Hi Mickaël,
On 4/17/23 22:45, Mickaël Salaün wrote:
[...]
>> +int abi = landlock_create_ruleset(NULL, 0,
>> + LANDLOCK_CREATE_RULESET_VERSION);
>> +if (abi <= 0) {
>> + /*
>> + * Kernel too old, not compiled with Landlock,
>> + * or Landlock was not enabled at boot time.
>> + */
>> + perror("Giving up \- No Landlock support");
[...]
> As a side note, this syscall and this flag should never return 0, but if
> it does (e.g. because of weird seccomp filter), the errno value might be
> unspecified.
Hmm, good catch, we should test for `== -1`, rather than `< 0`.
Michael Kerrisk explicitly wanted this, and I agree with him, as it makes
the code slightly more readable (explicit).
Cheers,
Alex
--
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
