{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":380946919,"defaultBranch":"main","name":"go-landlock","ownerLogin":"landlock-lsm","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2021-06-28T07:39:39.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/21111839?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1717344305.0","currentOid":""},"activityList":{"items":[{"before":"bbc1976b16953ae39b540734ddfbe9de4ef38c6b","after":"db0c8d6f1dff28841564d98a9ce2e55d644d6530","ref":"refs/heads/main","pushedAt":"2024-07-15T19:35:15.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Landlock ABI v5 support (IOCTL on device files)\n\nMake ioctl(2) requests for device files restrictable with Landlock.\n\nIn the Go library, the LANDLOCK_ACCESS_FS_IOCTL_DEV right is *not*\npart of the RWFiles and ROFiles convenience functions.\n\nWhen you upgrade from an earlier ABI version to `landlock.V5`, and\nwhen you are restricting all access rights available at this version,\nplease double check whether your program uses any IOCTLs on device\nfiles.\n\nSome of the simpler IOCTL commands are exempt and are unconditionally\npermitted by Landlock.  (See the link below.)\n\nFixes: #29\nLink: https://lore.kernel.org/linux-security-module/20240419161122.2023765-1-gnoack@google.com/","shortMessageHtmlLink":"Landlock ABI v5 support (IOCTL on device files)"}},{"before":"8acad9054fc3a129c7a755914357974ddf807670","after":"db0c8d6f1dff28841564d98a9ce2e55d644d6530","ref":"refs/heads/ioctl","pushedAt":"2024-07-15T19:34:52.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Landlock ABI v5 support (IOCTL on device files)\n\nMake ioctl(2) requests for device files restrictable with Landlock.\n\nIn the Go library, the LANDLOCK_ACCESS_FS_IOCTL_DEV right is *not*\npart of the RWFiles and ROFiles convenience functions.\n\nWhen you upgrade from an earlier ABI version to `landlock.V5`, and\nwhen you are restricting all access rights available at this version,\nplease double check whether your program uses any IOCTLs on device\nfiles.\n\nSome of the simpler IOCTL commands are exempt and are unconditionally\npermitted by Landlock.  (See the link below.)\n\nFixes: #29\nLink: https://lore.kernel.org/linux-security-module/20240419161122.2023765-1-gnoack@google.com/","shortMessageHtmlLink":"Landlock ABI v5 support (IOCTL on device files)"}},{"before":"043f1a935a89dbd3f6c8efafc0644cad3c62fca2","after":"8acad9054fc3a129c7a755914357974ddf807670","ref":"refs/heads/ioctl","pushedAt":"2024-07-15T19:33:53.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Landlock ABI v5 support (IOCTL on device files)\n\nMake ioctl(2) requests for device files restrictable with Landlock.\n\nIn the Go library, the LANDLOCK_ACCESS_FS_IOCTL_DEV right is *not*\npart of the RWFiles and ROFiles convenience functions.\n\nWhen you upgrade from an earlier ABI version to `landlock.V5`, and\nwhen you are restricting all access rights available at this version,\nplease double check whether your program uses any IOCTLs on device\nfiles.\n\nSome of the simpler IOCTL commands are exempt and are unconditionally\npermitted by Landlock.\n\nFixes: #29\nLink: https://lore.kernel.org/linux-security-module/20240419161122.2023765-1-gnoack@google.com/","shortMessageHtmlLink":"Landlock ABI v5 support (IOCTL on device files)"}},{"before":"80c1ac40184c67e9c8282c99f7c02f5ded570a66","after":"043f1a935a89dbd3f6c8efafc0644cad3c62fca2","ref":"refs/heads/ioctl","pushedAt":"2024-07-15T19:33:04.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Landlock ABI v5 support (IOCTL on device files)\n\nMake ioctl(2) requests for device files restrictable with Landlock.\n\nIn the Go library, the LANDLOCK_ACCESS_FS_IOCTL_DEV right is *not*\npart of the RWFiles and ROFiles convenience functions.\n\nWhen you upgrade from an earlier ABI version to [landlock.V5], and\nwhen you are restricting all access rights available at this version,\nplease double check whether your program uses any IOCTLs on device\nfiles.\n\nSome of the simpler IOCTL commands are exempt and are unconditionally\npermitted by Landlock.\n\nFixes: #29\nLink: https://lore.kernel.org/linux-security-module/20240419161122.2023765-1-gnoack@google.com/","shortMessageHtmlLink":"Landlock ABI v5 support (IOCTL on device files)"}},{"before":"d4dcc28b79547ede9e3f8c26327662dcd2c26472","after":"80c1ac40184c67e9c8282c99f7c02f5ded570a66","ref":"refs/heads/ioctl","pushedAt":"2024-07-05T15:42:54.