Enum landlock::ABI

source ·

#[non_exhaustive]pub enum ABI {
    Unsupported = 0,
    V1 = 1,
    V2 = 2,
    V3 = 3,
}

Expand description

Version of the Landlock ABI.

ABI enables getting the features supported by a specific Landlock ABI (without relying on the kernel version which may not be accessible or patched). For example, AccessFs::from_all(ABI::V1) gets all the file system access rights defined by the first version.

Without ABI, it would be hazardous to rely on the the full set of access flags (e.g., BitFlags::<AccessFs>::all() or BitFlags::ALL), a moving target that would change the semantics of your Landlock rule when migrating to a newer version of this crate. Indeed, a simple cargo update or cargo install run by any developer can result in a new version of this crate (fixing bugs or bringing non-breaking changes). This crate cannot give any guarantee concerning the new restrictions resulting from these unknown bits (i.e. access rights) that would not be controlled by your application but by a future version of this crate instead. Because we cannot know what the effect on your application of an unknown restriction would be when handling an untested Landlock access right (i.e. denied-by-default access), it could trigger bugs in your application.

This crate provides a set of tools to sandbox as much as possible while guaranteeing a consistent behavior thanks to the Compatible methods. You should also test with different relevant kernel versions, see landlock-test-tools and CI integration.

This way, we can have the guarantee that the use of a set of tested Landlock ABI works as expected because features brought by newer Landlock ABI will never be enabled by default (cf. Linux kernel compatibility contract).

In a nutshell, test the access rights you request on a kernel that support them and on a kernel that doesn’t support them.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive

Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.

§

Unsupported = 0

Kernel not supporting Landlock, either because it is not built with Landlock or Landlock is not enabled at boot.

§

V1 = 1

First Landlock ABI, introduced with Linux 5.13.

§

V2 = 2

Second Landlock ABI, introduced with Linux 5.19.

§

V3 = 3

Third Landlock ABI, introduced with Linux 6.2.

Enum landlock::ABI

Variants (Non-exhaustive)§

Unsupported = 0

V1 = 1

V2 = 2

V3 = 3

Trait Implementations§

impl Clone for ABI

fn clone(&self) -> ABI

fn clone_from(&mut self, source: &Self)

impl Copy for ABI

Auto Trait Implementations§

impl RefUnwindSafe for ABI

impl Send for ABI

impl Sync for ABI

impl Unpin for ABI

impl UnwindSafe for ABI

Blanket Implementations§

impl<T> Any for Twhere T: 'static + ?Sized,

fn type_id(&self) -> TypeId

impl<T> Borrow<T> for Twhere T: ?Sized,

fn borrow(&self) -> &T

impl<T> BorrowMut<T> for Twhere T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

impl<T> From<T> for T

fn from(t: T) -> T

impl<T, U> Into<U> for Twhere U: From<T>,

fn into(self) -> U

impl<T> ToOwned for Twhere T: Clone,

type Owned = T

fn to_owned(&self) -> T

fn clone_into(&self, target: &mut T)

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

type Error = Infallible

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

impl<T> Any for T
where T: 'static + ?Sized,

impl<T> Borrow<T> for T
where T: ?Sized,

impl<T> BorrowMut<T> for T
where T: ?Sized,

impl<T, U> Into<U> for T
where U: From<T>,

impl<T> ToOwned for T
where T: Clone,

impl<T, U> TryFrom<U> for T
where U: Into<T>,

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,