs has to list all the defined actions because otherwise missing ones are implicitly permitted. Thus, the previous version ended up allowing "almost everything" except reading files. Original diff from Mickaël Salaün, thanks! ok thomas


s/ENOTSUP/EOPNOTSUPP/ linux defines these errors to the same values, but the landlock doc uses `EOPNOTSUPP' consistently. Spotted initially by brynet@ and reminded by Mickaël Salaün, thanks! ok thomas


portable: add support for landlock landlock is a new set of linux APIs that is conceptually similar to unveil(2): the idea is to restrict what a process can do on a specified part of the filesystem. There are some differences in the behaviour: the major one being that the landlock ruleset is inherited across execve(2). This just restricts the libexec helpers by completely revoking ANY filesystem access; after all they are the biggest attack surface. got send/fetch/clone *may* end up spawning ssh(1), so at the moment is not possible to landlock the main process. From Omar Polo.