Home
last modified time | relevance | path

Searched refs:ruleset_fd (Results 1 – 8 of 8) sorted by relevance

/Linux-v6.6/tools/testing/selftests/landlock/
Dfs_test.c437 int ruleset_fd; in TEST_F_FORK() local
443 ruleset_fd = open(dir_s1d1, O_PATH | O_DIRECTORY | O_CLOEXEC); in TEST_F_FORK()
444 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
445 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
449 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
451 ruleset_fd = open(dir_s1d1, O_DIRECTORY | O_CLOEXEC); in TEST_F_FORK()
452 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
453 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
457 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
460 ruleset_fd = in TEST_F_FORK()
[all …]
Dbase_test.c105 int ruleset_fd; in TEST() local
137 ruleset_fd = in TEST()
139 ASSERT_LE(0, ruleset_fd); in TEST()
140 ASSERT_EQ(0, close(ruleset_fd)); in TEST()
153 const int ruleset_fd = in TEST() local
156 ASSERT_LE(0, ruleset_fd); in TEST()
167 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, 0, NULL, 0)); in TEST()
171 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST()
176 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST()
184 ASSERT_EQ(0, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST()
[all …]
Dptrace_test.c30 int ruleset_fd; in create_domain() local
35 ruleset_fd = in create_domain()
37 EXPECT_LE(0, ruleset_fd) in create_domain()
42 EXPECT_EQ(0, landlock_restrict_self(ruleset_fd, 0)); in create_domain()
43 EXPECT_EQ(0, close(ruleset_fd)); in create_domain()
Dcommon.h92 static inline int landlock_add_rule(const int ruleset_fd, in landlock_add_rule() argument
97 return syscall(__NR_landlock_add_rule, ruleset_fd, rule_type, rule_attr, in landlock_add_rule()
103 static inline int landlock_restrict_self(const int ruleset_fd, in landlock_restrict_self() argument
106 return syscall(__NR_landlock_restrict_self, ruleset_fd, flags); in landlock_restrict_self()
/Linux-v6.6/samples/landlock/
Dsandboxer.c34 static inline int landlock_add_rule(const int ruleset_fd, in landlock_add_rule() argument
39 return syscall(__NR_landlock_add_rule, ruleset_fd, rule_type, rule_attr, in landlock_add_rule()
45 static inline int landlock_restrict_self(const int ruleset_fd, in landlock_restrict_self() argument
48 return syscall(__NR_landlock_restrict_self, ruleset_fd, flags); in landlock_restrict_self()
84 static int populate_ruleset(const char *const env_var, const int ruleset_fd, in populate_ruleset() argument
128 if (landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in populate_ruleset()
175 int ruleset_fd, abi; in main() local
277 ruleset_fd = in main()
279 if (ruleset_fd < 0) { in main()
283 if (populate_ruleset(ENV_FS_RO_NAME, ruleset_fd, access_fs_ro)) { in main()
[all …]
/Linux-v6.6/security/landlock/
Dsyscalls.c163 int err, ruleset_fd; in SYSCALL_DEFINE3() local
197 ruleset_fd = anon_inode_getfd("[landlock-ruleset]", &ruleset_fops, in SYSCALL_DEFINE3()
199 if (ruleset_fd < 0) in SYSCALL_DEFINE3()
201 return ruleset_fd; in SYSCALL_DEFINE3()
305 SYSCALL_DEFINE4(landlock_add_rule, const int, ruleset_fd, in SYSCALL_DEFINE4() argument
322 ruleset = get_ruleset_from_fd(ruleset_fd, FMODE_CAN_WRITE); in SYSCALL_DEFINE4()
397 SYSCALL_DEFINE2(landlock_restrict_self, const int, ruleset_fd, const __u32, in SYSCALL_DEFINE2() argument
421 ruleset = get_ruleset_from_fd(ruleset_fd, FMODE_CAN_READ); in SYSCALL_DEFINE2()
/Linux-v6.6/Documentation/userspace-api/
Dlandlock.rst101 int ruleset_fd;
103 ruleset_fd = landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
104 if (ruleset_fd < 0) {
129 close(ruleset_fd);
132 err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH,
137 close(ruleset_fd);
155 close(ruleset_fd);
163 if (landlock_restrict_self(ruleset_fd, 0)) {
165 close(ruleset_fd);
168 close(ruleset_fd);
/Linux-v6.6/include/linux/
Dsyscalls.h932 asmlinkage long sys_landlock_add_rule(int ruleset_fd, enum landlock_rule_type rule_type,
934 asmlinkage long sys_landlock_restrict_self(int ruleset_fd, __u32 flags);