Linus Torvalds released Linux 6.2 yesterday, and this kernel release
supports restricting the `truncate(2)` and `ftruncate(2)` operations
with Landlock. (The [kernel patch
set](https://lore.kernel.org/all/20221018182216.301684-1-gnoack3000@gmail.com/)
has more information and discussion.)

You can try this out today with the
[go-landlock](https://github.com/landlock-lsm/go-landlock) library,
which already supports this feature. To forbid file truncation when
using `go-landlock`, update your `RestrictPaths()` invocation to use
Landlock version 3 as follows:

```
err := landlock.V3.BestEffort().RestrictPaths(
    landlock.RODirs("/usr", "/bin"),
    landlock.RWDirs("/tmp"),
)
```

Most existing users will only need to exchange `V2` for `V3`. When
using `landlock.V3` this way, file truncation is forbidden by default.

The `RWFiles()` and `RWDirs()` helpers grant the truncation right when
used on a file or directory. (It comes hand in hand with the right to
open files for writing.)