Emilua docs
Home Blog
Get the PDF
0.10 0.11 0.12 0.4 0.5 0.6 0.7 0.8 0.9
Get the EPUB
0.10 0.11 0.12 0.4 0.5 0.6 0.7 0.8 0.9
Emilua API 0.11
    • Conventions
    • ChangeLog
    • Tutorial
      • Getting started
      • Working with streams
      • Filesystem API
      • Alternative projects
      • Internals
      • Internals (sandboxes)
      • Fiber cancellation API
      • Lua 5.1
      • Modules
      • Errors
      • Sandboxes
      • Linux namespaces
      • C++ embedder API
    • Reference
      • generic_error
      • asio_error
      • format
      • actor system
        • inbox
        • spawn_vm
        • init.script
        • spawn_context_threads
      • byte_span
      • filesystem
        • path
        • mode
        • directory_entry
        • directory_iterator
        • recursive_directory_iterator
        • absolute
        • canonical
        • weakly_canonical
        • relative
        • proximate
        • current_working_directory
        • chroot
        • copy
        • copy_file
        • copy_symlink
        • create_directory
        • open
        • mkdir
        • create_hardlink
        • create_symlink
        • mkfifo
        • mknod
        • makedev
        • dev_major
        • dev_minor
        • equivalent
        • file_size
        • hardlink_count
        • clock
        • last_write_time
        • chown
        • chmod
        • read_symlink
        • remove
        • rename
        • resize_file
        • is_empty
        • exists
        • is_block_device
        • is_character_device
        • is_directory
        • is_fifo
        • is_other
        • is_regular_file
        • is_socket
        • is_symlink
        • space
        • status
        • temp_directory_path
        • umask
        • cap_get_file
        • cap_set_file
      • fiber
        • spawn
        • this_fiber
        • mutex
        • recursive_mutex
        • condition_variable
        • future
      • file
        • random_access
        • stream
        • read_all_at
        • read_at_least_at
        • write_all_at
        • write_at_least_at
      • ip
        • address
        • get_address_info
        • get_name_info
        • connect
        • dial
        • host_name
        • tostring
        • toendpoint
        • tcp.listen
        • tcp.acceptor
        • tcp.socket
        • udp.socket
      • pipes
        • read_stream
        • write_stream
        • pair
      • regex
      • serial_port
      • time
        • sleep
        • steady_clock
        • steady_timer
        • system_clock
        • system_timer
        • high_resolution_clock
      • stream
        • write_all
        • write_at_least
        • read_all
        • read_at_least
        • scanner
      • libc_service
        • libc_service
        • master
        • slave
      • system
        • arguments
        • environment
        • in_
        • out
        • err
        • caph_limit_stdio
        • get_lowfd
        • get_ld_library_directories
        • exit
        • signal
        • signal.raise
        • signal.set
        • signal.ignore
        • signal.default
        • spawn
        • Process credentials
          • getresuid
          • getresgid
          • setresuid
          • setresgid
          • getgroups
          • setgroups
          • set_no_new_privs
          • linux_capabilities
          • seccomp_set_mode_filter
          • landlock_create_ruleset
          • landlock_add_rule
          • landlock_restrict_self
        • Process & job control
          • getpid
          • getppid
          • kill
          • getpgrp
          • getpgid
          • setpgid
          • getsid
          • setsid
        • FreeBSD jails
          • jail_set
          • jail_get
          • jail_remove
          • jailparam_all
      • tls
        • dial
        • context
        • socket
      • unix
        • dial
        • listen
        • datagram.socket
        • stream.acceptor
        • stream.socket
        • seqpacket.acceptor
        • seqpacket.socket
      • file_descriptor
Edit this Page Source Repository
  • Emilua API
  • Reference
  • system
  • Process credentials
  • landlock_restrict_self

system.landlock_restrict_self

Synopsis

local system = require "system"
system.landlock_restrict_self(ruleset_fd: file_descriptor)

Description

Enforce a Landlock ruleset for the calling process.

Only the master VM is allowed to use this function.
Only available on Linux.

Bugs

There’s a libpsx bug that prevents thread synchronization to work: https://bugzilla.kernel.org/show_bug.cgi?id=218607.

landlock_add_rule getpid
  • Beast
    • 1.1current
  • Bech32
    • 1.1current
    • 1.0
  • Botan
    • 1.2current
    • 1.1
    • 1.0
  • Dumb D-Bus
    • 0.1current
  • Emilua API
    • 0.11current
    • 0.10
    • 0.9
    • 0.8
    • 0.7
    • 0.6
    • 0.5
    • 0.4
  • INI
    • 1.0current
  • libsecp256k1
    • 0.5current
  • Protocol
    • 1.0current
  • Qt5
    • 1.0current
  • Qt6
    • 1.2current
    • 1.1
    • 1.0
  • Telegram tdlib
    • 1.0current
  • this_thread
    • 1.0current

This page was built using a customized version of the Antora Spring UI.

The source code for this UI is licensed under the terms of the Mozilla Public License Version 2.0.