From 4368869c658cac785c6582572e4db0873bc26868 Mon Sep 17 00:00:00 2001
From: LeChatP <lechatp@outlook.fr>
Date: Thu, 22 Jan 2026 09:50:23 +0100
Subject: [PATCH] feat: add landlock glob pattern

---
 Cargo.lock                    |  7 ++++---
 Cargo.toml                    |  7 ++++---
 rar-common/Cargo.toml         |  2 +-
 resources/man/en_US.md        |  2 +-
 resources/man/fr_FR.md        |  2 +-
 src/sr/finder/api/landlock.rs | 24 ++++++++++++++++++++----
 xtask/Cargo.toml              |  2 +-
 7 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 3d3102f..564f773 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -998,7 +998,7 @@ checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001"
 
 [[package]]
 name = "rootasrole"
-version = "3.3.1"
+version = "3.3.2"
 dependencies = [
  "bitflags 2.9.3",
  "bon",
@@ -1008,6 +1008,7 @@ dependencies = [
  "const_format",
  "derivative",
  "env_logger",
+ "glob",
  "hex",
  "landlock",
  "libc",
@@ -1035,7 +1036,7 @@ dependencies = [
 
 [[package]]
 name = "rootasrole-core"
-version = "3.3.1"
+version = "3.3.2"
 dependencies = [
  "bitflags 2.9.3",
  "bon",
@@ -1758,7 +1759,7 @@ checksum = "052283831dbae3d879dc7f51f3d92703a316ca49f91540417d38591826127814"
 
 [[package]]
 name = "xtask"
-version = "3.3.1"
+version = "3.3.2"
 dependencies = [
  "anyhow",
  "capctl",
diff --git a/Cargo.toml b/Cargo.toml
index b50def0..e39cc8a 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,7 +3,7 @@ members = ["xtask", "rar-common"]
 
 [package]
 name = "rootasrole"
-version = "3.3.1"
+version = "3.3.2"
 rust-version = "1.83.0"
 authors = ["Eddie Billoir <lechatp@outlook.fr>"]
 edition = "2021"
@@ -59,7 +59,7 @@ hashchecker = ["dep:hex", "dep:sha2"]
 ssd = []
 hierarchy = []
 timeout = []
-landlock = ["dep:landlock", "dep:bitflags"]
+landlock = ["dep:landlock", "dep:bitflags", "dep:glob"]
 editor = ["dep:landlock", "dep:libseccomp", "dep:pest", "dep:pest_derive", "dep:linked_hash_set"]
 
 [lints.rust]
@@ -69,7 +69,7 @@ unexpected_cfgs = { level = "allow", check-cfg = ['cfg(tarpaulin_include)'] }
 toml = { version = "0.8", default-features = false, features = ["parse", "display", "preserve_order"] }
 
 [dependencies]
-rar-common = { path = "rar-common", version = "3.3.1", package = "rootasrole-core" }
+rar-common = { path = "rar-common", version = "3.3.2", package = "rootasrole-core" }
 log = { version = "0.4", default-features = false, features = ["std"] }
 libc = { version = "0.2", default-features = false, features = ["std"]}
 strum = { version = "0.26", default-features = false, features = ["derive"] }
@@ -87,6 +87,7 @@ bon = { version = "3", default-features = false }
 nonstick = { version = "0.1.1", optional = true }
 libpam-sys = { version = "0.2.0", default-features = false, optional = true }
 pcre2 = { version = "0.2", default-features = false, optional = true }
+glob = { version = "0.3", default-features = false, optional = true }
 sha2 = { version = "0.10", default-features = false, optional = true }
 pty-process = { version = "0.4", default-features = false, optional = true }
 once_cell = { version = "1.20", default-features = false, optional = true, features = ["std"] }
diff --git a/rar-common/Cargo.toml b/rar-common/Cargo.toml
index 3d9560e..5937ac4 100644
--- a/rar-common/Cargo.toml
+++ b/rar-common/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rootasrole-core"
-version = "3.3.1"
+version = "3.3.2"
 edition = "2021"
 description = "This core crate for the RootAsRole project."
 license = "LGPL-3.0-or-later"
diff --git a/resources/man/en_US.md b/resources/man/en_US.md
index b23bb28..5f18f2d 100644
--- a/resources/man/en_US.md
+++ b/resources/man/en_US.md
@@ -1,4 +1,4 @@
-% RootAsRole(8) RootAsRole 3.3.1 | System Manager's Manual
+% RootAsRole(8) RootAsRole 3.3.2 | System Manager's Manual
 % Eddie Billoir <lechatp@outlook.fr>
 % August 2025
 
diff --git a/resources/man/fr_FR.md b/resources/man/fr_FR.md
index faaf557..80a6e9c 100644
--- a/resources/man/fr_FR.md
+++ b/resources/man/fr_FR.md
@@ -1,4 +1,4 @@
-% RootAsRole(8) RootAsRole 3.3.1 | Manuel de l'administrateur système
+% RootAsRole(8) RootAsRole 3.3.2 | Manuel de l'administrateur système
 % Eddie Billoir <lechatp@outlook.fr>
 % Août 2025
 
diff --git a/src/sr/finder/api/landlock.rs b/src/sr/finder/api/landlock.rs
index 2d1774a..d9b3fe9 100644
--- a/src/sr/finder/api/landlock.rs
+++ b/src/sr/finder/api/landlock.rs
@@ -1,6 +1,7 @@
 use std::{collections::HashMap, path::PathBuf};
 
 use bitflags::bitflags;
+use glob::glob;
 use landlock::{
     Access, AccessFs, BitFlags, PathBeneath, PathFd, Ruleset, RulesetAttr, RulesetCreatedAttr, ABI,
 };
@@ -130,10 +131,25 @@ fn pre_exec(event: &mut ApiEvent) -> SrResult<()> {
 
             for (path, access) in whitelist.iter() {
                 let landlock_access = get_landlock_access(*access);
-                let path_fd = PathFd::new(path).map_err(|_| SrError::ConfigurationError)?;
-                ruleset = ruleset
-                    .add_rule(PathBeneath::new(path_fd, landlock_access))
-                    .map_err(|_| SrError::ConfigurationError)?;
+                match glob(&path.to_string_lossy()) {
+                    Ok(paths) => {
+                        for entry in paths {
+                            if let Ok(p) = entry {
+                                let path_fd =
+                                    PathFd::new(p).map_err(|_| SrError::ConfigurationError)?;
+                                ruleset = ruleset
+                                    .add_rule(PathBeneath::new(path_fd, landlock_access))
+                                    .map_err(|_| SrError::ConfigurationError)?;
+                            }
+                        }
+                    }
+                    Err(_) => {
+                        let path_fd = PathFd::new(path).map_err(|_| SrError::ConfigurationError)?;
+                        ruleset = ruleset
+                            .add_rule(PathBeneath::new(path_fd, landlock_access))
+                            .map_err(|_| SrError::ConfigurationError)?;
+                    }
+                }
             }
 
             ruleset
diff --git a/xtask/Cargo.toml b/xtask/Cargo.toml
index 0400f53..d68f66e 100644
--- a/xtask/Cargo.toml
+++ b/xtask/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "xtask"
 # The project version is managed on json file in resources/rootasrole.json
-version = "3.3.1"
+version = "3.3.2"
 edition = "2021"
 publish = false