Merge pull request #89 from LeChatP/dev

LeChatP · web-flow · commit 5dfa43ca6e25 · 2026-01-22T09:58:28.000+01:00
feat: add landlock glob pattern
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -3,7 +3,7 @@ members = ["xtask", "rar-common"]
 
 [package]
 name = "rootasrole"
-version = "3.3.1"
+version = "3.3.2"
 rust-version = "1.83.0"
 authors = ["Eddie Billoir <lechatp@outlook.fr>"]
 edition = "2021"
@@ -59,7 +59,7 @@ hashchecker = ["dep:hex", "dep:sha2"]
 ssd = []
 hierarchy = []
 timeout = []
-landlock = ["dep:landlock", "dep:bitflags"]
+landlock = ["dep:landlock", "dep:bitflags", "dep:glob"]
 editor = ["dep:landlock", "dep:libseccomp", "dep:pest", "dep:pest_derive", "dep:linked_hash_set"]
 
 [lints.rust]
@@ -69,7 +69,7 @@ unexpected_cfgs = { level = "allow", check-cfg = ['cfg(tarpaulin_include)'] }
 toml = { version = "0.8", default-features = false, features = ["parse", "display", "preserve_order"] }
 
 [dependencies]
-rar-common = { path = "rar-common", version = "3.3.1", package = "rootasrole-core" }
+rar-common = { path = "rar-common", version = "3.3.2", package = "rootasrole-core" }
 log = { version = "0.4", default-features = false, features = ["std"] }
 libc = { version = "0.2", default-features = false, features = ["std"]}
 strum = { version = "0.26", default-features = false, features = ["derive"] }
@@ -87,6 +87,7 @@ bon = { version = "3", default-features = false }
 nonstick = { version = "0.1.1", optional = true }
 libpam-sys = { version = "0.2.0", default-features = false, optional = true }
 pcre2 = { version = "0.2", default-features = false, optional = true }
+glob = { version = "0.3", default-features = false, optional = true }
 sha2 = { version = "0.10", default-features = false, optional = true }
 pty-process = { version = "0.4", default-features = false, optional = true }
 once_cell = { version = "1.20", default-features = false, optional = true, features = ["std"] }
diff --git a/rar-common/Cargo.toml b/rar-common/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rootasrole-core"
-version = "3.3.1"
+version = "3.3.2"
 edition = "2021"
 description = "This core crate for the RootAsRole project."
 license = "LGPL-3.0-or-later"
diff --git a/resources/man/en_US.md b/resources/man/en_US.md
@@ -1,4 +1,4 @@
-% RootAsRole(8) RootAsRole 3.3.1 | System Manager's Manual
+% RootAsRole(8) RootAsRole 3.3.2 | System Manager's Manual
 % Eddie Billoir <lechatp@outlook.fr>
 % August 2025
 
diff --git a/resources/man/fr_FR.md b/resources/man/fr_FR.md
@@ -1,4 +1,4 @@
-% RootAsRole(8) RootAsRole 3.3.1 | Manuel de l'administrateur système
+% RootAsRole(8) RootAsRole 3.3.2 | Manuel de l'administrateur système
 % Eddie Billoir <lechatp@outlook.fr>
 % Août 2025
 
diff --git a/src/sr/finder/api/landlock.rs b/src/sr/finder/api/landlock.rs
@@ -1,6 +1,7 @@
 use std::{collections::HashMap, path::PathBuf};
 
 use bitflags::bitflags;
+use glob::glob;
 use landlock::{
     Access, AccessFs, BitFlags, PathBeneath, PathFd, Ruleset, RulesetAttr, RulesetCreatedAttr, ABI,
 };
@@ -130,10 +131,25 @@ fn pre_exec(event: &mut ApiEvent) -> SrResult<()> {
 
             for (path, access) in whitelist.iter() {
                 let landlock_access = get_landlock_access(*access);
-                let path_fd = PathFd::new(path).map_err(|_| SrError::ConfigurationError)?;
-                ruleset = ruleset
-                    .add_rule(PathBeneath::new(path_fd, landlock_access))
-                    .map_err(|_| SrError::ConfigurationError)?;
+                match glob(&path.to_string_lossy()) {
+                    Ok(paths) => {
+                        for entry in paths {
+                            if let Ok(p) = entry {
+                                let path_fd =
+                                    PathFd::new(p).map_err(|_| SrError::ConfigurationError)?;
+                                ruleset = ruleset
+                                    .add_rule(PathBeneath::new(path_fd, landlock_access))
+                                    .map_err(|_| SrError::ConfigurationError)?;
+                            }
+                        }
+                    }
+                    Err(_) => {
+                        let path_fd = PathFd::new(path).map_err(|_| SrError::ConfigurationError)?;
+                        ruleset = ruleset
+                            .add_rule(PathBeneath::new(path_fd, landlock_access))
+                            .map_err(|_| SrError::ConfigurationError)?;
+                    }
+                }
             }
 
             ruleset
diff --git a/xtask/Cargo.toml b/xtask/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "xtask"
 # The project version is managed on json file in resources/rootasrole.json
-version = "3.3.1"
+version = "3.3.2"
 edition = "2021"
 publish = false
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-% RootAsRole(8) RootAsRole 3.3.1 \| System Manager's Manual`
	`1`	`+% RootAsRole(8) RootAsRole 3.3.2 \| System Manager's Manual`
`2`	`2`	`% Eddie Billoir <lechatp@outlook.fr>`
`3`	`3`	`% August 2025`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-% RootAsRole(8) RootAsRole 3.3.1 \| Manuel de l'administrateur système`
	`1`	`+% RootAsRole(8) RootAsRole 3.3.2 \| Manuel de l'administrateur système`
`2`	`2`	`% Eddie Billoir <lechatp@outlook.fr>`
`3`	`3`	`% Août 2025`
`4`	`4`