From f23f73701c4ccf96ab4a1c28d4ca163f8e96f2f4 Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Tue, 7 Apr 2026 18:12:43 +0900
Subject: [PATCH] cmd/mbf: optional host abstract

This works around kernels with Landlock LSM disabled. Does not affect cure outcome.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 cmd/mbf/main.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/cmd/mbf/main.go b/cmd/mbf/main.go
index 5ae0d836..41735646 100644
--- a/cmd/mbf/main.go
+++ b/cmd/mbf/main.go
@@ -73,6 +73,8 @@ func main() {
 		flagCures int
 		flagBase  string
 		flagIdle  bool
+
+		flagHostAbstract bool
 	)
 	c := command.New(os.Stderr, log.Printf, "mbf", func([]string) (err error) {
 		msg.SwapVerbose(!flagQuiet)
@@ -91,7 +93,10 @@ func main() {
 
 		var flags int
 		if flagIdle {
-			flags &= pkg.CSchedIdle
+			flags |= pkg.CSchedIdle
+		}
+		if flagHostAbstract {
+			flags |= pkg.CHostAbstract
 		}
 		cache, err = pkg.Open(ctx, msg, flags, flagCures, base)
 
@@ -112,6 +117,13 @@ func main() {
 		&flagIdle,
 		"sched-idle", command.BoolFlag(false),
 		"Set SCHED_IDLE scheduling policy",
+	).Flag(
+		&flagHostAbstract,
+		"host-abstract", command.BoolFlag(
+			os.Getenv("MBF_HOST_ABSTRACT") != "",
+		),
+		"Do not restrict networked cure containers from connecting to host "+
+			"abstract UNIX sockets",
 	)
 
 	{