From 7ac68520ecd4f757cc6808ae4b2e97c645aa2ebb Mon Sep 17 00:00:00 2001
From: Federico Maria Morrone <contact@morrone.dev>
Date: Tue, 24 Sep 2024 15:09:33 +0200
Subject: [PATCH] Add landlock api

---
 gen/modules/general.h      |  1 +
 src/aarch64/general.rs     | 44 ++++++++++++++++++++++++++++++++++++++
 src/arm/general.rs         | 44 ++++++++++++++++++++++++++++++++++++++
 src/csky/general.rs        | 44 ++++++++++++++++++++++++++++++++++++++
 src/loongarch64/general.rs | 44 ++++++++++++++++++++++++++++++++++++++
 src/mips/general.rs        | 44 ++++++++++++++++++++++++++++++++++++++
 src/mips32r6/general.rs    | 44 ++++++++++++++++++++++++++++++++++++++
 src/mips64/general.rs      | 44 ++++++++++++++++++++++++++++++++++++++
 src/mips64r6/general.rs    | 44 ++++++++++++++++++++++++++++++++++++++
 src/powerpc/general.rs     | 44 ++++++++++++++++++++++++++++++++++++++
 src/powerpc64/general.rs   | 44 ++++++++++++++++++++++++++++++++++++++
 src/riscv32/general.rs     | 44 ++++++++++++++++++++++++++++++++++++++
 src/riscv64/general.rs     | 44 ++++++++++++++++++++++++++++++++++++++
 src/s390x/general.rs       | 44 ++++++++++++++++++++++++++++++++++++++
 src/sparc/general.rs       | 44 ++++++++++++++++++++++++++++++++++++++
 src/sparc64/general.rs     | 44 ++++++++++++++++++++++++++++++++++++++
 src/x32/general.rs         | 44 ++++++++++++++++++++++++++++++++++++++
 src/x86/general.rs         | 44 ++++++++++++++++++++++++++++++++++++++
 src/x86_64/general.rs      | 44 ++++++++++++++++++++++++++++++++++++++
 19 files changed, 793 insertions(+)

diff --git a/gen/modules/general.h b/gen/modules/general.h
index 0a73416f..7ba2200f 100644
--- a/gen/modules/general.h
+++ b/gen/modules/general.h
@@ -14,6 +14,7 @@
 #include <linux/fs.h>
 #include <linux/futex.h>
 #include <linux/inotify.h>
+#include <linux/landlock.h>
 #include <linux/limits.h>
 #include <linux/magic.h>
 #include <linux/mman.h>
diff --git a/src/aarch64/general.rs b/src/aarch64/general.rs
index 1e1e87dd..6f571b8f 100644
--- a/src/aarch64/general.rs
+++ b/src/aarch64/general.rs
@@ -426,6 +426,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1551,6 +1569,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2749,6 +2786,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/arm/general.rs b/src/arm/general.rs
index 3268e102..047e2b9d 100644
--- a/src/arm/general.rs
+++ b/src/arm/general.rs
@@ -424,6 +424,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1582,6 +1600,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2886,6 +2923,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/csky/general.rs b/src/csky/general.rs
index 7c064f02..4cd2f282 100644
--- a/src/csky/general.rs
+++ b/src/csky/general.rs
@@ -424,6 +424,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1573,6 +1591,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2787,6 +2824,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/loongarch64/general.rs b/src/loongarch64/general.rs
index 6b9d7e7c..17918cd9 100644
--- a/src/loongarch64/general.rs
+++ b/src/loongarch64/general.rs
@@ -426,6 +426,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1549,6 +1567,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2738,6 +2775,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/mips/general.rs b/src/mips/general.rs
index 0cf6d72d..c5029be9 100644
--- a/src/mips/general.rs
+++ b/src/mips/general.rs
@@ -427,6 +427,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1600,6 +1618,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 128;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -3055,6 +3092,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/mips32r6/general.rs b/src/mips32r6/general.rs
index 0cf6d72d..c5029be9 100644
--- a/src/mips32r6/general.rs
+++ b/src/mips32r6/general.rs
@@ -427,6 +427,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1600,6 +1618,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 128;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -3055,6 +3092,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/mips64/general.rs b/src/mips64/general.rs
index dd7369d9..ee6d879b 100644
--- a/src/mips64/general.rs
+++ b/src/mips64/general.rs
@@ -427,6 +427,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1589,6 +1607,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 128;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2974,6 +3011,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/mips64r6/general.rs b/src/mips64r6/general.rs
index dd7369d9..ee6d879b 100644
--- a/src/mips64r6/general.rs
+++ b/src/mips64r6/general.rs
@@ -427,6 +427,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1589,6 +1607,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 128;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2974,6 +3011,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/powerpc/general.rs b/src/powerpc/general.rs
index 7667759e..8cdeb22e 100644
--- a/src/powerpc/general.rs
+++ b/src/powerpc/general.rs
@@ -431,6 +431,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1640,6 +1658,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2978,6 +3015,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/powerpc64/general.rs b/src/powerpc64/general.rs
index 9f976e43..9b704e36 100644
