Commit Briefs
portable: add support for landlock
landlock is a new set of linux APIs that is conceptually similar to unveil(2): the idea is to restrict what a process can do on a specified part of the filesystem. There are some differences in the behaviour: the major one being that the landlock ruleset is inherited across execve(2). This just restricts the libexec helpers by completely revoking ANY filesystem access; after all they are the biggest attack surface. got send/fetch/clone *may* end up spawning ssh(1), so at the moment is not possible to landlock the main process. From Omar Polo.
portable: add FreeBSD support
This adds the capability to compile got-portable on FreeBSD.
portable: initial Linux compilation
This commit modifies the GoT main branch to be able to compile it under linux.
Stop including <sys/syslimits.h> directly.
POSIX says the limits defined there are available from <limits.h>, which almost all affected source files already included anyway. ok millert stsp
got_error_from_errno -> got_error_prefix_errno
also add got_error_prefix_errno2 and got_error_prefix_errno3 which should hopefully all be merged into a single function with variadic args (but can't alloc mem)