uapi: Generate and test 64-bit and 32-bit bindings

l0kod · l0kod · commit 0a898c348940 · 2025-10-02T21:33:30.000+02:00
Until now, we only used 64-bit architecture, but here are the changes to use this crate on 32-bit architecture as well. Add the bindgen.sh script to make update simple: ./src/uapi/bindgen.sh .../linux-6.12 Target x86_64-unknown-linux-gnu was already the default but make it explicit wrt i686. Closes: #110 Signed-off-by: Mickaël Salaün <mic@digikod.net>
diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml
@@ -131,21 +131,31 @@ jobs:
     - name: Get MSRV
       run: sed -n 's/^rust-version = "\([0-9.]\+\)"$/RUST_TOOLCHAIN=\1/p' Cargo.toml >> $GITHUB_ENV
 
+    - name: Install 32-bit development libraries
+      run: |
+        sudo apt update
+        sudo apt install gcc-multilib libc6-dev-i386
+
     - name: Install Rust MSRV
       run: |
         rm ~/.cargo/bin/{cargo-fmt,rustfmt} || :
         rustup self update
         rustup default ${{ env.RUST_TOOLCHAIN }}
         rustup update ${{ env.RUST_TOOLCHAIN }}
+        rustup target add i686-unknown-linux-gnu
+        rustup target add x86_64-unknown-linux-gnu
 
-    - name: Build
-      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --verbose
+    - name: Build (x86_64)
+      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --target x86_64-unknown-linux-gnu --verbose
 
-    - name: Build tests
-      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --tests --verbose
+    - name: Build (x86)
+      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --target i686-unknown-linux-gnu --verbose
 
-    - name: Run tests against the local kernel (Landlock ABI ${{ env.LANDLOCK_CRATE_TEST_ABI }})
-      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo test --verbose
+    - name: Run tests against the local kernel (Landlock ABI ${{ env.LANDLOCK_CRATE_TEST_ABI }} on x86_64)
+      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo test --target x86_64-unknown-linux-gnu --verbose
+
+    - name: Run tests against the local kernel (Landlock ABI ${{ env.LANDLOCK_CRATE_TEST_ABI }} on x86)
+      run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo test --target i686-unknown-linux-gnu --verbose
 
