Make it hard to construct invalid AccessFSSets

landlock-lsm / go-landlock

A Go library for the Linux Landlock sandboxing feature

MIT License

105 stars 7 forks source link

Make it hard to construct invalid AccessFSSets #15

Closed gnoack closed 2 years ago

gnoack commented 2 years ago

Make it hard to construct unsupported AccessFSSets so that users can't be bitten by constructing a wrong set.

gnoack commented 2 years ago

Closing -- I attempted this, after exposing direct access to Config.HandledAccessFS, but it just made it so much harder to construct a proper AccessFSSet for callers, that it was not worth it in the API complexity. Instead, there is now a constructor for the Config struct, and that one does the AccessFSSet checks.