#include <errno.h>#include <fcntl.h>#include <stddef.h>#include <unistd.h>#include "config.h"#include "log.h"#include "sandbox_fs.h"#include "util.h"#include <linux/landlock.h>#include <sys/prctl.h>#include <sys/syscall.h>
Include dependency graph for sandbox_fs.c:
Macros | |
| #define | _LANDLOCK_ACCESS_FS_WRITE |
| #define | _LANDLOCK_ACCESS_FS_READ |
| #define | _LANDLOCK_ACCESS_FS_REFER 0 |
| #define | _LANDLOCK_ACCESS_FS_TRUNCATE 0 |
Functions | |
| static int | landlock_create_ruleset (const struct landlock_ruleset_attr *const attr, const size_t size, const __u32 flags) |
| static int | landlock_add_rule (const int ruleset_fd, const enum landlock_rule_type rule_type, const void *const rule_attr, const __u32 flags) |
| static int | landlock_restrict_self (const int ruleset_fd, const __u32 flags) |
Macro Definition Documentation
◆ _LANDLOCK_ACCESS_FS_READ
| #define _LANDLOCK_ACCESS_FS_READ |
Value:
( \
LANDLOCK_ACCESS_FS_READ_FILE | \
LANDLOCK_ACCESS_FS_READ_DIR)
◆ _LANDLOCK_ACCESS_FS_REFER
| #define _LANDLOCK_ACCESS_FS_REFER 0 |
◆ _LANDLOCK_ACCESS_FS_TRUNCATE
| #define _LANDLOCK_ACCESS_FS_TRUNCATE 0 |
◆ _LANDLOCK_ACCESS_FS_WRITE
| #define _LANDLOCK_ACCESS_FS_WRITE |
Value:
( \
LANDLOCK_ACCESS_FS_WRITE_FILE | \
LANDLOCK_ACCESS_FS_REMOVE_DIR | \
LANDLOCK_ACCESS_FS_REMOVE_FILE | \
LANDLOCK_ACCESS_FS_MAKE_CHAR | \
LANDLOCK_ACCESS_FS_MAKE_DIR | \
LANDLOCK_ACCESS_FS_MAKE_REG | \
LANDLOCK_ACCESS_FS_MAKE_SOCK | \
LANDLOCK_ACCESS_FS_MAKE_FIFO | \
LANDLOCK_ACCESS_FS_MAKE_BLOCK | \
LANDLOCK_ACCESS_FS_MAKE_SYM)
Function Documentation
◆ landlock_add_rule()
|
inlinestatic |
◆ landlock_create_ruleset()
|
inlinestatic |
◆ landlock_restrict_self()
|
inlinestatic |
Generated by
1.11.0