From 9cfeb485eb158217e644955bddc42e3bcf42ccbb Mon Sep 17 00:00:00 2001
From: "Kelvin M. Klann" <kmk3.code@protonmail.com>
Date: Sat, 10 Feb 2024 04:47:11 -0300
Subject: landlock: use "landlock.fs." prefix in filesystem commands

Since Landlock ABI v4 it is possible to restrict actions related to the
network and potentially more areas will be added in the future.

So use `landlock.fs.` as the prefix in the current filesystem-related
commands (and later `landlock.net.` for the network-related commands) to
keep them organized and to match what is used in the kernel.

Examples of filesystem and network access flags:

* `LANDLOCK_ACCESS_FS_EXECUTE`: Execute a file.
* `LANDLOCK_ACCESS_FS_READ_DIR`: Open a directory or list its content.
* `LANDLOCK_ACCESS_NET_BIND_TCP`: Bind a TCP socket to a local port.
* `LANDLOCK_ACCESS_NET_CONNECT_TCP`: Connect an active TCP socket to a
  remote port.

Relates to #6078.
---
 etc/inc/landlock-common.inc | 56 ++++++++++++++++++++++-----------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

(limited to 'etc/inc')

diff --git a/etc/inc/landlock-common.inc b/etc/inc/landlock-common.inc
index 694d447b5..e147963a6 100644
--- a/etc/inc/landlock-common.inc
+++ b/etc/inc/landlock-common.inc
@@ -2,38 +2,38 @@
 # Persistent customizations should go in a .local file.
 include landlock-common.local
 
-landlock.read /          # whole system read
-landlock.read /proc
-landlock.makeipc /       # sockets etc.
+landlock.fs.read /          # whole system read
+landlock.fs.read /proc
+landlock.fs.makeipc /       # sockets etc.
 
 # write access
-landlock.write ${HOME}
-landlock.write ${RUNUSER}
-landlock.write /dev
-landlock.write /proc
-landlock.write /run/shm
-landlock.write /tmp
+landlock.fs.write ${HOME}
+landlock.fs.write ${RUNUSER}
+landlock.fs.write /dev
+landlock.fs.write /proc
+landlock.fs.write /run/shm
+landlock.fs.write /tmp
 
 # exec access
 ## misc
-landlock.execute /opt
-landlock.execute /run/firejail # appimage and various firejail features
+landlock.fs.execute /opt
+landlock.fs.execute /run/firejail # appimage and various firejail features
 ## bin
-landlock.execute /bin
-landlock.execute /sbin
-landlock.execute /usr/bin
-landlock.execute /usr/sbin
-landlock.execute /usr/games
-landlock.execute /usr/local/bin
-landlock.execute /usr/local/sbin
-landlock.execute /usr/local/games
+landlock.fs.execute /bin
+landlock.fs.execute /sbin
+landlock.fs.execute /usr/bin
+landlock.fs.execute /usr/sbin
+landlock.fs.execute /usr/games
+landlock.fs.execute /usr/local/bin
+landlock.fs.execute /usr/local/sbin
+landlock.fs.execute /usr/local/games
 ## lib
-landlock.execute /lib
-landlock.execute /lib32
-landlock.execute /libx32
-landlock.execute /lib64
-landlock.execute /usr/lib
-landlock.execute /usr/lib32
-landlock.execute /usr/libx32
-landlock.execute /usr/lib64
-landlock.execute /usr/local/lib
+landlock.fs.execute /lib
+landlock.fs.execute /lib32
+landlock.fs.execute /libx32
+landlock.fs.execute /lib64
+landlock.fs.execute /usr/lib
+landlock.fs.execute /usr/lib32
+landlock.fs.execute /usr/libx32
+landlock.fs.execute /usr/lib64
+landlock.fs.execute /usr/local/lib
-- 
cgit v1.2.3-54-g00ecf