feature: add Landlock support

Based on 5315 by ChrysoliteAzalea. It is based on the same underlying structure, but with a lot of refactoring/simplification and with bugfixes and improvements. Co-authored-by: Kelvin M. Klann <kmk3.code@protonmail.com> Co-authored-by: Азалия Смарагдова <charming.flurry@yandex.ru>
2026-05-21 06:45:29 -06:00 · 2023-10-24 12:43:46 -04:00 · 2023-10-24 12:43:46 -04:00 · 13b2c566df
commit 13b2c566df
parent 5456ec6477
18 changed files with 616 additions and 30 deletions
--- a/configure.ac
+++ b/configure.ac
@ -81,6 +81,16 @@ AS_IF([test "x$enable_selinux" = "xyes"], [
 	LIBS="$LIBS -lselinux"
 ])

+HAVE_LANDLOCK=""
+AC_SUBST([HAVE_LANDLOCK])
+AC_ARG_ENABLE([landlock],
+    [AS_HELP_STRING([--enable-landlock], [Landlock self-restriction support])])
+AS_IF([test "x$enable_landlock" != "xno"], [
+	AC_CHECK_HEADER([linux/landlock.h],
+	    [HAVE_LANDLOCK="-DHAVE_LANDLOCK"],
+	    [AC_MSG_WARN([header not found: linux/landlock.h, building without Landlock support])])
+])
+
 AC_SUBST([EXTRA_CFLAGS])
 AC_SUBST([EXTRA_LDFLAGS])

@ -264,6 +274,7 @@ AC_ARG_ENABLE([lts],
    [AS_HELP_STRING([--enable-lts], [enable long-term support software version (LTS)])])
 AS_IF([test "x$enable_lts" = "xyes"], [
 	HAVE_LTS="-DHAVE_LTS"
+	HAVE_LANDLOCK=""
 	HAVE_IDS=""
 	HAVE_DBUSPROXY=""
 	HAVE_OVERLAYFS=""
@ -324,6 +335,7 @@ Features:
   firetunnel support: $HAVE_FIRETUNNEL
   global config: $HAVE_GLOBALCFG
   IDS support: $HAVE_IDS
+   Landlock support: $HAVE_LANDLOCK
   LTS: $HAVE_LTS
   manpage support: $HAVE_MAN
   network: $HAVE_NETWORK