Re: [PATCH v3 1/2] landlock.7, landlock_*.2: Document Landlock ABI version 4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Konstantin!

On Tue, Aug 06, 2024 at 01:34:01PM +0300, Konstantin Meskhidze (A) wrote:
> 8/6/2024 1:19 PM, Alejandro Colomar пишет:
> > On Tue, Aug 06, 2024 at 11:38:57AM GMT, Konstantin Meskhidze (A) wrote:
> > > 7/23/2024 1:19 PM, Günther Noack пишет:
> > > > Landlock ABI 4 restricts bind(2) and connect(2) on TCP port numbers.
> > > > > The intent is to bring the man pages mostly in line with the
> > > kernel
> > > > documentation again.  I intentionally did not add networking support to the
> > > > usage example in landlock.7 - I feel that in the long run, we would be better
> > > > advised to maintain longer example code in the kernel samples.
> > > > > Closes: <https://github.com/landlock-lsm/linux/issues/32>
> > > > Cc: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
> > > > Reviewed-by: Mickaël Salaün <mic@xxxxxxxxxxx>
> > > > Signed-off-by: Günther Noack <gnoack@xxxxxxxxxx>

> > > > @@ -439,9 +455,10 @@ and only use the available subset of access rights:
> > > >    * numbers hardcoded to keep the example short.
> > > >    */
> > > >   __u64 landlock_fs_access_rights[] = {
> > > > -    (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1,  /* v1                 */
> > > > -    (LANDLOCK_ACCESS_FS_REFER    << 1) \- 1,  /* v2: add "refer"    */
> > > > -    (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1,  /* v3: add "truncate" */
> > > > +    (LANDLOCK_ACCESS_FS_MAKE_SYM  << 1) \- 1,  /* v1                  */
> > > > +    (LANDLOCK_ACCESS_FS_REFER     << 1) \- 1,  /* v2: add "refer"     */
> > > > +    (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v3: add "truncate"  */
> > > > +    (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v4: TCP support     */   Double "LANDLOCK_ACCESS_FS_TRUNCATE  << 1", I think its a mistype here.
> Double "LANDLOCK_ACCESS_FS_TRUNCATE  << 1", I think its a mistype here or
> its ok??

No, this is intentionally the same as on the previous line.

This table is part of the example code in the landlock(7) man page.  As I
mentioned in the commit message, the example code is (intentionally) still only
using Landlock's file system features, not the network access rights.

The table lists the file system(!) access rights which are available at
different Landlock ABI versions, but those did not change between v3 and v4.

—Günther
[Index of Archives]     [Kernel Documentation]     [Netdev]     [Linux Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux