op public repos

Commit Diff

Commit:: 35ae81fd7c1505da0adf94dff9c36d9b167c6082
From:: Omar Polo <op@omarpolo.com>
Date:: Thu Feb 10 23:40:18 2022 UTC
Message:: fix landlock usage cf. gmid 1.8.1 and recent changes in game of trees. This doesn't warrant an immediate release since every action is limited to /tmp, ~/Downloads and {config,data,cache}_home.
Actions:: Patch | Tree

commit - 925e150e888f72d015001b674f4e435a9cbe5c4c
commit + 35ae81fd7c1505da0adf94dff9c36d9b167c6082
blob - b5adf7877b778504ad6ad203a29277e2057f32bb
blob + 4ce510af9bce453b372b9f7fc77068b879b2b563
--- sandbox.c
+++ sandbox.c
@@ -122,11 +122,19 @@ open_landlock(void)
 {
 	int fd;
 	struct landlock_ruleset_attr attr = {
-		.handled_access_fs =	LANDLOCK_ACCESS_FS_READ_FILE	|
-					LANDLOCK_ACCESS_FS_READ_DIR	|
-					LANDLOCK_ACCESS_FS_WRITE_FILE	|
-					LANDLOCK_ACCESS_FS_MAKE_DIR	|
-					LANDLOCK_ACCESS_FS_MAKE_REG,
+		.handled_access_fs =	LANDLOCK_ACCESS_FS_EXECUTE |
+					LANDLOCK_ACCESS_FS_READ_FILE |
+					LANDLOCK_ACCESS_FS_READ_DIR |
+					LANDLOCK_ACCESS_FS_WRITE_FILE |
+					LANDLOCK_ACCESS_FS_REMOVE_DIR |
+					LANDLOCK_ACCESS_FS_REMOVE_FILE |
+					LANDLOCK_ACCESS_FS_MAKE_CHAR |
+					LANDLOCK_ACCESS_FS_MAKE_DIR |
+					LANDLOCK_ACCESS_FS_MAKE_REG |
+					LANDLOCK_ACCESS_FS_MAKE_SOCK |
+					LANDLOCK_ACCESS_FS_MAKE_FIFO |
+					LANDLOCK_ACCESS_FS_MAKE_BLOCK |
+					LANDLOCK_ACCESS_FS_MAKE_SYM,
 	};
 
 	fd = landlock_create_ruleset(&attr, sizeof(attr), 0);