On Tue, Feb 08, 2022 at 12:09:47PM +0100, Omar Polo wrote:
> unfortunately, landlock being a "stackable security module" means that
> users can enable and/or disable it on demand independently from the
> distro.  (also don't forget that the linux people loves containers so
> much, they may end up running stuff on a different kernel from the
> distro they're pulling the packages from, don't know if we should take
> this into account... bah)

Ah -- I did not know it was one of those sorts of capabilities.  I really
don't like this model Linux seems to be using, but... it is what it is.

> 	op@devuan:~/w/got-portable$ got st -S?
> 	got: sandboxing disabled: Operation not supported
> 	M  compat/landlock.c
> 	M  got/got.c
> 	M  include/got_compat.h
> 
> Thomas: do you think it's acceptable?  It adds a bit of platform
> dependant code outside of compat/, but it's only in one and hopefully we
> don't have to touch it for a long time.  (it's also in a section of the
> code which doesn't change often, so possibly won't break with future
> updates.)

Yes, this seems fine to me.

Kindly,
Thomas