ext: isolate from container/std

These are too general to belong in the container package. This targets the v0.4 release to reduce the wrapper maintenance burden.

Signed-off-by: Ophestra <cat@gensokyo.uk>

container/landlock.go

@@ -5,7 +5,7 @@ import (
 	"syscall"
 	"unsafe"
 
-	"hakurei.app/container/std"
+	"hakurei.app/ext"
 )
 
 // include/uapi/linux/landlock.h
@@ -223,7 +223,7 @@ func (rulesetAttr *RulesetAttr) Create(flags uintptr) (fd int, err error) {
 	}
 
 	rulesetFd, _, errno := syscall.Syscall(
-		std.SYS_LANDLOCK_CREATE_RULESET,
+		ext.SYS_LANDLOCK_CREATE_RULESET,
 		pointer, size,
 		flags,
 	)
@@ -247,7 +247,7 @@ func LandlockGetABI() (int, error) {
 // LandlockRestrictSelf applies a loaded ruleset to the calling thread.
 func LandlockRestrictSelf(rulesetFd int, flags uintptr) error {
 	r, _, errno := syscall.Syscall(
-		std.SYS_LANDLOCK_RESTRICT_SELF,
+		ext.SYS_LANDLOCK_RESTRICT_SELF,
 		uintptr(rulesetFd),
 		flags,
 		0,