--- a/src/powerpc64/general.rs
+++ b/src/powerpc64/general.rs
@@ -433,6 +433,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1619,6 +1637,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2927,6 +2964,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/riscv32/general.rs b/src/riscv32/general.rs
index 74b3ce09..6fbd37af 100644
--- a/src/riscv32/general.rs
+++ b/src/riscv32/general.rs
@@ -424,6 +424,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1582,6 +1600,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2766,6 +2803,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/riscv64/general.rs b/src/riscv64/general.rs
index d058025a..698d46bc 100644
--- a/src/riscv64/general.rs
+++ b/src/riscv64/general.rs
@@ -426,6 +426,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1557,6 +1575,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2751,6 +2788,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/s390x/general.rs b/src/s390x/general.rs
index 6e0dd13e..f82acbca 100644
--- a/src/s390x/general.rs
+++ b/src/s390x/general.rs
@@ -441,6 +441,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1548,6 +1566,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2805,6 +2842,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/sparc/general.rs b/src/sparc/general.rs
index 3594c2c8..b8187d5b 100644
--- a/src/sparc/general.rs
+++ b/src/sparc/general.rs
@@ -426,6 +426,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1592,6 +1610,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 4194304;
 pub const IN_NONBLOCK: u32 = 16384;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2937,6 +2974,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/sparc64/general.rs b/src/sparc64/general.rs
index 85b0455e..d992935e 100644
--- a/src/sparc64/general.rs
+++ b/src/sparc64/general.rs
@@ -434,6 +434,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1586,6 +1604,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 4194304;
 pub const IN_NONBLOCK: u32 = 16384;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2893,6 +2930,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/x32/general.rs b/src/x32/general.rs
index 6ca18828..3590f4cc 100644
--- a/src/x32/general.rs
+++ b/src/x32/general.rs
@@ -427,6 +427,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1564,6 +1582,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2809,6 +2846,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/x86/general.rs b/src/x86/general.rs
index ee1f484a..19ff2752 100644
--- a/src/x86/general.rs
+++ b/src/x86/general.rs
@@ -424,6 +424,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1585,6 +1603,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2919,6 +2956,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,
diff --git a/src/x86_64/general.rs b/src/x86_64/general.rs
index ae26aa3c..09dfb739 100644
--- a/src/x86_64/general.rs
+++ b/src/x86_64/general.rs
@@ -426,6 +426,24 @@ pub name: __IncompleteArrayField<crate::ctypes::c_char>,
 }
 #[repr(C)]
 #[derive(Debug, Copy, Clone)]
+pub struct landlock_ruleset_attr {
+pub handled_access_fs: __u64,
+pub handled_access_net: __u64,
+}
+#[repr(C, packed)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_path_beneath_attr {
+pub allowed_access: __u64,
+pub parent_fd: __s32,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
+pub struct landlock_net_port_attr {
+pub allowed_access: __u64,
+pub port: __u64,
+}
+#[repr(C)]
+#[derive(Debug, Copy, Clone)]
 pub struct cachestat_range {
 pub off: __u64,
 pub len: __u64,
@@ -1559,6 +1577,25 @@ pub const IN_ONESHOT: u32 = 2147483648;
 pub const IN_ALL_EVENTS: u32 = 4095;
 pub const IN_CLOEXEC: u32 = 524288;
 pub const IN_NONBLOCK: u32 = 2048;
+pub const LANDLOCK_CREATE_RULESET_VERSION: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_EXECUTE: u32 = 1;
+pub const LANDLOCK_ACCESS_FS_WRITE_FILE: u32 = 2;
+pub const LANDLOCK_ACCESS_FS_READ_FILE: u32 = 4;
+pub const LANDLOCK_ACCESS_FS_READ_DIR: u32 = 8;
+pub const LANDLOCK_ACCESS_FS_REMOVE_DIR: u32 = 16;
+pub const LANDLOCK_ACCESS_FS_REMOVE_FILE: u32 = 32;
+pub const LANDLOCK_ACCESS_FS_MAKE_CHAR: u32 = 64;
+pub const LANDLOCK_ACCESS_FS_MAKE_DIR: u32 = 128;
+pub const LANDLOCK_ACCESS_FS_MAKE_REG: u32 = 256;
+pub const LANDLOCK_ACCESS_FS_MAKE_SOCK: u32 = 512;
+pub const LANDLOCK_ACCESS_FS_MAKE_FIFO: u32 = 1024;
+pub const LANDLOCK_ACCESS_FS_MAKE_BLOCK: u32 = 2048;
+pub const LANDLOCK_ACCESS_FS_MAKE_SYM: u32 = 4096;
+pub const LANDLOCK_ACCESS_FS_REFER: u32 = 8192;
+pub const LANDLOCK_ACCESS_FS_TRUNCATE: u32 = 16384;
+pub const LANDLOCK_ACCESS_FS_IOCTL_DEV: u32 = 32768;
+pub const LANDLOCK_ACCESS_NET_BIND_TCP: u32 = 1;
+pub const LANDLOCK_ACCESS_NET_CONNECT_TCP: u32 = 2;
 pub const ADFS_SUPER_MAGIC: u32 = 44533;
 pub const AFFS_SUPER_MAGIC: u32 = 44543;
 pub const AFS_SUPER_MAGIC: u32 = 1397113167;
@@ -2815,6 +2852,13 @@ PROCMAP_QUERY_FILE_BACKED_VMA = 32,
 #[repr(u32)]
 #[non_exhaustive]
 #[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
+pub enum landlock_rule_type {
+LANDLOCK_RULE_PATH_BENEATH = 1,
+LANDLOCK_RULE_NET_PORT = 2,
+}
+#[repr(u32)]
+#[non_exhaustive]
+#[derive(Debug, Copy, Clone, Hash, PartialEq, Eq)]
 pub enum membarrier_cmd {
 MEMBARRIER_CMD_QUERY = 0,
 MEMBARRIER_CMD_GLOBAL = 1,