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Landlock ABI v5 support (IOCTL on device files) (WIP)\n\nFixes #29","shortMessageHtmlLink":"Landlock ABI v5 support (IOCTL on device files) (WIP)"}},{"before":"788c6b0aa2c4bb8c4e508bd7963cafce4ef2a8c7","after":"bbc1976b16953ae39b540734ddfbe9de4ef38c6b","ref":"refs/heads/main","pushedAt":"2024-07-05T15:39:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Fix build, I missed one NetPortAttr rename","shortMessageHtmlLink":"Fix build, I missed one NetPortAttr rename"}},{"before":"2ff03591fef8f1412c39963ac5afb1694cc2067e","after":"788c6b0aa2c4bb8c4e508bd7963cafce4ef2a8c7","ref":"refs/heads/main","pushedAt":"2024-07-05T15:36:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Treat EINVAL from landlock_add_rule error correctly\n\nlandlock_add_rule(2) can return EINVAL when you try to use\ndirectory-only access rights on a regular file.\n\nFixes #26","shortMessageHtmlLink":"Treat EINVAL from landlock_add_rule error correctly"}},{"before":"59ea9735081397c63836bfce91750511ac5e5451","after":"d4dcc28b79547ede9e3f8c26327662dcd2c26472","ref":"refs/heads/ioctl","pushedAt":"2024-07-05T15:36:53.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Landlock ABI v5 support (IOCTL on device files) (WIP)\n\nFixes #29","shortMessageHtmlLink":"Landlock ABI v5 support (IOCTL on device files) (WIP)"}},{"before":"635dd36d2fd300d06bfeb13f606d518a0d5153a8","after":"59ea9735081397c63836bfce91750511ac5e5451","ref":"refs/heads/ioctl","pushedAt":"2024-07-05T10:20:10.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Landlock ABI v5 support (IOCTL on device files) (WIP)\n\nFixes #29","shortMessageHtmlLink":"Landlock ABI v5 support (IOCTL on device files) (WIP)"}},{"before":"a73e3a4875274d439b9f4f29ce07f66b416c2f56","after":"635dd36d2fd300d06bfeb13f606d518a0d5153a8","ref":"refs/heads/ioctl","pushedAt":"2024-07-04T17:54:45.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Landlock ABI v5 support (IOCTL on device files) (WIP)\n\nFixes #29","shortMessageHtmlLink":"Landlock ABI v5 support (IOCTL on device files) (WIP)"}},{"before":"efb66220540a9ef86aa0160d15e55f429d5b94d9","after":"2ff03591fef8f1412c39963ac5afb1694cc2067e","ref":"refs/heads/main","pushedAt":"2024-07-04T17:31:24.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"syscall: Rename NetServiceAttr to NetPortAttr\n\nThis was originally named in line with an earlier, unstable version of\nthe networking support, and I missed to update it.  We do not give\nbackwards compatibility guarantees on the syscall module, but I\nwas unable to find direct dependencies on it on the internet.\n\nIf this breaks you, please reach out with a Github issue.","shortMessageHtmlLink":"syscall: Rename NetServiceAttr to NetPortAttr"}},{"before":"b67957f9dced698a5326f1ad57bcee34eb3a0641","after":null,"ref":"refs/heads/composite","pushedAt":"2024-06-02T16:05:05.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"}},{"before":"23d0c1728f1998d887b3e7ec6a5fe2f1cf406bd7","after":"b67957f9dced698a5326f1ad57bcee34eb3a0641","ref":"refs/heads/options","pushedAt":"2024-06-02T16:03:16.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"WIP: Support for composite rules\n\nFixes issue #25","shortMessageHtmlLink":"WIP: Support for composite rules"}},{"before":"84db0270858d27621cb383d1ad37f08a0dc7e193","after":"a73e3a4875274d439b9f4f29ce07f66b416c2f56","ref":"refs/heads/ioctl","pushedAt":"2024-06-02T16:01:46.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Landlock ABI v5 support (IOCTL on device files) (WIP)\n\nFixes #29","shortMessageHtmlLink":"Landlock ABI v5 support (IOCTL on device files) (WIP)"}},{"before":null,"after":"84db0270858d27621cb383d1ad37f08a0dc7e193","ref":"refs/heads/ioctl","pushedAt":"2024-06-02T16:00:14.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Landlock ABI v5 support (IOCTL on device files) (WIP)","shortMessageHtmlLink":"Landlock ABI v5 support (IOCTL on device files) (WIP)"}},{"before":null,"after":"b67957f9dced698a5326f1ad57bcee34eb3a0641","ref":"refs/heads/composite","pushedAt":"2024-06-02T15:48:37.