Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

landlock: use "landlock.fs." prefix in filesystem commands #6228

Merged
merged 2 commits into from
Feb 29, 2024
Merged

landlock: use "landlock.fs." prefix in filesystem commands #6228

merged 2 commits into from
Feb 29, 2024

Conversation

kmk3
Copy link
Collaborator

@kmk3 kmk3 commented Feb 28, 2024

Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.

So use landlock.fs. as the prefix in the current filesystem-related
commands (and later landlock.net. for the network-related commands) to
keep them organized and to match what is used in the kernel.

Examples of filesystem and network access flags:

  • LANDLOCK_ACCESS_FS_EXECUTE: Execute a file.
  • LANDLOCK_ACCESS_FS_READ_DIR: Open a directory or list its content.
  • LANDLOCK_ACCESS_NET_BIND_TCP: Bind a TCP socket to a local port.
  • LANDLOCK_ACCESS_NET_CONNECT_TCP: Connect an active TCP socket to a
    remote port.

Relates to #6078.

@kmk3
landlock: add _fs prefix to filesystem functions
1758765 
Relates to netblue30#6078.
@kmk3
landlock: use "landlock.fs." prefix in filesystem commands
9cfeb48 
Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.

So use `landlock.fs.` as the prefix in the current filesystem-related
commands (and later `landlock.net.` for the network-related commands) to
keep them organized and to match what is used in the kernel.

Examples of filesystem and network access flags:

* `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file.
* `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content.
* `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port.
* `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a
  remote port.

Relates to netblue30#6078.
glitsj16
glitsj16 approved these changes Feb 28, 2024
View reviewed changes
Copy link
Collaborator

@glitsj16 glitsj16 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice work!

@netblue30 netblue30 merged commit d995108 into netblue30:master Feb 29, 2024
14 checks passed
@netblue30
Copy link
Owner

cool!

@kmk3 kmk3 deleted the landlock-add-fs branch March 1, 2024 04:45
kmk3 added a commit that referenced this pull request Mar 1, 2024
@kmk3
RELNOTES: add feature and build items
df257a8 
Relates to #6217 #6222 #6228 #6230.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glitsj16 glitsj16 glitsj16 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Release 0.9.74
Status: Done (on RELNOTES)
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kmk3 @netblue30 @glitsj16