commit - 67c49bc5c794c4375344ea010be608572d6f0070
commit + 0ea22af2805935f4562fb537eb57d85809e70a84
blob - a5f6c63cd32c4d92c51eb0376594370f41291d62
blob + c2e028bea7d959d1dd2552894d425f16786fa7b4
--- sandbox.c
+++ sandbox.c
#endif /* SC_DEBUG */
#if HAVE_LANDLOCK
+static inline int
+gmid_create_landlock_rs(struct landlock_ruleset_attr *attr, size_t len,
+ __u32 flags)
+{
+ int fd;
+
+ fd = landlock_create_ruleset(attr, len, 0);
+ if (fd == -1) {
+ switch (errno) {
+ case ENOSYS:
+ fatal("%s: failed to create ruleset. "
+ "Landlock doesn't seem to be supported by the "
+ "current kernel.", __func__);
+ case EOPNOTSUPP:
+ log_warn(NULL, "%s: failed to create ruleset. "
+ "Landlock seems to be currently disabled; "
+ "continuing without it.", __func__);
+ break;
+ default:
+ fatal("%s: failed to create ruleset: %s",
+ __func__, strerror(errno));
+ }
+ }
+
+ return fd;
+}
+
static int
server_landlock(void)
{
LANDLOCK_ACCESS_FS_READ_DIR,
};
- fd = landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
- if (fd == -1) {
- switch (errno) {
- case ENOSYS:
- fatal("%s: failed to create ruleset. "
- "Landlock doesn't seem to be supported by the "
- "current kernel.", __func__);
- case EOPNOTSUPP:
- log_warn(NULL, "%s: failed to create ruleset. "
- "Landlock seems to be currently disabled; "
- "continuing without it.", __func__);
- return -1;
- default:
- fatal("%s: failed to create ruleset: %s",
- __func__, strerror(errno));
- }
- }
+ fd = gmid_create_landlock_rs(&ruleset_attr, sizeof(ruleset_attr), 0);
+ if (fd == -1)
+ return -1;
TAILQ_FOREACH(h, &hosts, vhosts) {
TAILQ_FOREACH(l, &h->locations, locations) {
