From 409462cc073c8d0067ab9d87b4d408d61b6545a9 Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Noack?= <gnoack3000@gmail.com>
Date: Sat, 2 Aug 2025 17:43:05 +0200
Subject: [PATCH] setpriv: Add support for LANDLOCK_ACCESS_FS_IOCTL_DEV

The LANDLOCK_ACCESS_FS_IOCTL_DEV access right controls whether the
process may use IOCTL on opened device files.  It is available since
Linux 6.10.

Compatibility remark:
With this change, using the --landlock-access="fs" shortcut now
requires Linux 6.10+, where it previously required Linux 6.2+.
---
 sys-utils/setpriv-landlock.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sys-utils/setpriv-landlock.c b/sys-utils/setpriv-landlock.c
index 1adea773f..6a9c959b8 100644
--- a/sys-utils/setpriv-landlock.c
+++ b/sys-utils/setpriv-landlock.c
@@ -79,6 +79,9 @@ static const struct {
 #ifdef LANDLOCK_ACCESS_FS_TRUNCATE
 	{ LANDLOCK_ACCESS_FS_TRUNCATE,    "truncate"    },
 #endif
+#ifdef LANDLOCK_ACCESS_FS_IOCTL_DEV
+	{ LANDLOCK_ACCESS_FS_IOCTL_DEV,   "ioctl-dev"   },
+#endif
 };
 
 static long landlock_access_to_mask(const char *str, size_t len)
-- 
2.47.3