Add RulesetCreated::try_clone() (PR #38).
Add support for Landlock ABI 3: control truncate operations with the new
AccessFs::Truncate
right (PR #40).
Revamp the compatibility handling and add a new
set_compatibility()
method for Ruleset, RulesetCreated, and PathBeneath.
We can now fine-tune the compatibility behavior according to the running kernel
and then the supported features thanks to three compatible levels:
best effort, soft requirement and hard requirement
(PR #12).
Add a new AccessFs::from_file()
helper (commit 0b3238c6dd70).
Deprecate the set_best_effort()
method and replace it with set_compatibility()
(PR #12).
Deprecate Ruleset::new()
and replace it with Ruleset::default()
(PR #44).
We now check that a ruleset really handles at least one access right,
which can now cause Ruleset::create() to return an error if the ruleset compatibility level is
HardRequirement or set_best_effort(false)
(commit 95addc13b4a8).
We now check that access rights passed to add_rule() make sense according to the file type.
To handle most use cases,
path_beneath_rules() now automatically check and downgrade access rights for files
(i.e. remove superfluous directory-only access rights,
commit 8e47940b3722).
Test coverage in the CI is greatly improved by running all tests on all relevant kernel versions: Linux 5.10, 5.15, 6.1, and 6.4 (PR #41).
Run each test in a dedicated thread to avoid inconsistent behavior (PR #46).
This is the first major release of this crate. It brings a high-level interface to the Landlock kernel interface.