The landlock-c.md example doesn't build. The syscall declarations are missing and an error case is not defined:
landlock-test.c: In function ‘main’:
landlock-test.c:66:13: error: implicit declaration of function ‘landlock_create_ruleset’; did you mean ‘SYS_landlock_create_ruleset’? [-Wimplicit-function-declaration]
66 | if (landlock_create_ruleset(NULL, 0, LANDLOCK_CREATE_RULESET_VERSION) < 0)
| ^~~~~~~~~~~~~~~~~~~~~~~
| SYS_landlock_create_ruleset
landlock-test.c:73:13: error: implicit declaration of function ‘landlock_restrict_self’; did you mean ‘SYS_landlock_restrict_self’? [-Wimplicit-function-declaration]
73 | if (landlock_restrict_self(ruleset_fd, 0)) {
| ^~~~~~~~~~~~~~~~~~~~~~
| SYS_landlock_restrict_self
landlock-test.c:75:17: error: label ‘err_close_ruleset’ used but not defined
75 | goto err_close_ruleset;
| ^~~~
You need to define the syscalls as in the sample code:
#ifndef landlock_create_ruleset
static inline int
landlock_create_ruleset(...
You should be able to trim most included headers too.
There is currently no C library as explained in #1, which is why this file has so much lines. A minimal C library is planned though (https://github.com/landlock-lsm/linux/issues/38), but we encourage the use of Rust or Go.
The landlock-c.md example doesn't build. The syscall declarations are missing and an error case is not defined:
You need to define the syscalls as in the sample code:
You should be able to trim most included headers too.
There is currently no C library as explained in #1, which is why this file has so much lines. A minimal C library is planned though (https://github.com/landlock-lsm/linux/issues/38), but we encourage the use of Rust or Go.