Blame
Date:
Fri Jul 1 19:42:55 2022 UTC
Message:
switch to kristaps@' oconfigure

It's a bit ugly to depend _only_ on the OpenBSD make infrastructure;
it's better when things are portable! Making mymenu-portable would be
more effort than what it's worth it, so just make the main version
portable (again). kristaps@' oconfigure (used also by mandoc-portable
and mymenu) is a lightweight configure system that's really nice to use.

see GitHub issue #1
01
2022-07-01
op
#include <linux/landlock.h>
02
2022-07-01
op
#include <linux/prctl.h>
03
2022-07-01
op
#include <stdlib.h>
04
2022-07-01
op
#include <sys/prctl.h>
05
2022-07-01
op
#include <sys/syscall.h>
06
2022-07-01
op
#include <unistd.h>
07
2022-07-01
op
#include <stdint.h>
08
2022-07-01
op
09
2022-07-01
op
#ifndef landlock_create_ruleset
10
2022-07-01
op
static inline int landlock_create_ruleset(const struct landlock_ruleset_attr *const attr,
11
2022-07-01
op
const size_t size, const __u32 flags)
12
2022-07-01
op
{
13
2022-07-01
op
return syscall(__NR_landlock_create_ruleset, attr, size, flags);
14
2022-07-01
op
}
15
2022-07-01
op
#endif
16
2022-07-01
op
17
2022-07-01
op
#ifndef landlock_restrict_self
18
2022-07-01
op
static inline int landlock_restrict_self(const int ruleset_fd,
19
2022-07-01
op
const __u32 flags)
20
2022-07-01
op
{
21
2022-07-01
op
return syscall(__NR_landlock_restrict_self, ruleset_fd, flags);
22
2022-07-01
op
}
23
2022-07-01
op
#endif
24
2022-07-01
op
25
2022-07-01
op
int
26
2022-07-01
op
main(void)
27
2022-07-01
op
{
28
2022-07-01
op
uint64_t mask = LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_WRITE_FILE;
29
2022-07-01
op
struct landlock_ruleset_attr rules = {
30
2022-07-01
op
.handled_access_fs = mask
31
2022-07-01
op
};
32
2022-07-01
op
int fd = landlock_create_ruleset(&rules, sizeof(rules), 0);
33
2022-07-01
op
34
2022-07-01
op
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
35
2022-07-01
op
return 1;
36
2022-07-01
op
return landlock_restrict_self(fd, 0) ? 1 : 0;
37
2022-07-01
op
}
Omar Polo