bryson/pacman
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

libalpm: Capitalize "Landlock" as suggested by Mickaël Salaün

Browse source
This commit is contained in:
Remi Gacogne 2024-09-17 16:55:42 +02:00
parent 1941b3d3f5
commit 46504eea65
No known key found for this signature in database
GPG key ID: 40825C6BDD1A4146
1 changed files with 11 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
lib/libalpm/sandbox_fs.c
View file

@ -110,39 +110,39 @@ bool _alpm_sandbox_fs_restrict_writes_to(alpm_handle_t *handle, const char *path
abi = landlock_create_ruleset(NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
if(abi < 0) {
/* landlock is not supported/enabled in the kernel */
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because landlock is not supported by the kernel!\n"));
/* Landlock is not supported/enabled in the kernel */
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because Landlock is not supported by the kernel!\n"));
return true;
}
#ifdef LANDLOCK_ACCESS_FS_REFER
if(abi < 2) {
_alpm_log(handle, ALPM_LOG_DEBUG, _("landlock ABI < 2, LANDLOCK_ACCESS_FS_REFER is not supported\n"));
_alpm_log(handle, ALPM_LOG_DEBUG, _("Landlock ABI < 2, LANDLOCK_ACCESS_FS_REFER is not supported\n"));
ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_REFER;
}
#endif /* LANDLOCK_ACCESS_FS_REFER */
#ifdef LANDLOCK_ACCESS_FS_TRUNCATE
if(abi < 3) {
_alpm_log(handle, ALPM_LOG_DEBUG, _("landlock ABI < 3, LANDLOCK_ACCESS_FS_TRUNCATE is not supported\n"));
_alpm_log(handle, ALPM_LOG_DEBUG, _("Landlock ABI < 3, LANDLOCK_ACCESS_FS_TRUNCATE is not supported\n"));
ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_TRUNCATE;
}
#endif /* LANDLOCK_ACCESS_FS_TRUNCATE */
ruleset_fd = landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
if(ruleset_fd < 0) {
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because the landlock ruleset could not be created: %s\n"), strerror(errno));
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because the Landlock ruleset could not be created: %s\n"), strerror(errno));
return false;
}
/* allow / as read-only */
path_beneath.parent_fd = open("/", O_PATH | O_CLOEXEC | O_DIRECTORY);
if(path_beneath.parent_fd == -1) {
_alpm_log(handle, ALPM_LOG_ERROR, _("opening the root filesystem to make it read-only via landlock failed: %s\n"), strerror(errno));
_alpm_log(handle, ALPM_LOG_ERROR, _("opening the root filesystem to make it read-only via Landlock failed: %s\n"), strerror(errno));
return false;
}
path_beneath.allowed_access = _LANDLOCK_ACCESS_FS_READ;
if(landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, &path_beneath, 0) != 0) {
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because the landlock rule for / could not be added: %s\n"), strerror(errno));
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because the Landlock rule for / could not be added: %s\n"), strerror(errno));
close(path_beneath.parent_fd);
close(ruleset_fd);
return false;
@ -153,7 +153,7 @@ bool _alpm_sandbox_fs_restrict_writes_to(alpm_handle_t *handle, const char *path
/* allow read-write access to the directory passed as parameter */
path_beneath.parent_fd = open(path, O_PATH | O_CLOEXEC | O_DIRECTORY);
if(path_beneath.parent_fd == -1) {
_alpm_log(handle, ALPM_LOG_ERROR, _("opening the download directory to make it writable via landlock failed: %s\n"), strerror(errno));
_alpm_log(handle, ALPM_LOG_ERROR, _("opening the download directory to make it writable via Landlock failed: %s\n"), strerror(errno));
return false;
}
path_beneath.allowed_access = _LANDLOCK_ACCESS_FS_READ | _LANDLOCK_ACCESS_FS_WRITE | _LANDLOCK_ACCESS_FS_TRUNCATE;
@ -164,17 +164,17 @@ bool _alpm_sandbox_fs_restrict_writes_to(alpm_handle_t *handle, const char *path
if(landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, &path_beneath, 0) == 0) {
if(landlock_restrict_self(ruleset_fd, 0)) {
result = errno;
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because the landlock ruleset could not be applied: %s\n"), strerror(result));
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because the Landlock ruleset could not be applied: %s\n"), strerror(result));
}
} else {
result = errno;
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because the landlock rule for the temporary download directory could not be added: %s\n"), strerror(result));
_alpm_log(handle, ALPM_LOG_ERROR, _("restricting filesystem access failed because the Landlock rule for the temporary download directory could not be added: %s\n"), strerror(result));
}
close(path_beneath.parent_fd);
close(ruleset_fd);
if(result == 0) {
_alpm_log(handle, ALPM_LOG_DEBUG, _("filesystem access has been restricted to %s, landlock ABI is %d\n"), path, abi);
_alpm_log(handle, ALPM_LOG_DEBUG, _("filesystem access has been restricted to %s, Landlock ABI is %d\n"), path, abi);
return true;
}
return false;