From 545f68d60dcf0439ff3745ba55c70cf311cf12b1 Mon Sep 17 00:00:00 2001
From: Kailun Qin <kailun.qin@intel.com>
Date: Wed, 10 Aug 2022 15:10:46 -0400
Subject: [PATCH] Update config schema

Signed-off-by: Kailun Qin <kailun.qin@intel.com>
---
 schema/config-schema.json | 14 ++++++++++
 schema/defs.json          | 57 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+)

diff --git a/schema/config-schema.json b/schema/config-schema.json
index 94923b35a..c3a960e0c 100644
--- a/schema/config-schema.json
+++ b/schema/config-schema.json
@@ -141,6 +141,20 @@
                 "selinuxLabel": {
                     "type": "string"
                 },
+                "landlock": {
+                    "type": "object",
+                    "properties": {
+                        "ruleset": {
+                            "$ref": "defs.json#/definitions/LandlockRuleset"
+                        },
+                        "rules": {
+                            "$ref": "defs.json#/definitions/LandlockRules"
+                        },
+                        "disableBestEffort": {
+                            "type": "boolean"
+                        }
+                    }
+                },
                 "noNewPrivileges": {
                     "type": "boolean"
                 },
diff --git a/schema/defs.json b/schema/defs.json
index 61e1edefa..fa31a90c1 100644
--- a/schema/defs.json
+++ b/schema/defs.json
@@ -153,6 +153,63 @@
         },
         "annotations": {
             "$ref": "#/definitions/mapStringString"
+        },
+        "LandlockFSAction": {
+            "type": "string",
+            "enum": [
+                "execute",
+                "write_file",
+                "read_file",
+                "read_dir",
+                "remove_dir",
+                "remove_file",
+                "make_char",
+                "make_dir",
+                "make_reg",
+                "make_sock",
+                "make_fifo",
+                "make_block",
+                "make_sym"
+            ]
+        },
+        "ArrayOfLandlockFSActions": {
+            "type": "array",
+            "items": {
+                "$ref": "#/definitions/LandlockFSAction"
+            }
+        },
+        "LandlockRuleset": {
+            "type": "object",
+             "properties": {
+                 "handledAccessFS": {
+                     "$ref": "#/definitions/ArrayOfLandlockFSActions"
+                 }
+             }
+        },
+        "LandlockRulePathBeneath": {
+            "type": "object",
+            "properties": {
+                "allowedAccess": {
+                    "$ref": "#/definitions/ArrayOfLandlockFSActions"
+                },
+                "paths": {
+                    "$ref": "#/definitions/ArrayOfStrings"
+                }
+            }
+        },
+        "ArrayOfLandlockRulePathBeneaths": {
+            "type": "array",
+            "items": {
+                "$ref": "#/definitions/LandlockRulePathBeneath"
+            }
+        },
+        "LandlockRules": {
+            "type": "object",
+            "properties": {
+                "pathBeneath": {
+                    "$ref": "#/definitions/ArrayOfLandlockRulePathBeneaths"
+                }
+            }
         }
     }
 }