compat: Improve LandlockStatus

l0kod · l0kod · commit 4fbfbbc4c7d2 · 2025-10-22T20:44:24.000+02:00
Use named fields for the Available variant: effective_abi and
kernel_abi, and improve documentation.

Signed-off-by: Mickaël Salaün &lt;mic@digikod.net&gt;
diff --git a/examples/sandboxer.rs b/examples/sandboxer.rs
@@ -185,27 +185,33 @@ fn main() -> anyhow::Result<()> {
                 prepend \"landlock,\" to the content of CONFIG_LSM."
             );
         }
-        LandlockStatus::Available(_, Some(raw_abi)) => {
+        LandlockStatus::Available {
+            kernel_abi: Some(raw_abi),
+            ..
+        } => {
             eprintln!(
                 "Hint: This sandboxer only supports Landlock ABI version up to {abi} \
                 whereas the current kernel supports Landlock ABI version {raw_abi}. \
                 To leverage all Landlock features, update this sandboxer."
             );
         }
-        LandlockStatus::Available(current_abi, None) => {
-            if current_abi < abi {
+        LandlockStatus::Available {
+            kernel_abi: None,
+            effective_abi,
+        } => {
+            if effective_abi < abi {
                 eprintln!(
                     "Hint: This sandboxer supports Landlock ABI version up to {abi} \
-                    but the current kernel only supports Landlock ABI version {current_abi}. \
+                    but the current kernel only supports Landlock ABI version {effective_abi}. \
                     To leverage all Landlock features, update the kernel."
                 );
-            } else if current_abi > abi {
+            } else if effective_abi > abi {
                 // This should not happen because the ABI used by the sandboxer
                 // should be the latest supported by the Landlock crate, and
                 // they should be updated at the same time.
                 eprintln!(
                     "Warning: This sandboxer only supports Landlock ABI version up to {abi} \
-                    but the current kernel supports Landlock ABI version {current_abi}. \
+                    but the current kernel supports Landlock ABI version {effective_abi}. \
                     To leverage all Landlock features, update this sandboxer."
                 );
             }
diff --git a/src/compat.rs b/src/compat.rs
@@ -158,11 +158,24 @@ pub enum LandlockStatus {
     NotEnabled,
     /// Landlock is not implemented (i.e. not built into the running kernel: `ENOSYS`).
     NotImplemented,
-    /// Landlock is available and supported up to the given ABI.
+    /// Landlock is available and working on the running system.
     ///
-    /// `Option<i32>` contains the raw ABI value if it's greater than the greatest known ABI,
-    /// which would mean that the running kernel is newer than the Landlock crate.
-    Available(ABI, Option<i32>),
+    /// This indicates that the kernel supports Landlock and it's properly enabled.
+    /// The crate uses the `effective_abi` for all operations, which represents
+    /// the highest ABI version that both the kernel and this crate understand.
+    Available {
+        /// The effective ABI version that this crate will use for Landlock operations.
+        /// This is the intersection of what the kernel supports and what this crate knows about.
+        effective_abi: ABI,
+        /// The actual kernel ABI version when it's newer than any ABI supported by this crate.
+        ///
+        /// If `Some(version)`, it means the running kernel supports Landlock ABI `version`
+        /// which is higher than the latest ABI known by this crate.
+        ///
+        /// This field is purely informational and is never used for Landlock operations.
+        /// The crate always and only uses `effective_abi` for all functionality.
+        kernel_abi: Option<i32>,
+    },
 }
 
