e80569f5
by Chih-Hsuan Yen at 2024-09-28T00:35:10+00:00
Correctly configure landlock for older ABIs
For example, with landlock ABI < 3, LANDLOCK_ACCESS_FS_TRUNCATE is not
set in ruleset_attr.handled_access_fs, so it should not be set in
path_beneath.allowed_access either. Otherwise, landlock_add_rule fails
with -EINVAL, and pacman complains:
> error: restricting filesystem access failed because the landlock rule for the temporary download directory could not be added!
The change is tested on Debian Bookworm kernel
linux-image-6.1.0-25-cloud-amd64 6.1.106-3.