[landlock] Leftover from #5315

[rusty-snake]

• [ ] Code
  • [ ] https://github.com/netblue30/firejail/pull/5315#pullrequestreview-1073973090
  • [ ] https://github.com/netblue30/firejail/pull/5315#pullrequestreview-1074357756
  • [ ] https://github.com/netblue30/firejail/pull/5315#pullrequestreview-1074864387
• [ ] Move MAKE_CHAR from write to "special" https://github.com/netblue30/firejail/pull/5315#discussion_r946957099
• [ ] Improve --landlock
  • [ ] https://github.com/netblue30/firejail/pull/5315#discussion_r946974912
  • [ ] https://github.com/netblue30/firejail/pull/5315#discussion_r946978046
  • [ ] What else?
  • [ ] Mark it unstable, it will change in the future. https://github.com/netblue30/firejail/pull/5315#discussion_r946980440
• [ ] https://github.com/netblue30/firejail/pull/5315#discussion_r946983201
• [ ] Rename special to something else. write-all, write-any, full-write, write-speial, ...
• [ ] Support ABIv2 REFER from Linux 5.19
• [ ] manpage: landlock will get more features (network, signals, ...). Describe it as a way to restrict resources not only filesystem

cc @kmk3 @ChrysoliteAzalea

[kmk3]

@rusty-snake

Thanks for making a checklist.

To be clear, I still think that reverting #5315 now and letting @ChrysoliteAzalea resubmit it afterwards is the way to go, especially considering the amount of discussions and issues raised.

@ChrysoliteAzalea

In which case, I'd say to feel free to only make the changes that you feel confident in making before resubmitting and to leave the rest for after resubmitting, as we might end up discussing them on the pull request anyway.

[kmk3]

@netblue30 on Feb 16:

Landlock support.

I'll start by re-merging #5315 from @ChrysoliteAzalea. Probably there will be some small changes. A Linux kernel 5.13 or newer will be detected at run time. Disable the feature and print a warning if the kernel is older.

I had created a landlock_v2 branch and fixed most of the issues in the original PR. It's from a few months back, so it would have to be rebased.

Agreed on the runtime check; I didn't get around to adding it, so we could use your version of it.

The idea would be to rebase the landlock_v2 branch and then open it as a PR. Then after reviewing it with @ChrysoliteAzalea and merging it, we could add the runtime check and other improvements.

Thoughts?

[glitsj16]

Adding a reminder about Fix spacing & typo in Landlock section of README.md. Might not be needed anymore depending on how #5315 is re-merged.