 impl LandlockStatus {
@@ -188,7 +201,10 @@ impl LandlockStatus {
             }
         } else {
             let abi = ABI::from(v);
-            Self::Available(abi, (v != abi as i32).then_some(v))
+            Self::Available {
+                effective_abi: abi,
+                kernel_abi: (v != abi as i32).then_some(v),
+            }
         }
     }
 }
@@ -200,10 +216,18 @@ fn test_current_landlock_status() {
     if *TEST_ABI == ABI::Unsupported {
         assert_eq!(status, LandlockStatus::NotImplemented);
     } else {
-        assert!(matches!(status, LandlockStatus::Available(abi, _) if abi == *TEST_ABI));
+        assert!(
+            matches!(status, LandlockStatus::Available { effective_abi, .. } if effective_abi == *TEST_ABI)
+        );
         if std::env::var(TEST_ABI_ENV_NAME).is_ok() {
             // We cannot reliably check for unknown kernel.
-            assert!(matches!(status, LandlockStatus::Available(_, None)));
+            assert!(matches!(
+                status,
+                LandlockStatus::Available {
+                    kernel_abi: None,
+                    ..
+                }
+            ));
         }
     }
 }
@@ -214,7 +238,7 @@ impl From<LandlockStatus> for ABI {
             // The only possible error values should be EOPNOTSUPP and ENOSYS,
             // but let's convert all kind of errors as unsupported.
             LandlockStatus::NotEnabled | LandlockStatus::NotImplemented => ABI::Unsupported,
-            LandlockStatus::Available(abi, _) => abi,
+            LandlockStatus::Available { effective_abi, .. } => effective_abi,
         }
     }
 }
@@ -227,7 +251,10 @@ impl From<ABI> for LandlockStatus {
         match abi {
             // Convert to ENOSYS because of check_ruleset_support() and ruleset_unsupported() tests.
             ABI::Unsupported => Self::NotImplemented,
-            _ => Self::Available(abi, None),
+            _ => Self::Available {
+                effective_abi: abi,
+                kernel_abi: None,
+            },
         }
     }
 }
@@ -278,7 +305,7 @@ pub(crate) fn get_errno_from_landlock_status() -> Option<i32> {
                 }
             }
         }
-        LandlockStatus::Available(_, _) => None,
+        LandlockStatus::Available { .. } => None,
     }
 }
 
diff --git a/src/ruleset.rs b/src/ruleset.rs
@@ -1062,7 +1062,10 @@ fn ruleset_unsupported() {
                 .unwrap(),
             RestrictionStatus {
                 ruleset: RulesetStatus::NotEnforced,
-                landlock: LandlockStatus::Available(ABI::V1, None),
+                landlock: LandlockStatus::Available {
+                    effective_abi: ABI::V1,
+                    kernel_abi: None,
+                },
                 // With SoftRequirement, no_new_privs is still enabled, even if there is an error
                 // (e.g. unsupported access right).
                 no_new_privs: true,
@@ -1184,7 +1187,10 @@ fn ignore_abi_v2_with_abi_v1() {
             .unwrap(),
         RestrictionStatus {
             ruleset: RulesetStatus::NotEnforced,
-            landlock: LandlockStatus::Available(ABI::V1, None),
+            landlock: LandlockStatus::Available {
+                effective_abi: ABI::V1,
+                kernel_abi: None,
+            },
             no_new_privs: true,
         }
     );

