Re: [PATCH v4 3/3] landlock.7: Give a pointer to how to implement a fallback mechanism

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Günther, Mickaël,

On 3/16/23 07:54, Günther Noack wrote:
> Alejandro, what are your thoughts?

It all depends on how much complexity increases.  If it's not much, we
can keep everything.  You can send the complete example, and then if
it's too much we can cut pieces of it.

>  (Happy Birthday, btw :))

:)

> 
> 
> (My personal stance is: I'm concerned that the man page example might
> become too long if we try to add the "best effort" fallback to it, so
> I would slightly prefer to explain the fallback logic outside, but
> could be convinced otherwise.  I see the point that people might
> cut&paste the example from the man page and miss the longer
> explanation in a different place.
> 
> I have attempted to explain the "best effort" fallback on my weblog
> starting from a blank slate, and ended up with the explanation at
> https://blog.gnoack.org/post/landlock-best-effort/.  I believe that
> most users can use a simpler "best effort" fallback logic when doing
> this case analysis, but the explanation is probably too long for the
> man page.)
> 
> Another alternative would be to make the example assume Landlock v2
> (Linux 5.19). In that case, the fallback logic would be simpler and
> the case analysis from the weblog entry collapse into a single case,
> but the example would fall back to not using Landlock on Linux 5.13 to
> 5.18 (including the long-term release 5.15), which is also not nice.)

Debian Bullseye (stable) has 6.0.12 in bullseye-backports.  Maybe it's
not crazy to assume >=5.19.  No Debian release has anything in the
range [5.13, 5.18] (non-backports Bullseye has 5.10).

> 
> –-Günther

Cheers,

Alex

-- 
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux