Would it be possible to support systems with ABI v5? It would enable us to run sandlock on top of RHEL 9 Kernel. I'm mostly interested in FS and network sandboxing. ABI v6 added LANDLOCK_SCOPE_SIGNAL and LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET. The Kernel docs have an example how to rescope a ruleset.
$ sandlock --version
sandlock 0.6.0
$ sandlock check
Kernel feature support:
Landlock: ABI v5
Minimum required: ABI v6
Status: UNSUPPORTED (upgrade kernel)
Filesystem: supported (ABI v1+)
File truncate: supported (ABI v3+)
TCP ports: supported (ABI v4+)
Device ioctl: supported (ABI v5+)
IPC scoping: not supported
Signal scoping: not supported
Platform: x86_64
$ uname -r
5.14.0-570.79.1.el9_6.x86_64
Would it be possible to support systems with ABI v5? It would enable us to run sandlock on top of RHEL 9 Kernel. I'm mostly interested in FS and network sandboxing. ABI v6 added
LANDLOCK_SCOPE_SIGNALandLANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET. The Kernel docs have an example how to rescope a ruleset.