From: Günther Noack <gnoack3000@gmail.com>
Date: Sat, 2 Aug 2025 15:43:05 +0000 (+0200)
Subject: setpriv: Add support for LANDLOCK_ACCESS_FS_IOCTL_DEV
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=409462cc073c8d0067ab9d87b4d408d61b6545a9;p=thirdparty%2Futil-linux.git

setpriv: Add support for LANDLOCK_ACCESS_FS_IOCTL_DEV

The LANDLOCK_ACCESS_FS_IOCTL_DEV access right controls whether the
process may use IOCTL on opened device files.  It is available since
Linux 6.10.

Compatibility remark:
With this change, using the --landlock-access="fs" shortcut now
requires Linux 6.10+, where it previously required Linux 6.2+.
---

diff --git a/sys-utils/setpriv-landlock.c b/sys-utils/setpriv-landlock.c
index 1adea773f..6a9c959b8 100644
--- a/sys-utils/setpriv-landlock.c
+++ b/sys-utils/setpriv-landlock.c
@@ -79,6 +79,9 @@ static const struct {
 #ifdef LANDLOCK_ACCESS_FS_TRUNCATE
 	{ LANDLOCK_ACCESS_FS_TRUNCATE,    "truncate"    },
 #endif
+#ifdef LANDLOCK_ACCESS_FS_IOCTL_DEV
+	{ LANDLOCK_ACCESS_FS_IOCTL_DEV,   "ioctl-dev"   },
+#endif
 };
 
 static long landlock_access_to_mask(const char *str, size_t len)