Add RulesetCreated::try_clone()
(PR #38).
Add support for Landlock ABI 3: control truncate operations with the new
AccessFs::Truncate
right (PR #40).
Revamp the compatibility handling and add a new
set_compatibility()
method for Ruleset
, RulesetCreated
, and PathBeneath
.
We can now fine-tune the compatibility behavior according to the running kernel
and then the supported features thanks to three compatible levels:
best effort, soft requirement and hard requirement
(PR #12).
Add a new AccessFs::from_file()
helper (commit 0b3238c6dd70).
Deprecate the set_best_effort()
method and replace it with set_compatibility()
(PR #12).
Deprecate Ruleset::new()
and replace it with Ruleset::default()
(PR #44).
We now check that a ruleset really handles at least one access right,
which can now cause Ruleset::create()
to return an error if the ruleset compatibility level is
HardRequirement
or set_best_effort(false)
(commit 95addc13b4a8).
We now check that access rights passed to add_rule()
make sense according to the file type.
To handle most use cases,
path_beneath_rules()
now automatically check and downgrade access rights for files
(i.e. remove superfluous directory-only access rights,
commit 8e47940b3722).
Test coverage in the CI is greatly improved by running all tests on all relevant kernel versions: Linux 5.10, 5.15, 6.1, and 6.4 (PR #41).
Run each test in a dedicated thread to avoid inconsistent behavior (PR #46).
This is the first major release of this crate. It brings a high-level interface to the Landlock kernel interface.