Deterministic library with explicit ABI

[l0kod]

Hi @Edward-Knight,

First, it's great to see such Python library for Landlock. Thanks!

Libraries for other languages (e.g. Rust, Python) require users to be explicit about the Landlock ABI they want to use, with a best-effort default approach. This enables users to get a deterministic sandboxing useful to avoid potential future too-hermetic sandboxing. Otherwise, the current approach could break application and legitimate use cases (e.g. with an update of the Python library, but without changing the app code, then not testing it with this new version).

I gave a talk at FOSDEM about this kind of issues. Here are related discussions landlock-lsm/rust-landlock#12, and the current Rust library documentation.

I see that landlock_abi_version() is used to check at run time which access rights should be used (e.g. all_file(), all_dir()). A call to Ruleset() uses FSAccess.all, which may be different according to the running kernel.

It would be good to enable users to create deterministic sandboxes.