From c6512ef73a66c56765fe73422ce54003ede8c0cd Mon Sep 17 00:00:00 2001
From: Mickaël Salaün <mic@linux.microsoft.com>
Date: Fri, 14 Feb 2025 09:56:20 +0100
Subject: sys/linux: add Landlock syscall flags
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add the new LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF,
LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON, and
LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_ON flags for landlock_restrict_self(2)
from Linux 6.15 (audit support for Landlock).

Also add the LANDLOCK_CREATE_RULESET_VERSION and
LANDLOCK_CREATE_RULESET_ERRATA flags for landlock_create_ruleset(2).

Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
---
 sys/linux/landlock.txt.const | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'sys/linux/landlock.txt.const')

diff --git a/sys/linux/landlock.txt.const b/sys/linux/landlock.txt.const
index 142c76bf1..23b776c46 100644
--- a/sys/linux/landlock.txt.const
+++ b/sys/linux/landlock.txt.const
@@ -18,6 +18,11 @@ LANDLOCK_ACCESS_FS_TRUNCATE = 16384
 LANDLOCK_ACCESS_FS_WRITE_FILE = 2
 LANDLOCK_ACCESS_NET_BIND_TCP = 1
 LANDLOCK_ACCESS_NET_CONNECT_TCP = 2
+LANDLOCK_CREATE_RULESET_ERRATA = 2
+LANDLOCK_CREATE_RULESET_VERSION = 1
+LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON = 2
+LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF = 1
+LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF = 4
 LANDLOCK_RULE_NET_PORT = 2
 LANDLOCK_RULE_PATH_BENEATH = 1
 LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET = 1
-- 
cgit mrf-deployment