Add landlock runtime detection
We cannot assume that landlock is enabled if we can compile it. Even if it's enabled in the kernel it may still not be loaded. We fill fallback to chroot/bind-mounts if we can. If we can't (because path policies have landlock-specific options), we can't do that either. Closes: #21
Dieser Commit ist enthalten in:
5
test.c
5
test.c
@@ -398,6 +398,11 @@ int test_seccomp_exile_pledge_multiple()
|
||||
#if HAVE_LANDLOCK == 1
|
||||
int test_landlock()
|
||||
{
|
||||
if(!exile_landlock_is_available())
|
||||
{
|
||||
printf("landlock not available, so cannot test\n");
|
||||
return 1;
|
||||
}
|
||||
struct exile_policy *policy = exile_init_policy();
|
||||
exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ, "/proc/self/fd");
|
||||
xexile_enable_policy(policy);
|
||||
|
||||
In neuem Issue referenzieren
Einen Benutzer sperren