* Various wording fixes
* List the same error code multiple times,
if it can happen for multiple reasons.
Cc: Mickaël Salaün <mic@xxxxxxxxxxx>
Signed-off-by: Günther Noack <gnoack@xxxxxxxxxx>
---
man/man2/landlock_add_rule.2 | 9 +++++++--
man/man2/landlock_create_ruleset.2 | 6 +++---
man/man2/landlock_restrict_self.2 | 11 ++++++-----
man/man7/landlock.7 | 6 ++++--
4 files changed, 20 insertions(+), 12 deletions(-)
diff --git a/man/man2/landlock_add_rule.2 b/man/man2/landlock_add_rule.2
index d4ae8f2f6..fa0b1f109 100644
--- a/man/man2/landlock_add_rule.2
+++ b/man/man2/landlock_add_rule.2
@@ -60,7 +60,9 @@ struct landlock_path_beneath_attr {
.in
.IP
.I allowed_access
-contains a bitmask of allowed filesystem actions for this file hierarchy
+contains a bitmask of allowed filesystem actions,
+which can be applied on the given
+.I parent_fd
(see
.B Filesystem actions
in
@@ -92,7 +94,10 @@ Landlock is supported by the kernel but disabled at boot time.
.TP
.B EINVAL
.I flags
-is not 0, or the rule accesses are inconsistent (i.e.,
+is not 0.
+.TP
+.B EINVAL
+The rule accesses are inconsistent (i.e.,
.I rule_attr\->allowed_access
is not a subset of the ruleset handled accesses).
.TP
diff --git a/man/man2/landlock_create_ruleset.2 b/man/man2/landlock_create_ruleset.2
index 618d54f37..871b91dcb 100644
--- a/man/man2/landlock_create_ruleset.2
+++ b/man/man2/landlock_create_ruleset.2
@@ -23,7 +23,8 @@ Standard C library
A Landlock ruleset identifies a set of rules (i.e., actions on objects).
This
.BR landlock_create_ruleset ()
-system call enables creating a new file descriptor identifying a ruleset.
+system call creates a new file descriptor
+which identifies a ruleset.
This file descriptor can then be used by
.BR landlock_add_rule (2)
and
@@ -45,8 +46,7 @@ struct landlock_ruleset_attr {
.in
.IP
.I handled_access_fs
-is a bitmask of actions that is handled by this ruleset and
-should then be forbidden if no rule explicitly allows them
+is a bitmask of handled filesystem actions
(see
.B Filesystem actions
in
diff --git a/man/man2/landlock_restrict_self.2 b/man/man2/landlock_restrict_self.2
index d4e5e753c..f044c6b31 100644
--- a/man/man2/landlock_restrict_self.2
+++ b/man/man2/landlock_restrict_self.2
@@ -20,7 +20,7 @@ Standard C library
.SH DESCRIPTION
Once a Landlock ruleset is populated with the desired rules, the
.BR landlock_restrict_self ()
-system call enables enforcing this ruleset on the calling thread.
+system call enforces this ruleset on the calling thread.
See
.BR landlock (7)
for a global overview.
@@ -38,10 +38,11 @@ with multiple independent rulesets coming from different sources
built-in application policy).
However, most applications should only need one call to
.BR landlock_restrict_self ()
-and they should avoid arbitrary numbers of such calls because of the
-composed rulesets limit.
-Instead, developers are encouraged to build a tailored ruleset thanks to
-multiple calls to
+and they should avoid arbitrary numbers of such calls
+because of the composed rulesets limit.
+Instead,
+developers are encouraged to build a single tailored ruleset
+with multiple calls to
.BR landlock_add_rule (2).
.P
In order to enforce a ruleset, either the caller must have the
diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
index 4a98f6549..f7bb37cba 100644
--- a/man/man7/landlock.7
+++ b/man/man7/landlock.7
@@ -58,7 +58,7 @@ and
.BR landlock_create_ruleset (2)
for more context.
.P
-A file can only receive these access rights:
+The following access rights apply only to files:
.TP
.B LANDLOCK_ACCESS_FS_EXECUTE
Execute a file.
@@ -87,6 +87,9 @@ or
.BR open (2)
with
.BR O_TRUNC .
+.IP
+This access right is available since the third version of the Landlock ABI.
+.P
Whether an opened file can be truncated with
.BR ftruncate (2)
is determined during
@@ -97,7 +100,6 @@ using
.B LANDLOCK_ACCESS_FS_READ_FILE
and
.BR LANDLOCK_ACCESS_FS_WRITE_FILE .
-This access right is available since the third version of the Landlock ABI.
.P
A directory can receive access rights related to files or directories.
The following access right is applied to the directory itself,
--
2.45.2.993.g49e7a77208-goog
