From 2d4fc4f27470931bb8af89d486c55c46504f54ea Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Wed, 31 Jan 2024 17:45:46 +0000
Subject: [PATCH] landlock-sandboxer: build against latest compatible linux

---
 pkgs/additional/landlock-sandboxer/default.nix | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/pkgs/additional/landlock-sandboxer/default.nix b/pkgs/additional/landlock-sandboxer/default.nix
index 5463aad5..5a651197 100644
--- a/pkgs/additional/landlock-sandboxer/default.nix
+++ b/pkgs/additional/landlock-sandboxer/default.nix
@@ -1,9 +1,14 @@
-# N.B.: landlock is a relatively new thing as of 2024/01;
-# `pkgs.linux` is kinda old.
-# may want to use `linux_latest`, here and everywhere, if you find landlock to be lacking.
+# N.B.: landlock is a relatively new thing as of 2024/01, and undergoing ABI revisions.
+# the ABI is versioned, and the sandboxer will work when run against either a newer or older kernel than it was built from,
+# but it will complain (stderr) if the kernel announces an ABI version greater than that which the sandboxer knows of.
+# so, build against the latest linux we can.
 { stdenv
-, linux
+, linuxKernel
 }:
+let
+  # linux = linuxKernel.kernels.linux_6_7;  # build fails
+  linux = linuxKernel.kernels.linux_6_6;
+in
 stdenv.mkDerivation rec {
   pname = "landlock-sandboxer";
   version = linux.version;