Re: [PATCH 2/3] landlock.7: Document Landlock ABI v2 (file reparenting; kernel 5.19)

Alex Colomar <alx.manpages@xxxxxxxxx> · Sat, 25 Feb 2023 02:10:22 +0100

Hi Branden,

On 2/23/23 09:48, Günther Noack wrote:
On Wed, Feb 22, 2023 at 08:36:37AM +0100, Mickaël Salaün wrote:
On 2023-02-21T21:50:22.000+01:00, Günther Noack wrote:
+The availability of individual Landlock features is versioned through
+ABI levels:
+.TS
+box;
+ntb| ntb| lbx
+nt| nt| lbx.
+ABI	Kernel	Newly introduced access rights
+_	_	_
+1	5.13	LANDLOCK_ACCESS_FS_EXECUTE
+\^	\^	LANDLOCK_ACCESS_FS_WRITE_FILE
+\^	\^	LANDLOCK_ACCESS_FS_READ_FILE
+\^	\^	LANDLOCK_ACCESS_FS_READ_DIR
+\^	\^	LANDLOCK_ACCESS_FS_REMOVE_DIR
+\^	\^	LANDLOCK_ACCESS_FS_REMOVE_FILE
+\^	\^	LANDLOCK_ACCESS_FS_MAKE_CHAR
+\^	\^	LANDLOCK_ACCESS_FS_MAKE_DIR
+\^	\^	LANDLOCK_ACCESS_FS_MAKE_REG
+\^	\^	LANDLOCK_ACCESS_FS_MAKE_SOCK
+\^	\^	LANDLOCK_ACCESS_FS_MAKE_FIFO
+\^	\^	LANDLOCK_ACCESS_FS_MAKE_BLOCK
+\^	\^	LANDLOCK_ACCESS_FS_MAKE_SYM
+_	_	_
+2	5.19	LANDLOCK_ACCESS_FS_REFER
+.TE
+.PP

A line break would be nice here.

Added. (Used .sp 1 for that, as it is already used in the
mount_namespaces.7, ip.7 and other man pages.)

This sounds weird, but they are right that there seems to be a missing 
blank line.  Could you explain why it's happening?  I'd expect the .PP 
to separate paragraphs with a blank, right?  I see:

       The  availability  of individual Landlock features is versioned
       through ABI levels:

       ┌────┬────────┬────────────────────────────────────────────────┐
       │ABI │ Kernel │ Newly introduced access rights                 │
       ├────┼────────┼────────────────────────────────────────────────┤
       │ 1  │  5.13  │ LANDLOCK_ACCESS_FS_EXECUTE                     │
       │    │        │ LANDLOCK_ACCESS_FS_WRITE_FILE                  │
       │    │        │ LANDLOCK_ACCESS_FS_READ_FILE                   │
       │    │        │ LANDLOCK_ACCESS_FS_READ_DIR                    │
       │    │        │ LANDLOCK_ACCESS_FS_REMOVE_DIR                  │
       │    │        │ LANDLOCK_ACCESS_FS_REMOVE_FILE                 │
       │    │        │ LANDLOCK_ACCESS_FS_MAKE_CHAR                   │
       │    │        │ LANDLOCK_ACCESS_FS_MAKE_DIR                    │
       │    │        │ LANDLOCK_ACCESS_FS_MAKE_REG                    │
       │    │        │ LANDLOCK_ACCESS_FS_MAKE_SOCK                   │
       │    │        │ LANDLOCK_ACCESS_FS_MAKE_FIFO                   │
       │    │        │ LANDLOCK_ACCESS_FS_MAKE_BLOCK                  │
       │    │        │ LANDLOCK_ACCESS_FS_MAKE_SYM                    │
       ├────┼────────┼────────────────────────────────────────────────┤
       │ 2  │  5.19  │ LANDLOCK_ACCESS_FS_REFER                       │
       └────┴────────┴────────────────────────────────────────────────┘
       To query the running kernel's Landlock ABI level, programs  may
       pass  the LANDLOCK_CREATE_RULESET_VERSION flag to landlock_cre‐
       ate_ruleset(2).

Cheers,

Alex

+To query the running kernel's Landlock ABI level, programs may pass

s/level/version/

Thanks, I'm removing the word "level" here.

--
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

Attachment:
OpenPGP_signature

Description: OpenPGP digital signature