From db159e8f19d71ad6fd54fa00382968b5c61b73ad Mon Sep 17 00:00:00 2001
From: ngergs <niklas@ngergs.de>
Date: Tue, 30 Jul 2024 21:42:47 +0200
Subject: [PATCH] Add AccessFSTruncate to access rights that apply to files

AccessFSTruncate works also on a per file basis and can be used to e.g. overwrite an existing target file
like in this gist: https://gist.github.com/ngergs/b2ace345fbf8d682da33b5a4d869bb04
---
 landlock/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/landlock/config.go b/landlock/config.go
index 6f54cd7..2fda1f7 100644
--- a/landlock/config.go
+++ b/landlock/config.go
@@ -10,7 +10,7 @@ import (
 // Access permission sets for filesystem access.
 const (
 	// The set of access rights that only apply to files.
-	accessFile AccessFSSet = ll.AccessFSExecute | ll.AccessFSWriteFile | ll.AccessFSReadFile
+	accessFile AccessFSSet = ll.AccessFSExecute | ll.AccessFSWriteFile | ll.AccessFSTruncate | ll.AccessFSReadFile
 
 	// The set of access rights associated with read access to files and directories.
 	accessFSRead AccessFSSet = ll.AccessFSExecute | ll.AccessFSReadFile | ll.AccessFSReadDir