Commit 8654b729 for xz

commit 8654b72980c774d4cb142e11a6012fe9a6a83122
Author: Lasse Collin <lasse.collin@tukaani.org>
Date:   Thu May 21 18:57:36 2026 +0300

    Landlock: Support ABI version 9

    Features added in versions 7 and 8 shouldn't be relevant here.

diff --git a/src/common/my_landlock.h b/src/common/my_landlock.h
index aed9a366..35aee08e 100644
--- a/src/common/my_landlock.h
+++ b/src/common/my_landlock.h
@@ -26,7 +26,7 @@

 // In case we are being compiled against an old <linux/landlock.h>,
 // provide fallbacks for handled_access_fs flags that were added in
-// Landlock ABI versions 2, 3, and 5. This way we need fewer #ifdefs
+// Landlock ABI versions 2, 3, 5, and 9. This way we need fewer #ifdefs
 // later on and, more importantly, these flags are then supported if
 // the program is run under a kernel that supports a newer Landlock ABI
 // than the current <linux/landlock.h>.
@@ -42,6 +42,9 @@
 #ifndef LANDLOCK_ACCESS_FS_IOCTL_DEV
 #	define LANDLOCK_ACCESS_FS_IOCTL_DEV     (1ULL << 15)
 #endif
+#ifndef LANDLOCK_ACCESS_FS_RESOLVE_UNIX
+#	define LANDLOCK_ACCESS_FS_RESOLVE_UNIX  (1ULL << 16)
+#endif


 /// \brief      Initialize Landlock ruleset attributes to forbid everything
@@ -110,6 +113,7 @@ my_landlock_ruleset_attr_forbid_all(struct landlock_ruleset_attr *attr)
 			| LANDLOCK_ACCESS_FS_REFER // ABI 2
 			| LANDLOCK_ACCESS_FS_TRUNCATE // ABI 3
 			| LANDLOCK_ACCESS_FS_IOCTL_DEV // ABI 5
+			| LANDLOCK_ACCESS_FS_RESOLVE_UNIX // ABI 9
 			;

 #ifdef LANDLOCK_ACCESS_NET_BIND_TCP
@@ -160,6 +164,11 @@ my_landlock_ruleset_attr_forbid_all(struct landlock_ruleset_attr *attr)

 		FALLTHROUGH;

+	case 7:
+	case 8:
+		attr->handled_access_fs &= ~LANDLOCK_ACCESS_FS_RESOLVE_UNIX;
+		FALLTHROUGH;
+
 	default:
 		// We only know about the features of the ABIs 1-6.
 		break;