From 2f3c16ff202947ee7671f5b36c2cd294449ff26f Mon Sep 17 00:00:00 2001
From: Mickaël Salaün <mic@linux.microsoft.com>
Date: Tue, 10 Oct 2023 18:28:59 +0200
Subject: sys/linux: add the Landlock network rule type and access rights
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add the new lanlock_net_port_attr struct and related
LANDLOCK_ACCESS_NET_{BIND,CONNECT}_TCP flags for TCP access control.

Add landlock_ruleset_attr's handled_access_net field and fix
handled_access_fs name.

Update tests with the new landlock_ruleset_attr's handled_access_net
field.

Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
---
 sys/linux/landlock.txt.const | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'sys/linux/landlock.txt.const')

diff --git a/sys/linux/landlock.txt.const b/sys/linux/landlock.txt.const
index b5fac871b..3c09a0589 100644
--- a/sys/linux/landlock.txt.const
+++ b/sys/linux/landlock.txt.const
@@ -15,6 +15,9 @@ LANDLOCK_ACCESS_FS_REMOVE_DIR = 16
 LANDLOCK_ACCESS_FS_REMOVE_FILE = 32
 LANDLOCK_ACCESS_FS_TRUNCATE = 16384
 LANDLOCK_ACCESS_FS_WRITE_FILE = 2
+LANDLOCK_ACCESS_NET_BIND_TCP = 1
+LANDLOCK_ACCESS_NET_CONNECT_TCP = 2
+LANDLOCK_RULE_NET_PORT = 2
 LANDLOCK_RULE_PATH_BENEATH = 1
 __NR_landlock_add_rule = 445, mips64le:5445
 __NR_landlock_create_ruleset = 444, mips64le:5444
-- 
cgit mrf-deployment