Add landlock runtime detection

We cannot assume that landlock is enabled if we can compile it. Even if it's enabled in the kernel it may still not be loaded. We fill fallback to chroot/bind-mounts if we can. If we can't (because path policies have landlock-specific options), we can't do that either. Closes: #21
2021-12-27 16:51:06 +01:00
parent 98c76089de
commit 6420ca1b40
2 changed files with 53 additions and 3 deletions
--- a/test.c
+++ b/test.c
@ -398,6 +398,11 @@ int test_seccomp_exile_pledge_multiple()
 #if HAVE_LANDLOCK == 1
 int test_landlock()
 {
+	if(!exile_landlock_is_available())
+	{
+		printf("landlock not available, so cannot test\n");
+		return 1;
+	}
 	struct exile_policy *policy = exile_init_policy();
 	exile_append_path_policy(policy, EXILE_FS_ALLOW_ALL_READ, "/proc/self/fd");
 	xexile_enable_policy(policy);