Hi Günther, Mickaël, On 3/16/23 07:54, Günther Noack wrote: > Alejandro, what are your thoughts? It all depends on how much complexity increases. If it's not much, we can keep everything. You can send the complete example, and then if it's too much we can cut pieces of it. > (Happy Birthday, btw :)) :) > > > (My personal stance is: I'm concerned that the man page example might > become too long if we try to add the "best effort" fallback to it, so > I would slightly prefer to explain the fallback logic outside, but > could be convinced otherwise. I see the point that people might > cut&paste the example from the man page and miss the longer > explanation in a different place. > > I have attempted to explain the "best effort" fallback on my weblog > starting from a blank slate, and ended up with the explanation at > https://blog.gnoack.org/post/landlock-best-effort/. I believe that > most users can use a simpler "best effort" fallback logic when doing > this case analysis, but the explanation is probably too long for the > man page.) > > Another alternative would be to make the example assume Landlock v2 > (Linux 5.19). In that case, the fallback logic would be simpler and > the case analysis from the weblog entry collapse into a single case, > but the example would fall back to not using Landlock on Linux 5.13 to > 5.18 (including the long-term release 5.15), which is also not nice.) Debian Bullseye (stable) has 6.0.12 in bullseye-backports. Maybe it's not crazy to assume >=5.19. No Debian release has anything in the range [5.13, 5.18] (non-backports Bullseye has 5.10). > > –-Günther Cheers, Alex -- <http://www.alejandro-colomar.es/> GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
