1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
# Copyright 2021 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
include <uapi/linux/landlock.h>
resource fd_ruleset[fd]
landlock_create_ruleset(attr ptr[in, landlock_ruleset_attr], size bytesize[attr], flags const[0]) fd_ruleset
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(ruleset_fd fd_ruleset, rule_type const[LANDLOCK_RULE_PATH_BENEATH], rule_attr ptr[in, landlock_path_beneath_attr], flags const[0])
landlock_restrict_self(ruleset_fd fd_ruleset, flags const[0])
landlock_ruleset_attr {
handled_fs_access flags[landlock_access_flags, int64]
}
landlock_path_beneath_attr {
allowed_access flags[landlock_access_flags, int64]
parent_fd fd
} [packed]
landlock_access_flags = LANDLOCK_ACCESS_FS_EXECUTE, LANDLOCK_ACCESS_FS_MAKE_BLOCK, LANDLOCK_ACCESS_FS_MAKE_CHAR, LANDLOCK_ACCESS_FS_MAKE_DIR, LANDLOCK_ACCESS_FS_MAKE_FIFO, LANDLOCK_ACCESS_FS_MAKE_REG, LANDLOCK_ACCESS_FS_MAKE_SOCK, LANDLOCK_ACCESS_FS_MAKE_SYM, LANDLOCK_ACCESS_FS_READ_DIR, LANDLOCK_ACCESS_FS_READ_FILE, LANDLOCK_ACCESS_FS_REMOVE_DIR, LANDLOCK_ACCESS_FS_REMOVE_FILE, LANDLOCK_ACCESS_FS_WRITE_FILE
|
