diff options
author | B. Bergeron <[email protected]> | 2025-07-16 00:33:49 -0400 |
---|---|---|
committer | B. Bergeron <[email protected]> | 2025-07-16 00:33:49 -0400 |
commit | ea4e6f9000482dd6c1b372d8c6611cc39285e5c7 (patch) | |
tree | 30bdd58991e663025281f0ac505a790140cb1285 | |
parent | 94ccd0bc39a5e8cc8bb119dd3bee0017e054b0ea (diff) |
Remove vestigial landlock initialisation logic
-rw-r--r-- | run_landlock.c | 67 |
1 files changed, 28 insertions, 39 deletions
diff --git a/run_landlock.c b/run_landlock.c index 20be8ac..da76f05 100644 --- a/run_landlock.c +++ b/run_landlock.c @@ -15,8 +15,7 @@ static int parse_path_access(const char *str); static int parse_port_access(const char *str); -static int landlock_init (struct landlock_ruleset_attr *attr); -static void landlock_add_rule (char **argv, int ruleset_fd); +static void landlock_add_rule(char **argv, int ruleset_fd); static char *argv0; @@ -46,23 +45,40 @@ static char *argv0; int main(int argc, char **argv) { - int ruleset = 0, opt; + int ruleset, opt; struct landlock_ruleset_attr attr = {0}; + argv0 = argv[0]; + + // Initialize landlock attr.handled_access_fs = LANDLOCK_ACCESS_FS_ALL; attr.handled_access_net = LANDLOCK_ACCESS_NET_ALL; - argv0 = argv[0]; - opterr = 0; + errno = 0; + ruleset = syscall(SYS_landlock_create_ruleset, &attr, sizeof(struct landlock_ruleset_attr), 0); + + switch (errno) { + case 0: + break; - // First argument parse: denied accesss + case EOPNOTSUPP: + fprintf(stderr, "%s: landlock disabled, running without\n", argv0); + break; + + case ENOSYS: + fprintf(stderr, "%s: landlock not supported, running without\n", argv0); + break; + + default: + fprintf(stderr, "%s: failed to initialize landlock (%s)\n", argv0, strerror(errno)); + return EXIT_FAILURE; + } + + // Parse arguments and grant accesses + opterr = 0; while ((opt = getopt(argc, argv, "+hrv")) != -1) { switch (opt) { case 'r': - if (ruleset == 0) { - ruleset = landlock_init(&attr); - } - landlock_add_rule(argv, ruleset); break; @@ -80,10 +96,7 @@ int main(int argc, char **argv) } } - if (ruleset == 0) { - ruleset = landlock_init(&attr); - } - + // Enable ruleset if (ruleset != -1) { prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0); @@ -93,6 +106,7 @@ int main(int argc, char **argv) } } + // Execute command if (argv[optind] == NULL) { fprintf(stderr, "%s: missing command argument\n", argv0); return EXIT_FAILURE; @@ -159,31 +173,6 @@ static void landlock_rule_attr_add_net_port_access(union landlock_rule_attr *rul rule_attr->net_port_attr.allowed_access |= access; } -static int landlock_init(struct landlock_ruleset_attr *attr) -{ - int ruleset; - - errno = 0; - ruleset = syscall(SYS_landlock_create_ruleset, attr, sizeof(struct landlock_ruleset_attr), 0); - - switch (errno) { - case 0: - return ruleset; - - case EOPNOTSUPP: - fprintf(stderr, "%s: landlock disabled, running without\n", argv0); - return -1; - - case ENOSYS: - fprintf(stderr, "%s: landlock not supported, running without\n", argv0); - return -1; - - default: - fprintf(stderr, "%s: failed to initialize landlock (%s)\n", argv0, strerror(errno)); - exit(EXIT_FAILURE); - } -} - static int get_port(const char *str) { char *endptr; |