This brings it up to date with the wording in the kernel documentation. Cc: Mickaël Salaün <mic@xxxxxxxxxxx> Cc: Tahera Fahimi <fahimitahera@xxxxxxxxx> Cc: Tanya Agarwal <tanyaagarwal25699@xxxxxxxxx> Signed-off-by: Günther Noack <gnoack@xxxxxxxxxx> --- man/man7/landlock.7 | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/man/man7/landlock.7 b/man/man7/landlock.7 index c6b7272ea..11f76b072 100644 --- a/man/man7/landlock.7 +++ b/man/man7/landlock.7 @@ -39,13 +39,25 @@ the running kernel must support Landlock and it must be enabled at boot time. .\" .SS Landlock rules -A Landlock rule describes an action on an object. -An object is currently a file hierarchy, -and the related filesystem actions are defined with access rights (see -.BR landlock_add_rule (2)). +A Landlock rule describes an action on an object +which the process intends to perform. A set of rules is aggregated in a ruleset, which can then restrict the thread enforcing it, and its future children. +.P +The two existing types of rules are: +.P +.TP +.B Filesystem rules +For these rules, the object is a file hierarchy, +and the related filesystem actions are defined with +.IR "filesystem access rights" . +.TP +.B Network rules (since ABI v4) +For these rules, the object is a TCP port, +and the related actions are defined with +.IR "network access rights" . +.BR landlock_add_rule (2)). .\" .SS Filesystem actions These flags enable to restrict a sandboxed process to a -- 2.48.1.262.g85cc9f2d1e-goog
