We should never try to add real rules to a ruleset that wasn't really created (i.e. with a -1 file descriptor).
Fix the From implementation for Compatibilty to always use CompatState::Init as an initial state. This is now possible because of the changes in create(), especially the new handling of no_new_privs.
Simplify Ruleset:create() to only rely on compatibility state, which is now always correct. This is more future proof and this will help for upcoming restrictions.
Extend the abi_v3_truncate() test to check with a new rule which may be incompatible.
We should never try to add real rules to a ruleset that wasn't really created (i.e. with a -1 file descriptor).
Fix the From implementation for Compatibilty to always use CompatState::Init as an initial state. This is now possible because of the changes in create(), especially the new handling of no_new_privs.
Simplify Ruleset:create() to only rely on compatibility state, which is now always correct. This is more future proof and this will help for upcoming restrictions.
Extend the abi_v3_truncate() test to check with a new rule which may be incompatible.
Fixes #67