landlock_create_ruleset - Online Linux Manual PageSection : 2
Updated : 2023-02-10
Source : Linux man-pages 6.03
NAMElandlock_create_ruleset − create a new Landlock ruleset
LIBRARYStandard C library (libc, −lc)
SYNOPSIS#include <linux/landlock.h> /* Definition of LANDLOCK_* constants */
#include <sys/syscall.h> /* Definition of SYS_* constants */int syscall(SYS_landlock_create_ruleset,
const struct landlock_ruleset_attr *attr,
size_t size , uint32_t flags);
DESCRIPTIONA Landlock ruleset identifies a set of rules (i.e., actions on objects). This landlock_create_ruleset() system call enables creating a new file descriptor identifying a ruleset. This file descriptor can then be used by landlock_add_rule(2) and landlock_restrict_self(2). See landlock(7) for a global overview. attr specifies the properties of the new ruleset. It points to the following structure: struct landlock_ruleset_attr {
__u64 handled_access_fs;
};handled_access_fs is a bitmask of actions that is handled by this ruleset and should then be forbidden if no rule explicitly allows them (see Filesystem actions in landlock(7)). This enables simply restricting ambient rights (e.g., global filesystem access) and is needed for compatibility reasons. size must be specified as sizeof(struct landlock_ruleset_attr) for compatibility reasons. flags must be 0 if attr is used. Otherwise, flags can be set to: LANDLOCK_CREATE_RULESET_VERSION If attr is NULL and size is 0, then the returned value is the highest supported Landlock ABI version (starting at 1). This version can be used for a best-effort security approach, which is encouraged when user space is not pinned to a specific kernel version. All features documented in these man pages are available with the version 1.
RETURN VALUEOn success, landlock_create_ruleset() returns a new Landlock ruleset file descriptor, or a Landlock ABI version, according to flags.
ERRORSlandlock_create_ruleset() can fail for the following reasons: EOPNOTSUPP Landlock is supported by the kernel but disabled at boot time. EINVAL Unknown flags, or unknown access, or too small size. E2BIG size is too big. EFAULT attr was not a valid address. ENOMSG Empty accesses (i.e., attr−>handled_access_fs is 0).
VERSIONSLandlock was added in Linux 5.13.
STANDARDSThis system call is Linux-specific.
EXAMPLESSee landlock(7).
SEE ALSOlandlock_add_rule(2), landlock_restrict_self(2), landlock(7) 0
Johanes Gumabo
Data Size : 9,999 byte
man-landlock_create_ruleset.2Build : 2024-12-29, 07:25 :
Visitor Screen : x
Visitor Counter ( page / site ) : 3 / 259,375
Visitor ID : :
Visitor IP : 3.140.198.3 :
Visitor Provider : AMAZON-02 :
Provider Position ( lat x lon ) : 39.962500 x -83.006100 : x
Provider Accuracy Radius ( km ) : 1000 :
Provider City : Columbus :
Provider Province : Ohio , : ,
Provider Country : United States :
Provider Continent : North America :
Visitor Recorder : Version :
Visitor Recorder : Library :
Online Linux Manual Page : Version : Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.29
Online Linux Manual Page : Library : lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page : Library : lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base : Version : Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base : Library : lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36
Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.