Original file line number	Diff line number	Diff line change
`@@ -158,11 +158,24 @@ pub enum LandlockStatus {`
`158`	`158`	`NotEnabled,`
`159`	`159`	/// Landlock is not implemented (i.e. not built into the running kernel: `ENOSYS`).
`160`	`160`	`NotImplemented,`
`161`		`- /// Landlock is available and supported up to the given ABI.`
	`161`	`+ /// Landlock is available and working on the running system.`
`162`	`162`	`///`
`163`		- /// `Option<i32>` contains the raw ABI value if it's greater than the greatest known ABI,
`164`		`- /// which would mean that the running kernel is newer than the Landlock crate.`
`165`		`- Available(ABI, Option<i32>),`
	`163`	`+ /// This indicates that the kernel supports Landlock and it's properly enabled.`
	`164`	+ /// The crate uses the `effective_abi` for all operations, which represents
	`165`	`+ /// the highest ABI version that both the kernel and this crate understand.`
	`166`	`+ Available {`
	`167`	`+ /// The effective ABI version that this crate will use for Landlock operations.`
	`168`	`+ /// This is the intersection of what the kernel supports and what this crate knows about.`
	`169`	`+ effective_abi: ABI,`
	`170`	`+ /// The actual kernel ABI version when it's newer than any ABI supported by this crate.`
	`171`	`+ ///`
	`172`	+ /// If `Some(version)`, it means the running kernel supports Landlock ABI `version`
	`173`	`+ /// which is higher than the latest ABI known by this crate.`
	`174`	`+ ///`
	`175`	`+ /// This field is purely informational and is never used for Landlock operations.`
	`176`	+ /// The crate always and only uses `effective_abi` for all functionality.
	`177`	`+ kernel_abi: Option<i32>,`
	`178`	`+ },`
`166`	`179`	`}`
`167`	`180`
`168`	`181`	`impl LandlockStatus {`
`@@ -188,7 +201,10 @@ impl LandlockStatus {`
`188`	`201`	`}`
`189`	`202`	`} else {`
`190`	`203`	`let abi = ABI::from(v);`
`191`		`- Self::Available(abi, (v != abi as i32).then_some(v))`
	`204`	`+ Self::Available {`
	`205`	`+ effective_abi: abi,`
	`206`	`+ kernel_abi: (v != abi as i32).then_some(v),`
	`207`	`+ }`
`192`	`208`	`}`
`193`	`209`	`}`
`194`	`210`	`}`
`@@ -200,10 +216,18 @@ fn test_current_landlock_status() {`
`200`	`216`	`if *TEST_ABI == ABI::Unsupported {`
`201`	`217`	`assert_eq!(status, LandlockStatus::NotImplemented);`
`202`	`218`	`} else {`
`203`		`- assert!(matches!(status, LandlockStatus::Available(abi, _) if abi == *TEST_ABI));`
	`219`	`+ assert!(`
	`220`	`+ matches!(status, LandlockStatus::Available { effective_abi, .. } if effective_abi == *TEST_ABI)`
	`221`	`+ );`
`204`	`222`	`if std::env::var(TEST_ABI_ENV_NAME).is_ok() {`
`205`	`223`	`// We cannot reliably check for unknown kernel.`
`206`		`- assert!(matches!(status, LandlockStatus::Available(_, None)));`
	`224`	`+ assert!(matches!(`
	`225`	`+ status,`
	`226`	`+ LandlockStatus::Available {`
	`227`	`+ kernel_abi: None,`
	`228`	`+ ..`
	`229`	`+ }`
	`230`	`+ ));`
`207`	`231`	`}`
`208`	`232`	`}`
`209`	`233`	`}`
`@@ -214,7 +238,7 @@ impl From<LandlockStatus> for ABI {`
`214`	`238`	`// The only possible error values should be EOPNOTSUPP and ENOSYS,`
`215`	`239`	`// but let's convert all kind of errors as unsupported.`
`216`	`240`	`LandlockStatus::NotEnabled \| LandlockStatus::NotImplemented => ABI::Unsupported,`
`217`		`- LandlockStatus::Available(abi, _) => abi,`
	`241`	`+ LandlockStatus::Available { effective_abi, .. } => effective_abi,`
`218`	`242`	`}`
`219`	`243`	`}`
`220`	`244`	`}`
`@@ -227,7 +251,10 @@ impl From<ABI> for LandlockStatus {`
`227`	`251`	`match abi {`
`228`	`252`	`// Convert to ENOSYS because of check_ruleset_support() and ruleset_unsupported() tests.`
`229`	`253`	`ABI::Unsupported => Self::NotImplemented,`
`230`		`- _ => Self::Available(abi, None),`
	`254`	`+ _ => Self::Available {`
	`255`	`+ effective_abi: abi,`
	`256`	`+ kernel_abi: None,`
	`257`	`+ },`
`231`	`258`	`}`
`232`	`259`	`}`
`233`	`260`	`}`
`@@ -278,7 +305,7 @@ pub(crate) fn get_errno_from_landlock_status() -> Option<i32> {`
`278`	`305`	`}`
`279`	`306`	`}`
`280`	`307`	`}`
`281`		`- LandlockStatus::Available(_, _) => None,`
	`308`	`+ LandlockStatus::Available { .. } => None,`
`282`	`309`	`}`
`283`	`310`	`}`
`284`	`311`