Blob


1 #include <linux/landlock.h>
2 #include <linux/prctl.h>
3 #include <stdlib.h>
4 #include <sys/prctl.h>
5 #include <sys/syscall.h>
6 #include <unistd.h>
7 #include <stdint.h>
9 #ifndef landlock_create_ruleset
10 static inline int landlock_create_ruleset(const struct landlock_ruleset_attr *const attr,
11 const size_t size, const __u32 flags)
12 {
13 return syscall(__NR_landlock_create_ruleset, attr, size, flags);
14 }
15 #endif
17 #ifndef landlock_restrict_self
18 static inline int landlock_restrict_self(const int ruleset_fd,
19 const __u32 flags)
20 {
21 return syscall(__NR_landlock_restrict_self, ruleset_fd, flags);
22 }
23 #endif
25 int
26 main(void)
27 {
28 uint64_t mask = LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_WRITE_FILE;
29 struct landlock_ruleset_attr rules = {
30 .handled_access_fs = mask
31 };
32 int fd = landlock_create_ruleset(&rules, sizeof(rules), 0);
34 if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
35 return 1;
36 return landlock_restrict_self(fd, 0) ? 1 : 0;
37 }