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"WIP: Support for composite rules\n\nFixes issue #25","shortMessageHtmlLink":"WIP: Support for composite rules"}},{"before":"7547b7fce44e37a233d6ab3f3da23e054fd0890a","after":"efb66220540a9ef86aa0160d15e55f429d5b94d9","ref":"refs/heads/main","pushedAt":"2024-02-16T19:56:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Rename example tools with go-landlock prefix\n\nThe 'convert' utility name conflicts with the popular ImageMagick\ntool, and it's too easy to accidentally break scripts which rely on\nthat tool.","shortMessageHtmlLink":"Rename example tools with go-landlock prefix"}},{"before":"aedba21834c0d4b300abf235ed3a58c9bcff5d07","after":null,"ref":"refs/heads/netv9","pushedAt":"2024-01-19T21:50:30.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"}},{"before":"d8ec2902000ec105d66a6993214904302805cc03","after":null,"ref":"refs/heads/linter","pushedAt":"2024-01-19T21:50:23.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"}},{"before":"0267bd0f19dae81b612e281371a43ff225ef9a06","after":"7547b7fce44e37a233d6ab3f3da23e054fd0890a","ref":"refs/heads/main","pushedAt":"2024-01-19T21:49:50.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Github: Add linter","shortMessageHtmlLink":"Github: Add linter"}},{"before":"2aaa22dffe6975974298c1b36915d6727e9e5ef5","after":"d8ec2902000ec105d66a6993214904302805cc03","ref":"refs/heads/linter","pushedAt":"2024-01-19T21:47:15.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Github: Add linter","shortMessageHtmlLink":"Github: Add linter"}},{"before":"864eccaa6b7db40af1139a58ed027aefbd10a06d","after":"2aaa22dffe6975974298c1b36915d6727e9e5ef5","ref":"refs/heads/linter","pushedAt":"2024-01-19T21:42:16.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"poor documentation to tickle the linter","shortMessageHtmlLink":"poor documentation to tickle the linter"}},{"before":"95377f050108e9f5301424030fc07e458b8c2789","after":"864eccaa6b7db40af1139a58ed027aefbd10a06d","ref":"refs/heads/linter","pushedAt":"2024-01-19T21:31:17.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"poor documentation to tickle the linter","shortMessageHtmlLink":"poor documentation to tickle the linter"}},{"before":"695471563d2940ba297a87d338c5020b09826c00","after":"95377f050108e9f5301424030fc07e458b8c2789","ref":"refs/heads/linter","pushedAt":"2024-01-19T21:26:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"poor documentation to tickle the linter","shortMessageHtmlLink":"poor documentation to tickle the linter"}},{"before":"de87de58d4e141d8f8a27db1526362efc8329553","after":"695471563d2940ba297a87d338c5020b09826c00","ref":"refs/heads/linter","pushedAt":"2024-01-19T21:24:44.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Github: Add linter","shortMessageHtmlLink":"Github: Add linter"}},{"before":"0267bd0f19dae81b612e281371a43ff225ef9a06","after":"de87de58d4e141d8f8a27db1526362efc8329553","ref":"refs/heads/linter","pushedAt":"2024-01-19T21:20:18.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Github: Add linter","shortMessageHtmlLink":"Github: Add linter"}},{"before":null,"after":"0267bd0f19dae81b612e281371a43ff225ef9a06","ref":"refs/heads/linter","pushedAt":"2024-01-19T21:18:54.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Remove unused AccessNetSet.union","shortMessageHtmlLink":"Remove unused AccessNetSet.union"}},{"before":"af0413df0069e1734c652e866c6ed0a168e88a7c","after":"0267bd0f19dae81b612e281371a43ff225ef9a06","ref":"refs/heads/main","pushedAt":"2024-01-19T20:56:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Remove unused AccessNetSet.union","shortMessageHtmlLink":"Remove unused AccessNetSet.union"}},{"before":"e337b01c55fdea040f080f6a4f31fb553f4d512f","after":"af0413df0069e1734c652e866c6ed0a168e88a7c","ref":"refs/heads/main","pushedAt":"2024-01-19T20:51:35.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Example code: Replace landlock.PathOpt with landlock.Rule\n\nBoth names refer to the same type, but landlock.Rule is the better\nname, so landlock.PathOpt is now deprecated.","shortMessageHtmlLink":"Example code: Replace landlock.PathOpt with landlock.Rule"}},{"before":"9e68e6507282d5310e52987a35e0953a2c84f06f","after":"e337b01c55fdea040f080f6a4f31fb553f4d512f","ref":"refs/heads/main","pushedAt":"2024-01-15T19:03:52.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"gnoack","name":"Günther Noack","path":"/gnoack","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1935592?s=80&v=4"},"commit":{"message":"Document ConnectTCP","shortMessageHtmlLink":"Document ConnectTCP"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEgA_HIQA","startCursor":null,"endCursor":null}},"title":"Activity · landlock-lsm/go-landlock"}