On 17/04/2023 19:24, Alejandro Colomar wrote:
Hello Günther!
On 4/15/23 09:16, Günther Noack wrote:
Hello Alejandro!
+if (abi <= 0) {
+ perror("Giving up \- No Landlock support");
Using perror(3) will already print "Operation not supported", since
errno is ENOTSUP. Maybe this string is redundant? How about the
following?
perror("landlock_create_ruleset"); // EOPNOTSUPP
The fallback code assumes that we don't know the kernel that we run on,
so in practice we also have to handle ENOSYS.
See https://docs.kernel.org/userspace-api/landlock.html#landlock-abi-versions
I'd suggest to just make it more explicit here that it can be two
different error codes:
if (abi <= 0) {
/* ENOTSUP or ENOSYS */
perror("Giving up \- No Landlock support");
}
Does that sound reasonable?
Sounds reasonable (with a call to exit(3) too).
BTW, now I see ENOSYS is not documented in syscall(2) (there's actually no
ERRORS section there). Should we add it?
BTW, now I checked that while in Linux ENOTSUP and EOPNOTSUPP are
equivalent, in POSIX the latter has a connotation that it's about
For Linux:
#define EOPNOTSUPP 95 /* Operation not supported on transport endpoint */
#define ENOTSUPP 524 /* Operation is not supported */
EOPNOTSUPP is not only used for network error, but to identify generic
unsupported operations, while ENOTSUPP was initially dedicated to NFS
error (but now also slipped to other areas)
sockets. Should we document ENOTSUP in landlock_create_ruleset(2)
instead of EOPNOTSUPP? >>
EOPNOTSUP is also used in Landlock's kernel documentation,
we'd maybe have to update it there as well.
I'll have a look at what is more common.
Thanks. In the man pages I see both often, so maybe we need to fix
consistency there too.
No, ENOTSUP*P* is not used by Landlock.
