From 19d6d266bc2fcd577ecd2e119fd7dd161c0a86f5 Mon Sep 17 00:00:00 2001
From: dietshasta <dietshasta@mail.i2p>
Date: Fri, 15 Mar 2024 19:37:40 +0000
Subject: [PATCH] more landlock rules

---
 daemon/Sandbox.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/daemon/Sandbox.cpp b/daemon/Sandbox.cpp
index 972cfca..1cf6b4b 100644
--- a/daemon/Sandbox.cpp
+++ b/daemon/Sandbox.cpp
@@ -208,6 +208,12 @@ namespace i2p {
         return false;
       if(!addrule("/usr/share/zoneinfo/", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
         return false;
+      if(!addrule("/proc/sys/vm", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
+        return false;
+      if(!addrule("/sys/devices/system/cpu/", LANDLOCK_ACCESS_FS_READ_FILE|LANDLOCK_ACCESS_FS_READ_DIR, ruleset_fd))
+        return false;
+      if(!addrule("/dev/urandom", LANDLOCK_ACCESS_FS_READ_FILE, ruleset_fd))
+        return false;
       if(!addrule("/etc/ld.so.cache", LANDLOCK_ACCESS_FS_READ_FILE, ruleset_fd))
         return false;
       if(!addrule("/etc/nsswitch.conf", LANDLOCK_ACCESS_FS_READ_FILE, ruleset_fd))