landlock: stop setting global ruleset in ll_create_full_ruleset

To avoid confusion, only return a new ruleset and let the caller set the global one. This amends commit 13b2c566d ("feature: add Landlock support", 2023-10-24) / PR #6078.
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-11-08 10:34:32 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-12-05 11:41:13 -0300
commit: e750f3e9b124aefef96b7d7463f67d8239cacafe (patch)
tree: b0e708d5744688dea54e06b352a1afed625ff2a3 /src
parent: landlock: make parameters void in ll_create_full_ruleset (diff)
download: firejail-e750f3e9b124aefef96b7d7463f67d8239cacafe.tar.gz
firejail-e750f3e9b124aefef96b7d7463f67d8239cacafe.tar.zst
firejail-e750f3e9b124aefef96b7d7463f67d8239cacafe.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c
index fcbe895f7..64d10b914 100644
--- a/src/firejail/landlock.c
+++ b/src/firejail/landlock.c
@@ -100,12 +100,12 @@ static int ll_create_full_ruleset(void) {
                LANDLOCK_ACCESS_FS_REMOVE_FILE |
                LANDLOCK_ACCESS_FS_WRITE_FILE;
-        ll_ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
+        int ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
-        if (ll_ruleset_fd < 0) {
+        if (ruleset_fd < 0) {
                fprintf(stderr, "Error: failed to create a Landlock ruleset: %s\n",
                        strerror(errno));
        }
-        return ll_ruleset_fd;
+        return ruleset_fd;
 }
 int ll_read(const char *allowed_path) {
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-11-08 10:34:32 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-12-05 11:41:13 -0300
commit	e750f3e9b124aefef96b7d7463f67d8239cacafe (patch)
tree	b0e708d5744688dea54e06b352a1afed625ff2a3 /src
parent	landlock: make parameters void in ll_create_full_ruleset (diff)
download	firejail-e750f3e9b124aefef96b7d7463f67d8239cacafe.tar.gz firejail-e750f3e9b124aefef96b7d7463f67d8239cacafe.tar.zst firejail-e750f3e9b124aefef96b7d7463f67d8239cacafe.zip

diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c index fcbe895f7..64d10b914 100644 --- a/src/firejail/landlock.c +++ b/src/firejail/landlock.c
@@ -100,12 +100,12 @@ static int ll_create_full_ruleset(void) {
100	LANDLOCK_ACCESS_FS_REMOVE_FILE \|	100	LANDLOCK_ACCESS_FS_REMOVE_FILE \|
101	LANDLOCK_ACCESS_FS_WRITE_FILE;	101	LANDLOCK_ACCESS_FS_WRITE_FILE;
102		102
103	ll_ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);	103	int ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
104	if (ll_ruleset_fd < 0) {	104	if (ruleset_fd < 0) {
105	fprintf(stderr, "Error: failed to create a Landlock ruleset: %s\n",	105	fprintf(stderr, "Error: failed to create a Landlock ruleset: %s\n",
106	strerror(errno));	106	strerror(errno));
107	}	107	}
108	return ll_ruleset_fd;	108	return ruleset_fd;
109	}	109	}
110		110
111	int ll_read(const char *allowed_path) {	111	int ll_read(const char *allowed_path) {