Projects/muscl
12
4
Fork 0
Code Issues 67 Pull Requests Actions Packages Releases Activity

Add landlock rulesets

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-12-01 11:15:29 +09:00
parent 2472936857
commit 152c3ddbcc
7 changed files with 136 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/bootstrap.rs
View File

@@ -14,6 +14,7 @@ use crate::{
},
server::{
config::{MysqlConfig, ServerConfig},
landlock::landlock_restrict_server,
session_handler,
},
};
@@ -223,6 +224,9 @@ fn invoke_server_with_config(config_path: PathBuf) -> anyhow::Result<StdUnixStre
nix::unistd::ForkResult::Child => {
tracing::debug!("Running server in child process");
landlock_restrict_server(Some(config_path.as_path()))
.context("Failed to apply Landlock restrictions to the server process")?;
match run_forked_server(config_path, server_socket, unix_user) {
Err(e) => Err(e),
Ok(_) => unreachable!(),