1 files changed, 0 insertions, 79 deletions
diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c
deleted file mode 100644
index 67e2b2cfc..000000000
--- a/src/firejail/landlock.c
+++ /dev/null
@@ -1,79 +0,0 @@
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stddef.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/syscall.h>
-#include <sys/types.h>
-#include <sys/prctl.h>
-#include <linux/prctl.h>
-#include <linux/landlock.h>
-int landlock_create_ruleset(struct landlock_ruleset_attr *rsattr,size_t size,__u32 flags) {
-        return syscall(__NR_landlock_create_ruleset,rsattr,size,flags);
-}
-int landlock_add_rule(int fd,enum landlock_rule_type t,void *attr,__u32 flags) {
-        return syscall(__NR_landlock_add_rule,fd,t,attr,flags);
-}
-int landlock_restrict_self(int fd,__u32 flags) {
-        prctl(PR_SET_NO_NEW_PRIVS,1,0,0,0);
-        int result = syscall(__NR_landlock_restrict_self,fd,flags);
-        if (result!=0) return result;
-        else {
-                close(fd);
-                return 0;
-        }
-}
-int create_full_ruleset() {
-        struct landlock_ruleset_attr attr;
-        attr.handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_READ_DIR | LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_REMOVE_FILE | LANDLOCK_ACCESS_FS_REMOVE_DIR | LANDLOCK_ACCESS_FS_MAKE_CHAR | LANDLOCK_ACCESS_FS_MAKE_DIR | LANDLOCK_ACCESS_FS_MAKE_REG | LANDLOCK_ACCESS_FS_MAKE_SOCK | LANDLOCK_ACCESS_FS_MAKE_FIFO | LANDLOCK_ACCESS_FS_MAKE_BLOCK | LANDLOCK_ACCESS_FS_MAKE_SYM | LANDLOCK_ACCESS_FS_EXECUTE;
-        return landlock_create_ruleset(&attr,sizeof(attr),0);
-}
-int add_read_access_rule_by_path(int rset_fd,char *allowed_path) {
-        int result;
-        int allowed_fd = open(allowed_path,O_PATH | O_CLOEXEC);
-        struct landlock_path_beneath_attr target;
-        target.parent_fd = allowed_fd;
-        target.allowed_access = LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_READ_DIR;
-        result = landlock_add_rule(rset_fd,LANDLOCK_RULE_PATH_BENEATH,&target,0);
-        close(allowed_fd);
-        return result;
-}
-int add_write_access_rule_by_path(int rset_fd,char *allowed_path) {
-        int result;
-        int allowed_fd = open(allowed_path,O_PATH | O_CLOEXEC);
-        struct landlock_path_beneath_attr target;
-        target.parent_fd = allowed_fd;
-        target.allowed_access = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_REMOVE_FILE | LANDLOCK_ACCESS_FS_REMOVE_DIR | LANDLOCK_ACCESS_FS_MAKE_CHAR | LANDLOCK_ACCESS_FS_MAKE_DIR | LANDLOCK_ACCESS_FS_MAKE_REG | LANDLOCK_ACCESS_FS_MAKE_SYM;
-        result = landlock_add_rule(rset_fd,LANDLOCK_RULE_PATH_BENEATH,&target,0);
-        close(allowed_fd);
-        return result;
-}
-int add_create_special_rule_by_path(int rset_fd,char *allowed_path) {
-        int result;
-        int allowed_fd = open(allowed_path,O_PATH | O_CLOEXEC);
-        struct landlock_path_beneath_attr target;
-        target.parent_fd = allowed_fd;
-        target.allowed_access = LANDLOCK_ACCESS_FS_MAKE_SOCK | LANDLOCK_ACCESS_FS_MAKE_FIFO | LANDLOCK_ACCESS_FS_MAKE_BLOCK;
-        result = landlock_add_rule(rset_fd,LANDLOCK_RULE_PATH_BENEATH,&target,0);
-        close(allowed_fd);
-        return result;
-}
-int add_execute_rule_by_path(int rset_fd,char *allowed_path) {
-        int result;
-        int allowed_fd = open(allowed_path,O_PATH | O_CLOEXEC);
-        struct landlock_path_beneath_attr target;
-        target.parent_fd = allowed_fd;
-        target.allowed_access = LANDLOCK_ACCESS_FS_EXECUTE;
-        result = landlock_add_rule(rset_fd,LANDLOCK_RULE_PATH_BENEATH,&target,0);
