On Tue, Feb 08, 2022 at 12:09:47PM +0100, Omar Polo wrote:
> Logging in landlock_no_fs is too much noisy IMHO, as it implies that
> every libexec helpers prints something.  Another option would be to do
> something like the following early in got main() which produces:
> 
> 	op@devuan:~/w/got-portable$ got st -S?
> 	got: sandboxing disabled: Operation not supported

I agree that having a one-time warning like this would be good.
I think writing "landlock disabled" would be better because mentioning
landlock explicitly provides a more useful hint.

Should we provide an environment variable to suppress the warning,
just in case people find themselves in a situation where they have
no control over this? Or would that be counter-productive?