commit 35ae81fd7c1505da0adf94dff9c36d9b167c6082 from: Omar Polo date: Thu Feb 10 23:40:18 2022 UTC fix landlock usage cf. gmid 1.8.1 and recent changes in game of trees. This doesn't warrant an immediate release since every action is limited to /tmp, ~/Downloads and {config,data,cache}_home. commit - 925e150e888f72d015001b674f4e435a9cbe5c4c commit + 35ae81fd7c1505da0adf94dff9c36d9b167c6082 blob - b5adf7877b778504ad6ad203a29277e2057f32bb blob + 4ce510af9bce453b372b9f7fc77068b879b2b563 --- sandbox.c +++ sandbox.c @@ -122,11 +122,19 @@ open_landlock(void) { int fd; struct landlock_ruleset_attr attr = { - .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE | - LANDLOCK_ACCESS_FS_READ_DIR | - LANDLOCK_ACCESS_FS_WRITE_FILE | - LANDLOCK_ACCESS_FS_MAKE_DIR | - LANDLOCK_ACCESS_FS_MAKE_REG, + .handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE | + LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_READ_DIR | + LANDLOCK_ACCESS_FS_WRITE_FILE | + LANDLOCK_ACCESS_FS_REMOVE_DIR | + LANDLOCK_ACCESS_FS_REMOVE_FILE | + LANDLOCK_ACCESS_FS_MAKE_CHAR | + LANDLOCK_ACCESS_FS_MAKE_DIR | + LANDLOCK_ACCESS_FS_MAKE_REG | + LANDLOCK_ACCESS_FS_MAKE_SOCK | + LANDLOCK_ACCESS_FS_MAKE_FIFO | + LANDLOCK_ACCESS_FS_MAKE_BLOCK | + LANDLOCK_ACCESS_FS_MAKE_SYM, }; fd = landlock_create_ruleset(&attr, sizeof(attr), 0);