Merge branch 'main' into github

marek22k · marek22k · commit 5dcd55b99a82 · 2025-11-19T19:49:58.000Z
diff --git a/src/landlock.cpp b/src/landlock.cpp
@@ -11,6 +11,9 @@
 LandlockRuleset::LandlockRuleset(uint64_t handled_access_fr,
                                  uint64_t handled_access_net)
 {
+    if (LandlockRuleset::abi_version() < 6)
+        throw std::runtime_error("Landlock is too old.");
+
     const struct landlock_ruleset_attr attr = {
         .handled_access_fs = handled_access_fr,
         .handled_access_net = handled_access_net};
@@ -37,4 +40,9 @@ void LandlockRuleset::restrict_self() const
         throw std::runtime_error("Failed to restrict self via landlock.");
 }
 
+[[nodiscard]] int LandlockRuleset::abi_version() noexcept
+{
+    return landlock_create_ruleset(nullptr, 0, LANDLOCK_CREATE_RULESET_VERSION);
+}
+
 #endif
diff --git a/src/landlock.hpp b/src/landlock.hpp
@@ -59,6 +59,8 @@ class LandlockRuleset
                                    int32_t parent_fd) const;
         void restrict_self() const;
 
+        [[nodiscard]] static int abi_version() noexcept;
+
     private:
         int ruleset;
 };
diff --git a/src/main.cpp b/src/main.cpp
@@ -11,6 +11,7 @@
 #include <cstdlib>
 #include <boost/asio.hpp>
 #include <boost/log/trivial.hpp>
+#include <boost/version.hpp>
 #include <unistd.h>
 #include "capability_managment.hpp"
 #include "configuration.hpp"
@@ -88,7 +89,7 @@ int main(int argc, char * argv[])
 #if defined(TINS_VERSION_MAJOR) && defined(TINS_VERSION_MINOR) && \
     defined(TINS_VERSION_PATCH)
         BOOST_LOG_TRIVIAL(info)
-            << "libtins version: " << TINS_VERSION_MAJOR << "."
+            << "libtins version (compile time): " << TINS_VERSION_MAJOR << "."
             << TINS_VERSION_MINOR << "." << TINS_VERSION_PATCH;
 #endif
 
@@ -100,16 +101,27 @@ int main(int argc, char * argv[])
 
 #ifdef HAVE_SECCOMP
         BOOST_LOG_TRIVIAL(info) << "seccomp: true";
+        auto seccomp_ver = seccomp_version();
+        BOOST_LOG_TRIVIAL(info)
+            << "seccomp version (runtime): " << seccomp_ver->major << "."
+            << seccomp_ver->minor << "." << seccomp_ver->micro;
 #else
         BOOST_LOG_TRIVIAL(info) << "seccomp: false";
 #endif
 
 #ifdef HAVE_LANDLOCK
-        BOOST_LOG_TRIVIAL(info) << "landlock: true";
+        BOOST_LOG_TRIVIAL(info) << "Landlock: true";
+        BOOST_LOG_TRIVIAL(info)
+            << "Landlock ABI version: " << LandlockRuleset::abi_version();
 #else
-        BOOST_LOG_TRIVIAL(info) << "landlock: false";
+        BOOST_LOG_TRIVIAL(info) << "Landlock: false";
 #endif
 
+        BOOST_LOG_TRIVIAL(info)
+            << "Boost version (compile time): " << (BOOST_VERSION / 100'000)
+            << "." << (BOOST_VERSION / 100 % 1000) << "."
+            << (BOOST_VERSION % 100);
+
         const std::shared_ptr<NodeContainer> nodecontainer =
             config.get_node_container();
 