     - name: Run tests against Linux 6.1
       run: CARGO="rustup run ${{ env.RUST_TOOLCHAIN }} cargo" ./landlock-test-tools/test-rust.sh linux-6.1 2
diff --git a/src/uapi/bindgen.sh b/src/uapi/bindgen.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: Apache-2.0 OR MIT
+
+set -u -e -o pipefail
+
+if [[ $# -ne 1 ]]; then
+	echo "usage $(basename -- "${BASH_SOURCE[0]}") <kernel-source>" >&2
+	exit 1
+fi
+
+LANDLOCK_H="$(readlink -f -- "$1")/include/uapi/linux/landlock.h"
+
+if [[ ! -f "${LANDLOCK_H}" ]]; then
+	echo "File not found: ${LANDLOCK_H}" >&2
+	exit 1
+fi
+
+cd "$(dirname "${BASH_SOURCE[0]}")"
+
+MSRV="$(sed -n 's/^rust-version = "\(.*\)"/\1/p' ../../Cargo.toml)"
+
+for ARCH in x86_64 i686; do
+	bindgen \
+		--rust-target "${MSRV}" \
+		--ctypes-prefix="::std::os::raw" \
+		-o "landlock_${ARCH}.rs" \
+		"${LANDLOCK_H}" \
+		-- \
+		--target="${ARCH}-linux-gnu"
+done
diff --git a/src/uapi/landlock_i686.rs b/src/uapi/landlock_i686.rs
@@ -0,0 +1,244 @@
+/* automatically generated by rust-bindgen 0.72.0 */
+
+pub const __BITS_PER_LONG: u32 = 32;
+pub const __BITS_PER_LONG_LONG: u32 = 64;
+pub const __FD_SETSIZE: u32 = 1024;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
+pub const LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET: u32 = 1;
+pub const LANDLOCK_SCOPE_SIGNAL: u32 = 2;
+pub type __s8 = ::std::os::raw::c_schar;
+pub type __u8 = ::std::os::raw::c_uchar;
+pub type __s16 = ::std::os::raw::c_short;
+pub type __u16 = ::std::os::raw::c_ushort;
+pub type __s32 = ::std::os::raw::c_int;
+pub type __u32 = ::std::os::raw::c_uint;
+pub type __s64 = ::std::os::raw::c_longlong;
+pub type __u64 = ::std::os::raw::c_ulonglong;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct __kernel_fd_set {
+    pub fds_bits: [::std::os::raw::c_ulong; 32usize],
+}
+#[test]
+fn bindgen_test_layout___kernel_fd_set() {
+    const UNINIT: ::std::mem::MaybeUninit<__kernel_fd_set> = ::std::mem::MaybeUninit::uninit();
+    let ptr = UNINIT.as_ptr();
+    assert_eq!(
+        ::std::mem::size_of::<__kernel_fd_set>(),
+        128usize,
+        "Size of __kernel_fd_set"
+    );
+    assert_eq!(
+        ::std::mem::align_of::<__kernel_fd_set>(),
+        4usize,
+        "Alignment of __kernel_fd_set"
+    );
+    assert_eq!(
+        unsafe { ::std::ptr::addr_of!((*ptr).fds_bits) as usize - ptr as usize },
+        0usize,
+        "Offset of field: __kernel_fd_set::fds_bits"
+    );
+}
+pub type __kernel_sighandler_t =
+    ::std::option::Option<unsafe extern "C" fn(arg1: ::std::os::raw::c_int)>;
+pub type __kernel_key_t = ::std::os::raw::c_int;
+pub type __kernel_mqd_t = ::std::os::raw::c_int;
+pub type __kernel_mode_t = ::std::os::raw::c_ushort;
+pub type __kernel_ipc_pid_t = ::std::os::raw::c_ushort;
+pub type __kernel_uid_t = ::std::os::raw::c_ushort;
+pub type __kernel_gid_t = ::std::os::raw::c_ushort;
+pub type __kernel_old_dev_t = ::std::os::raw::c_ushort;
+pub type __kernel_long_t = ::std::os::raw::c_long;
+pub type __kernel_ulong_t = ::std::os::raw::c_ulong;
+pub type __kernel_ino_t = __kernel_ulong_t;
+pub type __kernel_pid_t = ::std::os::raw::c_int;
+pub type __kernel_suseconds_t = __kernel_long_t;
+pub type __kernel_daddr_t = ::std::os::raw::c_int;
+pub type __kernel_uid32_t = ::std::os::raw::c_uint;
+pub type __kernel_gid32_t = ::std::os::raw::c_uint;
+pub type __kernel_old_uid_t = __kernel_uid_t;
+pub type __kernel_old_gid_t = __kernel_gid_t;
+pub type __kernel_size_t = ::std::os::raw::c_uint;
+pub type __kernel_ssize_t = ::std::os::raw::c_int;
+pub type __kernel_ptrdiff_t = ::std::os::raw::c_int;
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct __kernel_fsid_t {
+    pub val: [::std::os::raw::c_int; 2usize],
+}
+#[test]
+fn bindgen_test_layout___kernel_fsid_t() {
+    const UNINIT: ::std::mem::MaybeUninit<__kernel_fsid_t> = ::std::mem::MaybeUninit::uninit();
+    let ptr = UNINIT.as_ptr();
+    assert_eq!(
+        ::std::mem::size_of::<__kernel_fsid_t>(),
+        8usize,
+        "Size of __kernel_fsid_t"
+    );
+    assert_eq!(
+        ::std::mem::align_of::<__kernel_fsid_t>(),
+        4usize,
+        "Alignment of __kernel_fsid_t"
