unix: add Landlock consts and types
Change-Id: I5b8eee0594072e58951dd8b655058b96caeba497
Reviewed-on: https://go-review.googlesource.com/c/sys/+/348349
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Matt Layher <mdlayher@gmail.com>
diff --git a/unix/linux/types.go b/unix/linux/types.go
index 0cbea61..56012b8 100644
--- a/unix/linux/types.go
+++ b/unix/linux/types.go
@@ -2,6 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
+//go:build ignore
// +build ignore
/*
@@ -106,6 +107,7 @@
#include <linux/if_pppox.h>
#include <linux/if_xdp.h>
#include <linux/keyctl.h>
+#include <linux/landlock.h>
#include <linux/loop.h>
#include <linux/lwtunnel.h>
#include <linux/mpls_iptunnel.h>
@@ -3817,3 +3819,13 @@
NFC_SDP_ATTR_URI = C.NFC_SDP_ATTR_URI
NFC_SDP_ATTR_SAP = C.NFC_SDP_ATTR_SAP
)
+
+// Landlock
+
+type LandlockRulesetAttr = C.struct_landlock_ruleset_attr
+
+type LandlockPathBeneathAttr = C.struct_landlock_path_beneath_attr
+
+const (
+ LANDLOCK_RULE_PATH_BENEATH = C.LANDLOCK_RULE_PATH_BENEATH
+)
diff --git a/unix/mkerrors.sh b/unix/mkerrors.sh
index 0bcb8c3..850aafe 100755
--- a/unix/mkerrors.sh
+++ b/unix/mkerrors.sh
@@ -229,6 +229,7 @@
#include <linux/input.h>
#include <linux/kexec.h>
#include <linux/keyctl.h>
+#include <linux/landlock.h>
#include <linux/loop.h>
#include <linux/lwtunnel.h>
#include <linux/magic.h>
@@ -497,6 +498,7 @@
$2 ~ /^O?XTABS$/ ||
$2 ~ /^TC[IO](ON|OFF)$/ ||
$2 ~ /^IN_/ ||
+ $2 ~ /^LANDLOCK_/ ||
$2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
$2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
$2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ ||
diff --git a/unix/zerrors_linux.go b/unix/zerrors_linux.go
index 8894c4a..b959fe1 100644
--- a/unix/zerrors_linux.go
+++ b/unix/zerrors_linux.go
@@ -1333,6 +1333,20 @@
KEY_SPEC_THREAD_KEYRING = -0x1
KEY_SPEC_USER_KEYRING = -0x4
KEY_SPEC_USER_SESSION_KEYRING = -0x5
+ LANDLOCK_ACCESS_FS_EXECUTE = 0x1
+ LANDLOCK_ACCESS_FS_MAKE_BLOCK = 0x800
+ LANDLOCK_ACCESS_FS_MAKE_CHAR = 0x40
+ LANDLOCK_ACCESS_FS_MAKE_DIR = 0x80
+ LANDLOCK_ACCESS_FS_MAKE_FIFO = 0x400
+ LANDLOCK_ACCESS_FS_MAKE_REG = 0x100
+ LANDLOCK_ACCESS_FS_MAKE_SOCK = 0x200
+ LANDLOCK_ACCESS_FS_MAKE_SYM = 0x1000
+ LANDLOCK_ACCESS_FS_READ_DIR = 0x8
+ LANDLOCK_ACCESS_FS_READ_FILE = 0x4
+ LANDLOCK_ACCESS_FS_REMOVE_DIR = 0x10
+ LANDLOCK_ACCESS_FS_REMOVE_FILE = 0x20
+ LANDLOCK_ACCESS_FS_WRITE_FILE = 0x2
+ LANDLOCK_CREATE_RULESET_VERSION = 0x1
LINUX_REBOOT_CMD_CAD_OFF = 0x0
LINUX_REBOOT_CMD_CAD_ON = 0x89abcdef
LINUX_REBOOT_CMD_HALT = 0xcdef0123
diff --git a/unix/ztypes_linux.go b/unix/ztypes_linux.go
index 4b73bb3..fffc9e3 100644
--- a/unix/ztypes_linux.go
+++ b/unix/ztypes_linux.go
@@ -3923,3 +3923,16 @@
NFC_SDP_ATTR_URI = 0x1
NFC_SDP_ATTR_SAP = 0x2
)
+
+type LandlockRulesetAttr = struct {
+ Access_fs uint64
+}
+
+type LandlockPathBeneathAttr = struct {
+ Allowed_access uint64
+ Parent_fd int32
+}
+
+const (
+ LANDLOCK_RULE_PATH_BENEATH = 0x1
+)
