Erratum

landlock

Enum Erratum 

Source 
#[non_exhaustive]
#[repr(u32)]
pub enum Erratum {
    TcpSocketIdentification = 1,
    ScopedSignalHandling = 2,
    DisconnectedDirectoryHandling = 4,
}
Expand description

Fixed kernel issues for the running Landlock implementation.

Each variant represents a specific bug fix that may have been backported to the running kernel. Use Erratum::current() before building a Ruleset to decide which features are safe to use.

An ABI version can be converted into the set of applicable errata with BitFlags::<Erratum>::from(abi).

§Warning

Most applications should not check errata. Disabling a sandboxing feature because an erratum is not fixed could leave the system less secure than using Landlock’s best-effort protection with the buggy feature enabled. Errata should only be used to add features (e.g., enabling a restriction only when its bug is confirmed fixed), never to remove them.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

TcpSocketIdentification = 1

Erratum 1 (ABI 4): non-TCP stream sockets (SMC, MPTCP, SCTP) were incorrectly restricted by TCP access rights during bind(2) and connect(2).

Affects crate::AccessNet::BindTcp and crate::AccessNet::ConnectTcp.

See erratum 1.

§

ScopedSignalHandling = 2

Erratum 2 (ABI 6): signal scoping was overly restrictive, preventing sandboxed threads from signaling other threads within the same process in different domains.

Affects crate::Scope::Signal.

See erratum 2.

§

DisconnectedDirectoryHandling = 4

Erratum 3 (ABI 1): access rights could be widened through rename or link actions on disconnected directories under bind mounts, potentially bypassing LANDLOCK_ACCESS_FS_REFER restrictions.

See erratum 3.

Implementations§

Source§

impl Erratum

Source

pub fn current() -> BitFlags<Self>

Queries the running kernel for fixed errata.

Returns a bitmask of errata that have been fixed in the running kernel. Unknown errata bits from newer kernels are preserved. Returns empty if the kernel doesn’t support the errata interface.

Trait Implementations§

Source§

impl BitAnd for Erratum

Source§

type Output = BitFlags<Erratum>

The resulting type after applying the & operator.
Source§

fn bitand(self, other: Self) -> Self::Output

Performs the & operation. Read more
Source§

impl BitFlag for Erratum

§

fn empty() -> BitFlags<Self>

Create a BitFlags with no flags set (in other words, with a value of 0). Read more
§

fn all() -> BitFlags<Self>

Create a BitFlags with all flags set. Read more
§

fn from_bits(bits: Self::Numeric) -> Result<BitFlags<Self>, FromBitsError<Self>>

Create a BitFlags if the raw value provided does not contain any illegal flags. Read more
§

fn from_bits_truncate(bits: Self::Numeric) -> BitFlags<Self>

Create a BitFlags from an underlying bitwise value. If any invalid bits are set, ignore them. Read more
§

unsafe fn from_bits_unchecked(bits: Self::Numeric) -> BitFlags<Self>

Create a BitFlags unsafely, without checking if the bits form a valid bit pattern for the type. Read more
Source§

impl BitOr for Erratum

Source§

type Output = BitFlags<Erratum>

The resulting type after applying the | operator.
Source§

fn bitor(self, other: Self) -> Self::Output

Performs the | operation. Read more
Source§

impl BitXor for Erratum

Source§

type Output = BitFlags<Erratum>

The resulting type after applying the ^ operator.
Source§

fn bitxor(self, other: Self) -> Self::Output

Performs the ^ operation. Read more
Source§

impl Clone for Erratum

Source§

fn clone(&self) -> Erratum

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Erratum

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Not for Erratum

Source§

type Output = BitFlags<Erratum>

The resulting type after applying the ! operator.
Source§

fn not(self) -> Self::Output

Performs the unary ! operation. Read more
Source§

impl PartialEq for Erratum

Source§

fn eq(&self, other: &Erratum) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl RawBitFlags for Erratum

Source§

const EMPTY: <Self as RawBitFlags>::Numeric = 0

A value with no bits set.
Source§

const DEFAULT: <Self as RawBitFlags>::Numeric = 0

The value used by the Default implementation. Equivalent to EMPTY, unless customized.
Source§

const ALL_BITS: <Self as RawBitFlags>::Numeric

A value with all flag bits set.
Source§

const BITFLAGS_TYPE_NAME: &'static str = "BitFlags<Erratum>"

The name of the type for debug formatting purposes. Read more
Source§

type Numeric = u32

The underlying integer type.
Source§

fn bits(self) -> <Self as RawBitFlags>::Numeric

Return the bits as a number type.
Source§

impl Copy for Erratum

Source§

impl Eq for Erratum

Source§

impl StructuralPartialEq for Erratum

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.