pacman

Author SHA1 Message Date

Author	SHA1	Message	Date
Chih-Hsuan Yen	e3aedfb7aa	Correctly configure landlock for older ABIs For example, with landlock ABI < 3, LANDLOCK_ACCESS_FS_TRUNCATE is not set in ruleset_attr.handled_access_fs, so it should not be set in path_beneath.allowed_access either. Otherwise, landlock_add_rule fails with -EINVAL, and pacman complains: > error: restricting filesystem access failed because the landlock rule for the temporary download directory could not be added! The change is tested on Debian Bookworm kernel linux-image-6.1.0-25-cloud-amd64 6.1.106-3. (cherry picked from commit `e80569f5da`)	2024-11-16 13:17:29 +10:00
Allan McRae	95e71ce52b	Tidy up landlock check This test was flagged as ambiguous by clang. Signed-off-by: Allan McRae <allan@archlinux.org>	2024-07-14 19:03:23 +10:00
Remi Gacogne	eacadbcc41	Restrict filesystem access to the download process whenever possible Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>	2024-06-14 09:30:20 +02:00

Chih-Hsuan Yen

e3aedfb7aa

Correctly configure landlock for older ABIs

For example, with landlock ABI < 3, LANDLOCK_ACCESS_FS_TRUNCATE is not
set in ruleset_attr.handled_access_fs, so it should not be set in
path_beneath.allowed_access either. Otherwise, landlock_add_rule fails
with -EINVAL, and pacman complains:

> error: restricting filesystem access failed because the landlock rule for the temporary download directory could not be added!

The change is tested on Debian Bookworm kernel
linux-image-6.1.0-25-cloud-amd64 6.1.106-3.

(cherry picked from commit e80569f5da)

2024-11-16 13:17:29 +10:00

Allan McRae

95e71ce52b

Tidy up landlock check

This test was flagged as ambiguous by clang.

Signed-off-by: Allan McRae <allan@archlinux.org>

2024-07-14 19:03:23 +10:00

Remi Gacogne

eacadbcc41

Restrict filesystem access to the download process whenever possible

Signed-off-by: Remi Gacogne <rgacogne@archlinux.org>

2024-06-14 09:30:20 +02:00

3 commits