1#[allow(dead_code)]
4#[allow(non_camel_case_types)]
5#[allow(non_snake_case)]
6#[allow(non_upper_case_globals)]
7mod landlock;
8
9#[rustfmt::skip]
10pub use self::landlock::{
11 landlock_net_port_attr,
12 landlock_path_beneath_attr,
13 landlock_rule_type,
14 landlock_rule_type_LANDLOCK_RULE_NET_PORT,
15 landlock_rule_type_LANDLOCK_RULE_PATH_BENEATH,
16 landlock_ruleset_attr,
17 LANDLOCK_ACCESS_FS_EXECUTE,
18 LANDLOCK_ACCESS_FS_WRITE_FILE,
19 LANDLOCK_ACCESS_FS_READ_FILE,
20 LANDLOCK_ACCESS_FS_READ_DIR,
21 LANDLOCK_ACCESS_FS_REMOVE_DIR,
22 LANDLOCK_ACCESS_FS_REMOVE_FILE,
23 LANDLOCK_ACCESS_FS_MAKE_CHAR,
24 LANDLOCK_ACCESS_FS_MAKE_DIR,
25 LANDLOCK_ACCESS_FS_MAKE_REG,
26 LANDLOCK_ACCESS_FS_MAKE_SOCK,
27 LANDLOCK_ACCESS_FS_MAKE_FIFO,
28 LANDLOCK_ACCESS_FS_MAKE_BLOCK,
29 LANDLOCK_ACCESS_FS_MAKE_SYM,
30 LANDLOCK_ACCESS_FS_REFER,
31 LANDLOCK_ACCESS_FS_TRUNCATE,
32 LANDLOCK_ACCESS_FS_IOCTL_DEV,
33 LANDLOCK_ACCESS_NET_BIND_TCP,
34 LANDLOCK_ACCESS_NET_CONNECT_TCP,
35 LANDLOCK_CREATE_RULESET_VERSION,
36 LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET,
37 LANDLOCK_SCOPE_SIGNAL,
38};
39
40use libc::{
41 __u32, c_int, c_void, size_t, syscall, SYS_landlock_add_rule, SYS_landlock_create_ruleset,
42 SYS_landlock_restrict_self,
43};
44
45#[rustfmt::skip]
46pub unsafe fn landlock_create_ruleset(attr: *const landlock_ruleset_attr, size: size_t,
47 flags: __u32) -> c_int {
48 syscall(SYS_landlock_create_ruleset, attr, size, flags) as c_int
49}
50
51#[rustfmt::skip]
52pub unsafe fn landlock_add_rule(ruleset_fd: c_int, rule_type: landlock_rule_type,
53 rule_attr: *const c_void, flags: __u32) -> c_int {
54 syscall(SYS_landlock_add_rule, ruleset_fd, rule_type, rule_attr, flags) as c_int
55}
56
57pub unsafe fn landlock_restrict_self(ruleset_fd: c_int, flags: __u32) -> c_int {
58 syscall(SYS_landlock_restrict_self, ruleset_fd, flags) as c_int
59}