sys/linux: add Landlock tsync flag

l0kod · a-nogikh · commit e5e258750ba4 · 2026-01-23T08:40:19.000Z
Add the new LANDLOCK_RESTRICT_SELF_TSYNC flag for
landlock_restrict_self(2).

Signed-off-by: Mickaël Salaün &lt;mic@digikod.net&gt;
diff --git a/sys/linux/landlock.txt b/sys/linux/landlock.txt
@@ -34,7 +34,7 @@ define LANDLOCK_ACCESS_FS_IOCTL_DEV	(1ULL << 15)
 
 landlock_create_ruleset_flags = LANDLOCK_CREATE_RULESET_VERSION, LANDLOCK_CREATE_RULESET_ERRATA
 
-landlock_restrict_self_flags = LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF, LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON, LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
+landlock_restrict_self_flags = LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF, LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON, LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF, LANDLOCK_RESTRICT_SELF_TSYNC
 
 landlock_access_fs_flags = LANDLOCK_ACCESS_FS_EXECUTE, LANDLOCK_ACCESS_FS_WRITE_FILE, LANDLOCK_ACCESS_FS_READ_FILE, LANDLOCK_ACCESS_FS_READ_DIR, LANDLOCK_ACCESS_FS_REMOVE_DIR, LANDLOCK_ACCESS_FS_REMOVE_FILE, LANDLOCK_ACCESS_FS_MAKE_CHAR, LANDLOCK_ACCESS_FS_MAKE_DIR, LANDLOCK_ACCESS_FS_MAKE_REG, LANDLOCK_ACCESS_FS_MAKE_SOCK, LANDLOCK_ACCESS_FS_MAKE_FIFO, LANDLOCK_ACCESS_FS_MAKE_BLOCK, LANDLOCK_ACCESS_FS_MAKE_SYM, LANDLOCK_ACCESS_FS_REFER, LANDLOCK_ACCESS_FS_TRUNCATE, LANDLOCK_ACCESS_FS_IOCTL_DEV
 
diff --git a/sys/linux/landlock.txt.const b/sys/linux/landlock.txt.const
@@ -23,6 +23,7 @@ LANDLOCK_CREATE_RULESET_VERSION = 1
 LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON = 2
 LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF = 1
 LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF = 4
+LANDLOCK_RESTRICT_SELF_TSYNC = 8
 LANDLOCK_RULE_NET_PORT = 2
 LANDLOCK_RULE_PATH_BENEATH = 1
 LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET = 1
