diff options
Diffstat (limited to 'man2/landlock_add_rule.2')
-rw-r--r-- | man2/landlock_add_rule.2 | 131 |
1 files changed, 0 insertions, 131 deletions
diff --git a/man2/landlock_add_rule.2 b/man2/landlock_add_rule.2 deleted file mode 100644 index 2858fa3..0000000 --- a/man2/landlock_add_rule.2 +++ /dev/null @@ -1,131 +0,0 @@ -.\" Copyright © 2017-2020 Mickaël Salaün <mic@digikod.net> -.\" Copyright © 2019-2020 ANSSI -.\" Copyright © 2021 Microsoft Corporation -.\" -.\" SPDX-License-Identifier: Linux-man-pages-copyleft -.\" -.TH landlock_add_rule 2 2023-10-31 "Linux man-pages 6.7" -.SH NAME -landlock_add_rule \- add a new Landlock rule to a ruleset -.SH LIBRARY -Standard C library -.RI ( libc ", " \-lc ) -.SH SYNOPSIS -.nf -.BR "#include <linux/landlock.h>" " /* Definition of " LANDLOCK_* " constants */" -.BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */" -.P -.BI "int syscall(SYS_landlock_add_rule, int " ruleset_fd , -.BI " enum landlock_rule_type " rule_type , -.BI " const void *" rule_attr ", uint32_t " flags ); -.fi -.SH DESCRIPTION -A Landlock rule describes an action on an object. -An object is currently a file hierarchy, -and the related filesystem actions -are defined with a set of access rights. -This -.BR landlock_add_rule () -system call enables adding a new Landlock rule to an existing ruleset -created with -.BR landlock_create_ruleset (2). -See -.BR landlock (7) -for a global overview. -.P -.I ruleset_fd -is a Landlock ruleset file descriptor obtained with -.BR landlock_create_ruleset (2). -.P -.I rule_type -identifies the structure type pointed to by -.IR rule_attr . -Currently, Linux supports the following -.I rule_type -value: -.TP -.B LANDLOCK_RULE_PATH_BENEATH -This defines the object type as a file hierarchy. -In this case, -.I rule_attr -points to the following structure: -.IP -.in +4n -.EX -struct landlock_path_beneath_attr { - __u64 allowed_access; - __s32 parent_fd; -} __attribute__((packed)); -.EE -.in -.IP -.I allowed_access -contains a bitmask of allowed filesystem actions for this file hierarchy -(see -.B Filesystem actions -in -.BR landlock (7)). -.IP -.I parent_fd -is an opened file descriptor, preferably with the -.I O_PATH -flag, -which identifies the parent directory of the file hierarchy or -just a file. -.P -.I flags -must be 0. -.SH RETURN VALUE -On success, -.BR landlock_add_rule () -returns 0. -.SH ERRORS -.BR landlock_add_rule () -can fail for the following reasons: -.TP -.B EOPNOTSUPP -Landlock is supported by the kernel but disabled at boot time. -.TP -.B EINVAL -.I flags -is not 0, or the rule accesses are inconsistent (i.e., -.I rule_attr\->allowed_access -is not a subset of the ruleset handled accesses). -.TP -.B ENOMSG -Empty accesses (i.e., -.I rule_attr\->allowed_access -is 0). -.TP -.B EBADF -.I ruleset_fd -is not a file descriptor for the current thread, -or a member of -.I rule_attr -is not a file descriptor as expected. -.TP -.B EBADFD -.I ruleset_fd -is not a ruleset file descriptor, -or a member of -.I rule_attr -is not the expected file descriptor type. -.TP -.B EPERM -.I ruleset_fd -has no write access to the underlying ruleset. -.TP -.B EFAULT -.I rule_attr -was not a valid address. -.SH STANDARDS -Linux. -.SH HISTORY -Linux 5.13. -.SH EXAMPLES -See -.BR landlock (7). -.SH SEE ALSO -.BR landlock_create_ruleset (2), -.BR landlock_restrict_self (2), -.BR landlock (7) |