+    );
+    assert_eq!(
+        unsafe { ::std::ptr::addr_of!((*ptr).val) as usize - ptr as usize },
+        0usize,
+        "Offset of field: __kernel_fsid_t::val"
+    );
+}
+pub type __kernel_off_t = __kernel_long_t;
+pub type __kernel_loff_t = ::std::os::raw::c_longlong;
+pub type __kernel_old_time_t = __kernel_long_t;
+pub type __kernel_time_t = __kernel_long_t;
+pub type __kernel_time64_t = ::std::os::raw::c_longlong;
+pub type __kernel_clock_t = __kernel_long_t;
+pub type __kernel_timer_t = ::std::os::raw::c_int;
+pub type __kernel_clockid_t = ::std::os::raw::c_int;
+pub type __kernel_caddr_t = *mut ::std::os::raw::c_char;
+pub type __kernel_uid16_t = ::std::os::raw::c_ushort;
+pub type __kernel_gid16_t = ::std::os::raw::c_ushort;
+pub type __le16 = __u16;
+pub type __be16 = __u16;
+pub type __le32 = __u32;
+pub type __be32 = __u32;
+pub type __le64 = __u64;
+pub type __be64 = __u64;
+pub type __sum16 = __u16;
+pub type __wsum = __u32;
+pub type __poll_t = ::std::os::raw::c_uint;
+#[doc = " struct landlock_ruleset_attr - Ruleset definition.\n\n Argument of sys_landlock_create_ruleset().\n\n This structure defines a set of *handled access rights*, a set of actions on\n different object types, which should be denied by default when the ruleset is\n enacted.  Vice versa, access rights that are not specifically listed here are\n not going to be denied by this ruleset when it is enacted.\n\n For historical reasons, the %LANDLOCK_ACCESS_FS_REFER right is always denied\n by default, even when its bit is not set in @handled_access_fs.  In order to\n add new rules with this access right, the bit must still be set explicitly\n (cf. `Filesystem flags`_).\n\n The explicit listing of *handled access rights* is required for backwards\n compatibility reasons.  In most use cases, processes that use Landlock will\n *handle* a wide range or all access rights that they know about at build time\n (and that they have tested with a kernel that supported them all).\n\n This structure can grow in future Landlock versions."]
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+    #[doc = " @handled_access_fs: Bitmask of handled filesystem actions\n (cf. `Filesystem flags`_)."]
+    pub handled_access_fs: __u64,
+    #[doc = " @handled_access_net: Bitmask of handled network actions (cf. `Network\n flags`_)."]
+    pub handled_access_net: __u64,
+    #[doc = " @scoped: Bitmask of scopes (cf. `Scope flags`_)\n restricting a Landlock domain from accessing outside\n resources (e.g. IPCs)."]
+    pub scoped: __u64,
+}
+#[test]
+fn bindgen_test_layout_landlock_ruleset_attr() {
+    const UNINIT: ::std::mem::MaybeUninit<landlock_ruleset_attr> =
+        ::std::mem::MaybeUninit::uninit();
+    let ptr = UNINIT.as_ptr();
+    assert_eq!(
+        ::std::mem::size_of::<landlock_ruleset_attr>(),
+        24usize,
+        "Size of landlock_ruleset_attr"
+    );
+    assert_eq!(
+        ::std::mem::align_of::<landlock_ruleset_attr>(),
+        4usize,
+        "Alignment of landlock_ruleset_attr"
+    );
+    assert_eq!(
+        unsafe { ::std::ptr::addr_of!((*ptr).handled_access_fs) as usize - ptr as usize },
+        0usize,
+        "Offset of field: landlock_ruleset_attr::handled_access_fs"
+    );
+    assert_eq!(
+        unsafe { ::std::ptr::addr_of!((*ptr).handled_access_net) as usize - ptr as usize },
+        8usize,
+        "Offset of field: landlock_ruleset_attr::handled_access_net"
+    );
+    assert_eq!(
+        unsafe { ::std::ptr::addr_of!((*ptr).scoped) as usize - ptr as usize },
+        16usize,
+        "Offset of field: landlock_ruleset_attr::scoped"
+    );
+}
+#[doc = " @LANDLOCK_RULE_PATH_BENEATH: Type of a &struct\n landlock_path_beneath_attr ."]
+pub const landlock_rule_type_LANDLOCK_RULE_PATH_BENEATH: landlock_rule_type = 1;
+#[doc = " @LANDLOCK_RULE_NET_PORT: Type of a &struct\n landlock_net_port_attr ."]
+pub const landlock_rule_type_LANDLOCK_RULE_NET_PORT: landlock_rule_type = 2;
+#[doc = " enum landlock_rule_type - Landlock rule type\n\n Argument of sys_landlock_add_rule()."]
+pub type landlock_rule_type = ::std::os::raw::c_uint;
