From b3cabd853a0e70d0eceff41a8f34b5148bb82b94 Mon Sep 17 00:00:00 2001
From: s0me0ne-unkn0wn <48632512+s0me0ne-unkn0wn@users.noreply.github.com>
Date: Wed, 17 Jul 2024 21:56:16 +0200
Subject: [PATCH] Fix landlock presence test (#5037)

Closes #4951 (hopefully)

@alvicsam can you please check if it passes in the new environment?
---
 polkadot/node/core/pvf/tests/it/main.rs | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/polkadot/node/core/pvf/tests/it/main.rs b/polkadot/node/core/pvf/tests/it/main.rs
index d62a1aef230..9ad48665751 100644
--- a/polkadot/node/core/pvf/tests/it/main.rs
+++ b/polkadot/node/core/pvf/tests/it/main.rs
@@ -523,20 +523,17 @@ async fn prepare_can_run_serially() {
 #[cfg(all(feature = "ci-only-tests", target_os = "linux"))]
 #[tokio::test]
 async fn all_security_features_work() {
-	// Landlock is only available starting Linux 5.13, and we may be testing on an old kernel.
 	let can_enable_landlock = {
-		let sysinfo = sc_sysinfo::gather_sysinfo();
-		// The version will look something like "5.15.0-87-generic".
-		let version = sysinfo.linux_kernel.unwrap();
-		let version_split: Vec<&str> = version.split(".").collect();
-		let major: u32 = version_split[0].parse().unwrap();
-		let minor: u32 = version_split[1].parse().unwrap();
-		if major >= 6 {
-			true
-		} else if major == 5 {
-			minor >= 13
+		let res = unsafe { libc::syscall(libc::SYS_landlock_create_ruleset, 0usize, 0usize, 1u32) };
+		if res == -1 {
+			let err = std::io::Error::last_os_error().raw_os_error().unwrap();
+			if err == libc::ENOSYS {
+				false
+			} else {
+				panic!("Unexpected errno from landlock check: {err}");
+			}
 		} else {
-			false
+			true
 		}
 	};
 
-- 
GitLab