OK, so if that makes the sample code simpler, I guess we can assume (and
note) that this if for a kernel >= 5.19, hence force the use of
LANDLOCK_ACCESS_FS_REFER (e.g. the app needs to rename files in a
temporary directory), and only handle the LANDLOCK_ACCESS_FS_TRUNCATE
right as optional.
On 16/03/2023 14:33, Alejandro Colomar wrote:
Hi Günther, Mickaël,
On 3/16/23 07:54, Günther Noack wrote:
Alejandro, what are your thoughts?
It all depends on how much complexity increases. If it's not much, we
can keep everything. You can send the complete example, and then if
it's too much we can cut pieces of it.
(Happy Birthday, btw :))
:)
(My personal stance is: I'm concerned that the man page example might
become too long if we try to add the "best effort" fallback to it, so
I would slightly prefer to explain the fallback logic outside, but
could be convinced otherwise. I see the point that people might
cut&paste the example from the man page and miss the longer
explanation in a different place.
I have attempted to explain the "best effort" fallback on my weblog
starting from a blank slate, and ended up with the explanation at
https://blog.gnoack.org/post/landlock-best-effort/. I believe that
most users can use a simpler "best effort" fallback logic when doing
this case analysis, but the explanation is probably too long for the
man page.)
Another alternative would be to make the example assume Landlock v2
(Linux 5.19). In that case, the fallback logic would be simpler and
the case analysis from the weblog entry collapse into a single case,
but the example would fall back to not using Landlock on Linux 5.13 to
5.18 (including the long-term release 5.15), which is also not nice.)
Debian Bullseye (stable) has 6.0.12 in bullseye-backports. Maybe it's
not crazy to assume >=5.19. No Debian release has anything in the
range [5.13, 5.18] (non-backports Bullseye has 5.10).
–-Günther
Cheers,
Alex