+#[doc = " struct landlock_path_beneath_attr - Path hierarchy definition\n\n Argument of sys_landlock_add_rule()."]
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+    #[doc = " @allowed_access: Bitmask of allowed actions for this file hierarchy\n (cf. `Filesystem flags`_)."]
+    pub allowed_access: __u64,
+    #[doc = " @parent_fd: File descriptor, preferably opened with ``O_PATH``,\n which identifies the parent directory of a file hierarchy, or just a\n file."]
+    pub parent_fd: __s32,
+}
+#[test]
+fn bindgen_test_layout_landlock_path_beneath_attr() {
+    const UNINIT: ::std::mem::MaybeUninit<landlock_path_beneath_attr> =
+        ::std::mem::MaybeUninit::uninit();
+    let ptr = UNINIT.as_ptr();
+    assert_eq!(
+        ::std::mem::size_of::<landlock_path_beneath_attr>(),
+        12usize,
+        "Size of landlock_path_beneath_attr"
+    );
+    assert_eq!(
+        ::std::mem::align_of::<landlock_path_beneath_attr>(),
+        1usize,
+        "Alignment of landlock_path_beneath_attr"
+    );
+    assert_eq!(
+        unsafe { ::std::ptr::addr_of!((*ptr).allowed_access) as usize - ptr as usize },
+        0usize,
+        "Offset of field: landlock_path_beneath_attr::allowed_access"
+    );
+    assert_eq!(
+        unsafe { ::std::ptr::addr_of!((*ptr).parent_fd) as usize - ptr as usize },
+        8usize,
+        "Offset of field: landlock_path_beneath_attr::parent_fd"
+    );
+}
+#[doc = " struct landlock_net_port_attr - Network port definition\n\n Argument of sys_landlock_add_rule()."]
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+    #[doc = " @allowed_access: Bitmask of allowed network actions for a port\n (cf. `Network flags`_)."]
+    pub allowed_access: __u64,
+    #[doc = " @port: Network port in host endianness.\n\n It should be noted that port 0 passed to :manpage:`bind(2)` will bind\n to an available port from the ephemeral port range.  This can be\n configured with the ``/proc/sys/net/ipv4/ip_local_port_range`` sysctl\n (also used for IPv6).\n\n A Landlock rule with port 0 and the ``LANDLOCK_ACCESS_NET_BIND_TCP``\n right means that requesting to bind on port 0 is allowed and it will\n automatically translate to binding on the related port range."]
+    pub port: __u64,
+}
+#[test]
+fn bindgen_test_layout_landlock_net_port_attr() {
+    const UNINIT: ::std::mem::MaybeUninit<landlock_net_port_attr> =
+        ::std::mem::MaybeUninit::uninit();
+    let ptr = UNINIT.as_ptr();
+    assert_eq!(
+        ::std::mem::size_of::<landlock_net_port_attr>(),
+        16usize,
+        "Size of landlock_net_port_attr"
+    );
+    assert_eq!(
+        ::std::mem::align_of::<landlock_net_port_attr>(),
+        4usize,
+        "Alignment of landlock_net_port_attr"
+    );
+    assert_eq!(
+        unsafe { ::std::ptr::addr_of!((*ptr).allowed_access) as usize - ptr as usize },
+        0usize,
+        "Offset of field: landlock_net_port_attr::allowed_access"
+    );
+    assert_eq!(
+        unsafe { ::std::ptr::addr_of!((*ptr).port) as usize - ptr as usize },
+        8usize,
+        "Offset of field: landlock_net_port_attr::port"
+    );
+}
diff --git a/src/uapi/landlock_x86_64.rs b/src/uapi/landlock_x86_64.rs
@@ -1,4 +1,4 @@
-/* automatically generated by rust-bindgen 0.71.1 */
+/* automatically generated by rust-bindgen 0.72.0 */
 
 pub const __BITS_PER_LONG: u32 = 64;
 pub const __BITS_PER_LONG_LONG: u32 = 64;
diff --git a/src/uapi/mod.rs b/src/uapi/mod.rs
@@ -4,6 +4,16 @@
 #[allow(non_camel_case_types)]
 #[allow(non_snake_case)]
 #[allow(non_upper_case_globals)]
+#[cfg(target_arch = "x86_64")]
+#[path = "landlock_x86_64.rs"]
+mod landlock;
+
+#[allow(dead_code)]
+#[allow(non_camel_case_types)]
+#[allow(non_snake_case)]
+#[allow(non_upper_case_globals)]
+#[cfg(target_arch = "x86")]
+#[path = "landlock_i686.rs"]
 mod landlock;
 
 #[rustfmt::skip]

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-/* automatically generated by rust-bindgen 0.71.1 */`
	`1`	`+/* automatically generated by rust-bindgen 0.72.0 */`
`2`	`2`
`3`	`3`	`pub const __BITS_PER_LONG: u32 = 64;`
`4`	`4`	`pub const __BITS_PER_LONG_LONG: u32 = 64;`