-        close(allowed_fd);
-        return result;
-}

diff --git a/src/firejail/landlock.c b/src/firejail/landlock.c deleted file mode 100644 index 67e2b2cfc..000000000 --- a/src/firejail/landlock.c +++ /dev/null
@@ -1,79 +0,0 @@
1	#define _GNU_SOURCE
2	#include <stdio.h>
3	#include <stddef.h>
4	#include <stdlib.h>
5	#include <unistd.h>
6	#include <fcntl.h>
7	#include <sys/syscall.h>
8	#include <sys/types.h>
9	#include <sys/prctl.h>
10	#include <linux/prctl.h>
11	#include <linux/landlock.h>
12
13	int landlock_create_ruleset(struct landlock_ruleset_attr *rsattr,size_t size,__u32 flags) {
14	return syscall(__NR_landlock_create_ruleset,rsattr,size,flags);
15	}
16
17	int landlock_add_rule(int fd,enum landlock_rule_type t,void *attr,__u32 flags) {
18	return syscall(__NR_landlock_add_rule,fd,t,attr,flags);
19	}
20
21	int landlock_restrict_self(int fd,__u32 flags) {
22	prctl(PR_SET_NO_NEW_PRIVS,1,0,0,0);
23	int result = syscall(__NR_landlock_restrict_self,fd,flags);
24	if (result!=0) return result;
25	else {
26	close(fd);
27	return 0;
28	}
29	}
30
31	int create_full_ruleset() {
32	struct landlock_ruleset_attr attr;
33	attr.handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE \| LANDLOCK_ACCESS_FS_READ_DIR \| LANDLOCK_ACCESS_FS_WRITE_FILE \| LANDLOCK_ACCESS_FS_REMOVE_FILE \| LANDLOCK_ACCESS_FS_REMOVE_DIR \| LANDLOCK_ACCESS_FS_MAKE_CHAR \| LANDLOCK_ACCESS_FS_MAKE_DIR \| LANDLOCK_ACCESS_FS_MAKE_REG \| LANDLOCK_ACCESS_FS_MAKE_SOCK \| LANDLOCK_ACCESS_FS_MAKE_FIFO \| LANDLOCK_ACCESS_FS_MAKE_BLOCK \| LANDLOCK_ACCESS_FS_MAKE_SYM \| LANDLOCK_ACCESS_FS_EXECUTE;
34	return landlock_create_ruleset(&attr,sizeof(attr),0);
35	}
36
37	int add_read_access_rule_by_path(int rset_fd,char *allowed_path) {
38	int result;
39	int allowed_fd = open(allowed_path,O_PATH \| O_CLOEXEC);
40	struct landlock_path_beneath_attr target;
41	target.parent_fd = allowed_fd;
42	target.allowed_access = LANDLOCK_ACCESS_FS_READ_FILE \| LANDLOCK_ACCESS_FS_READ_DIR;
43	result = landlock_add_rule(rset_fd,LANDLOCK_RULE_PATH_BENEATH,&target,0);
44	close(allowed_fd);
45	return result;
46	}
47
48	int add_write_access_rule_by_path(int rset_fd,char *allowed_path) {
49	int result;
50	int allowed_fd = open(allowed_path,O_PATH \| O_CLOEXEC);
51	struct landlock_path_beneath_attr target;
52	target.parent_fd = allowed_fd;
53	target.allowed_access = LANDLOCK_ACCESS_FS_WRITE_FILE \| LANDLOCK_ACCESS_FS_REMOVE_FILE \| LANDLOCK_ACCESS_FS_REMOVE_DIR \| LANDLOCK_ACCESS_FS_MAKE_CHAR \| LANDLOCK_ACCESS_FS_MAKE_DIR \| LANDLOCK_ACCESS_FS_MAKE_REG \| LANDLOCK_ACCESS_FS_MAKE_SYM;
54	result = landlock_add_rule(rset_fd,LANDLOCK_RULE_PATH_BENEATH,&target,0);
55	close(allowed_fd);
56	return result;
57	}
58
59	int add_create_special_rule_by_path(int rset_fd,char *allowed_path) {
60	int result;
61	int allowed_fd = open(allowed_path,O_PATH \| O_CLOEXEC);
62	struct landlock_path_beneath_attr target;
63	target.parent_fd = allowed_fd;
64	target.allowed_access = LANDLOCK_ACCESS_FS_MAKE_SOCK \| LANDLOCK_ACCESS_FS_MAKE_FIFO \| LANDLOCK_ACCESS_FS_MAKE_BLOCK;
65	result = landlock_add_rule(rset_fd,LANDLOCK_RULE_PATH_BENEATH,&target,0);
66	close(allowed_fd);
67	return result;
68	}
69
70	int add_execute_rule_by_path(int rset_fd,char *allowed_path) {
71	int result;
72	int allowed_fd = open(allowed_path,O_PATH \| O_CLOEXEC);
73	struct landlock_path_beneath_attr target;
74	target.parent_fd = allowed_fd;
75	target.allowed_access = LANDLOCK_ACCESS_FS_EXECUTE;
76	result = landlock_add_rule(rset_fd,LANDLOCK_RULE_PATH_BENEATH,&target,0);
77	close(allowed_fd);
78	return result;
79	}