Struct RestrictSelf 

pub struct RestrictSelf { /* private fields */ }

Builder for calling landlock_restrict_self() without creating a Landlock domain.

Use this when you want to configure landlock_restrict_self() flags without creating a ruleset or a Landlock domain (e.g., muting subdomain audit logs for nested domains).

Only log_subdomains() is available on this builder. Domain-specific setters (log_same_exec(), log_new_exec()) require a Landlock domain via RulesetCreated.

Available since Landlock ABI v7.

no_new_privs is enforced by default; call no_new_privs(false) to opt out.

Example

use landlock::*;

let status = RestrictSelf::default()
    .log_subdomains(false)?
    .apply()?;
println!("Landlock status: {:?}", status.landlock);

Use set_compatibility() to control how unsupported flags are handled.

apply() returns a RestrictSelfStatus with the Landlock support status and the effective flag states. Its name differs from RulesetCreated::restrict_self() to avoid the redundant RestrictSelf::restrict_self().

Implementations

impl RestrictSelf

pub fn no_new_privs(self, yes: bool) -> Self

Configures whether to call prctl(PR_SET_NO_NEW_PRIVS) during apply(). Defaults to true.

This prctl(2) call is never ignored, even if an error was encountered while CompatLevel::SoftRequirement was set.

See RestrictSelfAttr::log_subdomains() for compat-state behavior when toggling this setter on unsupported kernels.

pub fn apply(self) -> Result<RestrictSelfStatus, RulesetError>

Applies the configured restrict_self flags by calling landlock_restrict_self(-1, flags).

If no_new_privs is configured (default), also calls prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) first, since the kernel requires no_new_privs (or CAP_SYS_ADMIN) for landlock_restrict_self(). See no_new_privs() to opt out.

Returns a RestrictSelfStatus with the Landlock support status. Skips the restrict_self syscall if no flags are enforceable.

Trait Implementations

impl Compatible for RestrictSelf

fn set_compatibility(self, level: CompatLevel) -> Self

To enable a best-effort security approach, Landlock features that are not supported by the running system are silently ignored by default, which is a sane choice for most use cases. However, on some rare circumstances, developers may want to have some guarantees that their applications will not run if a certain level of sandboxing is not possible. If we really want to error out when not all our requested requirements are met, then we can configure it with set_compatibility().

fn set_best_effort(self, best_effort: bool) -> Self

where Self: Sized,

👎Deprecated: Use set_compatibility() instead

Cf. set_compatibility():

impl Debug for RestrictSelf

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for RestrictSelf

fn default() -> Self

Returns a new RestrictSelf. This call automatically probes the running kernel to know if it supports Landlock.

impl RestrictSelfAttr for RestrictSelf

fn log_subdomains(self, set: bool) -> Result<Self, RulesetError>

Controls logging of denied accesses from nested Landlock domains. Logging is enabled by default. See the kernel documentation.