landlock_add_rule - Online Linux Manual PageSection : 2
Updated : 2023-02-10
Source : Linux man-pages 6.03

NAMElandlock_add_rule − add a new Landlock rule to a ruleset

LIBRARYStandard C library (libc, −lc)

SYNOPSIS#include <linux/landlock.h> /* Definition of LANDLOCK_* constants */ #include <sys/syscall.h> /* Definition of SYS_* constants */int syscall(SYS_landlock_add_rule, int ruleset_fd, enum landlock_rule_type rule_type, const void *rule_attr, uint32_t flags);

DESCRIPTIONA Landlock rule describes an action on an object. An object is currently a file hierarchy, and the related filesystem actions are defined with a set of access rights. This landlock_add_rule() system call enables adding a new Landlock rule to an existing ruleset created with landlock_create_ruleset(2). See landlock(7) for a global overview. ruleset_fd is a Landlock ruleset file descriptor obtained with landlock_create_ruleset(2). rule_type identifies the structure type pointed to by rule_attr. Currently, Linux supports the following rule_type value: LANDLOCK_RULE_PATH_BENEATH  This defines the object type as a file hierarchy. In this case, rule_attr points to the following structure: struct landlock_path_beneath_attr { __u64 allowed_access; __s32 parent_fd; } __attribute__((packed));allowed_access contains a bitmask of allowed filesystem actions for this file hierarchy (see Filesystem actions in landlock(7)). parent_fd is an opened file descriptor, preferably with the O_PATH flag, which identifies the parent directory of the file hierarchy or just a file. flags must be 0.

RETURN VALUEOn success, landlock_add_rule() returns 0.

ERRORSlandlock_add_rule() can failed for the following reasons: EOPNOTSUPP  Landlock is supported by the kernel but disabled at boot time. EINVAL  flags is not 0, or the rule accesses are inconsistent (i.e., rule_attr−>allowed_access is not a subset of the ruleset handled accesses). ENOMSG  Empty accesses (i.e., rule_attr−>allowed_access is 0). EBADF  ruleset_fd is not a file descriptor for the current thread, or a member of rule_attr is not a file descriptor as expected. EBADFD  ruleset_fd is not a ruleset file descriptor, or a member of rule_attr is not the expected file descriptor type. EPERM  ruleset_fd has no write access to the underlying ruleset. EFAULT  rule_attr was not a valid address.

VERSIONSLandlock was added in Linux 5.13.

STANDARDSThis system call is Linux-specific.

EXAMPLESSee landlock(7).

SEE ALSOlandlock_create_ruleset(2), landlock_restrict_self(2), landlock(7)
0
Johanes Gumabo
Data Size   :   10,697 byte
man-landlock_add_rule.2Build   :   2024-12-05, 20:55   :  
Visitor Screen   :   x
Visitor Counter ( page / site )   :   2 / 230,970
Visitor ID   :     :  
Visitor IP   :   3.21.244.240   :  
Visitor Provider   :   AMAZON-02   :  
Provider Position ( lat x lon )   :   39.962500 x -83.006100   :   x
Provider Accuracy Radius ( km )   :   1000   :  
Provider City   :   Columbus   :  
Provider Province   :   Ohio ,   :   ,
Provider Country   :   United States   :  
Provider Continent   :   North America   :  
Visitor Recorder   :   Version   :  
Visitor Recorder   :   Library   :  
Online Linux Manual Page   :   Version   :   Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page   :   Library   :   lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page   :   Library   :   lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base   :   Version   :   Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base   :   Library   :   lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36

Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.