landlock

Enum ABI

Source 
#[non_exhaustive]
pub enum ABI {
    Unsupported = 0,
    V1 = 1,
    V2 = 2,
    V3 = 3,
    V4 = 4,
    V5 = 5,
    V6 = 6,
}
Expand description

Version of the Landlock ABI.

ABI enables getting the features supported by a specific Landlock ABI (without relying on the kernel version which may not be accessible or patched). For example, AccessFs::from_all(ABI::V1) gets all the file system access rights defined by the first version.

Without ABI, it would be hazardous to rely on the the full set of access flags (e.g., BitFlags::<AccessFs>::all() or BitFlags::ALL), a moving target that would change the semantics of your Landlock rule when migrating to a newer version of this crate. Indeed, a simple cargo update or cargo install run by any developer can result in a new version of this crate (fixing bugs or bringing non-breaking changes). This crate cannot give any guarantee concerning the new restrictions resulting from these unknown bits (i.e. access rights) that would not be controlled by your application but by a future version of this crate instead. Because we cannot know what the effect on your application of an unknown restriction would be when handling an untested Landlock access right (i.e. denied-by-default access), it could trigger bugs in your application.

This crate provides a set of tools to sandbox as much as possible while guaranteeing a consistent behavior thanks to the Compatible methods. You should also test with different relevant kernel versions, see landlock-test-tools and CI integration.

This way, we can have the guarantee that the use of a set of tested Landlock ABI works as expected because features brought by newer Landlock ABI will never be enabled by default (cf. Linux kernel compatibility contract).

In a nutshell, test the access rights you request on a kernel that support them and on a kernel that doesn’t support them.

Derived Debug formats are not stable.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

Unsupported = 0

Kernel not supporting Landlock, either because it is not built with Landlock or Landlock is not enabled at boot.

§

V1 = 1

First Landlock ABI, introduced with Linux 5.13.

§

V2 = 2

Second Landlock ABI, introduced with Linux 5.19.

§

V3 = 3

Third Landlock ABI, introduced with Linux 6.2.

§

V4 = 4

Fourth Landlock ABI, introduced with Linux 6.7.

§

V5 = 5

Fifth Landlock ABI, introduced with Linux 6.10.

§

V6 = 6

Sixth Landlock ABI, introduced with Linux 6.12.

Trait Implementations§

Source§

impl Clone for ABI

Source§

fn clone(&self) -> ABI

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ABI

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<i32> for ABI

Converting from an integer to an ABI should only be used for testing. Indeed, manually setting the ABI can lead to inconsistent and unexpected behaviors. Instead, just use the appropriate access rights, this library will handle the rest.

Source§

fn from(value: i32) -> ABI

Converts to this type from the input type.
Source§

impl Ord for ABI

Source§

fn cmp(&self, other: &ABI) -> Ordering

This method returns an Ordering between self and other. Read more
1.21.0 · Source§

fn max(self, other: Self) -> Self
where Self: Sized,

Compares and returns the maximum of two values. Read more
1.21.0 · Source§

fn min(self, other: Self) -> Self
where Self: Sized,

Compares and returns the minimum of two values. Read more
1.50.0 · Source§

fn clamp(self, min: Self, max: Self) -> Self
where Self: Sized,

Restrict a value to a certain interval. Read more
Source§

impl PartialEq for ABI

Source§

fn eq(&self, other: &ABI) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl PartialOrd for ABI

Source§

fn partial_cmp(&self, other: &ABI) -> Option<Ordering>

This method returns an ordering between self and other values if one exists. Read more
1.0.0 · Source§

fn lt(&self, other: &Rhs) -> bool

Tests less than (for self and other) and is used by the < operator. Read more
1.0.0 · Source§

fn le(&self, other: &Rhs) -> bool

Tests less than or equal to (for self and other) and is used by the <= operator. Read more
1.0.0 · Source§

fn gt(&self, other: &Rhs) -> bool

Tests greater than (for self and other) and is used by the > operator. Read more
1.0.0 · Source§

fn ge(&self, other: &Rhs) -> bool

Tests greater than or equal to (for self and other) and is used by the >= operator. Read more
Source§

impl Copy for ABI

Source§

impl Eq for ABI

Source§

impl StructuralPartialEq for ABI

Auto Trait Implementations§

§

impl Freeze for ABI

§

impl RefUnwindSafe for ABI

§

impl Send for ABI

§

impl Sync for ABI

§

impl Unpin for ABI

§

impl UnwindSafe for ABI

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.