summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorB. Bergeron <[email protected]>2025-07-16 00:33:49 -0400
committerB. Bergeron <[email protected]>2025-07-16 00:33:49 -0400
commitea4e6f9000482dd6c1b372d8c6611cc39285e5c7 (patch)
tree30bdd58991e663025281f0ac505a790140cb1285
parent94ccd0bc39a5e8cc8bb119dd3bee0017e054b0ea (diff)
Remove vestigial landlock initialisation logic
-rw-r--r--run_landlock.c67
1 files changed, 28 insertions, 39 deletions
diff --git a/run_landlock.c b/run_landlock.c
index 20be8ac..da76f05 100644
--- a/run_landlock.c
+++ b/run_landlock.c
@@ -15,8 +15,7 @@
static int parse_path_access(const char *str);
static int parse_port_access(const char *str);
-static int landlock_init (struct landlock_ruleset_attr *attr);
-static void landlock_add_rule (char **argv, int ruleset_fd);
+static void landlock_add_rule(char **argv, int ruleset_fd);
static char *argv0;
@@ -46,23 +45,40 @@ static char *argv0;
int main(int argc, char **argv)
{
- int ruleset = 0, opt;
+ int ruleset, opt;
struct landlock_ruleset_attr attr = {0};
+ argv0 = argv[0];
+
+ // Initialize landlock
attr.handled_access_fs = LANDLOCK_ACCESS_FS_ALL;
attr.handled_access_net = LANDLOCK_ACCESS_NET_ALL;
- argv0 = argv[0];
- opterr = 0;
+ errno = 0;
+ ruleset = syscall(SYS_landlock_create_ruleset, &attr, sizeof(struct landlock_ruleset_attr), 0);
+
+ switch (errno) {
+ case 0:
+ break;
- // First argument parse: denied accesss
+ case EOPNOTSUPP:
+ fprintf(stderr, "%s: landlock disabled, running without\n", argv0);
+ break;
+
+ case ENOSYS:
+ fprintf(stderr, "%s: landlock not supported, running without\n", argv0);
+ break;
+
+ default:
+ fprintf(stderr, "%s: failed to initialize landlock (%s)\n", argv0, strerror(errno));
+ return EXIT_FAILURE;
+ }
+
+ // Parse arguments and grant accesses
+ opterr = 0;
while ((opt = getopt(argc, argv, "+hrv")) != -1) {
switch (opt) {
case 'r':
- if (ruleset == 0) {
- ruleset = landlock_init(&attr);
- }
-
landlock_add_rule(argv, ruleset);
break;
@@ -80,10 +96,7 @@ int main(int argc, char **argv)
}
}
- if (ruleset == 0) {
- ruleset = landlock_init(&attr);
- }
-
+ // Enable ruleset
if (ruleset != -1) {
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
@@ -93,6 +106,7 @@ int main(int argc, char **argv)
}
}
+ // Execute command
if (argv[optind] == NULL) {
fprintf(stderr, "%s: missing command argument\n", argv0);
return EXIT_FAILURE;
@@ -159,31 +173,6 @@ static void landlock_rule_attr_add_net_port_access(union landlock_rule_attr *rul
rule_attr->net_port_attr.allowed_access |= access;
}
-static int landlock_init(struct landlock_ruleset_attr *attr)
-{
- int ruleset;
-
- errno = 0;
- ruleset = syscall(SYS_landlock_create_ruleset, attr, sizeof(struct landlock_ruleset_attr), 0);
-
- switch (errno) {
- case 0:
- return ruleset;
-
- case EOPNOTSUPP:
- fprintf(stderr, "%s: landlock disabled, running without\n", argv0);
- return -1;
-
- case ENOSYS:
- fprintf(stderr, "%s: landlock not supported, running without\n", argv0);
- return -1;
-
- default:
- fprintf(stderr, "%s: failed to initialize landlock (%s)\n", argv0, strerror(errno));
- exit(EXIT_FAILURE);
- }
-}
-
static int get_port(const char *str)
{
char *endptr;