cmd/mbf: optional host abstract

This works around kernels with Landlock LSM disabled. Does not affect cure outcome. Signed-off-by: Ophestra <cat@gensokyo.uk>
2026-04-07 18:12:43 +09:00
parent 876917229a
commit f23f73701c
1 changed files with 13 additions and 1 deletions
--- a/cmd/mbf/main.go
+++ b/cmd/mbf/main.go
@@ -73,6 +73,8 @@ func main() {
 		flagCures int
 		flagBase  string
 		flagIdle  bool
+
+		flagHostAbstract bool
 	)
 	c := command.New(os.Stderr, log.Printf, "mbf", func([]string) (err error) {
 		msg.SwapVerbose(!flagQuiet)
@@ -91,7 +93,10 @@ func main() {

 		var flags int
 		if flagIdle {
-			flags &= pkg.CSchedIdle
+			flags |= pkg.CSchedIdle
+		}
+		if flagHostAbstract {
+			flags |= pkg.CHostAbstract
 		}
 		cache, err = pkg.Open(ctx, msg, flags, flagCures, base)

@@ -112,6 +117,13 @@ func main() {
 		&flagIdle,
 		"sched-idle", command.BoolFlag(false),
 		"Set SCHED_IDLE scheduling policy",
+	).Flag(
+		&flagHostAbstract,
+		"host-abstract", command.BoolFlag(
+			os.Getenv("MBF_HOST_ABSTRACT") != "",
+		),
+		"Do not restrict networked cure containers from connecting to host "+
+			"abstract UNIX sockets",
 	)

 	{