Re: [PATCH v3] landlock: Expand restrict flags example for ABI version 8

["Günther Noack" <gnoack3000@gmail.com>]

On Sat, Feb 28, 2026 at 10:36:59PM +0100, Panagiotis "Ivory" Vasilopoulos wrote:
> diff --git a/Documentation/userspace-api/landlock.rst b/Documentation/userspace-api/landlock.rst
> index 13134bccdd39d78ddce3daf454f32dda162ce91b..b71ac7aa308260b8141e5d35248fb68cec6dcba9 100644
> --- a/Documentation/userspace-api/landlock.rst
> +++ b/Documentation/userspace-api/landlock.rst
> @@ -196,13 +196,33 @@ similar backwards compatibility check is needed for the restrict flags
>  (see sys_landlock_restrict_self() documentation for available flags):
>  
>  .. code-block:: c
> -
> -    __u32 restrict_flags = LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON;
> -    if (abi < 7) {
> -        /* Clear logging flags unsupported before ABI 7. */
> +    __u32 restrict_flags =
> +        LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON |
> +        LANDLOCK_RESTRICT_SELF_TSYNC;
> +    switch (abi) {
> +    case 1 ... 6:
> +        /* Clear logging flags unsupported for ABI < 7 */
>          restrict_flags &= ~(LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF |
>                              LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON |
>                              LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF);
> +        __attribute__((fallthrough));
> +    case 7:
> +        /* Removes multithreaded enforcement flag unsupported for ABI < 8 */
> +        /*
> +         * WARNING!
> +         * Don't copy-paste this just yet! This example impacts enforcement
> +         * and can potentially decrease protection if misused.
> +         *
> +         * Below ABI v8, a Landlock policy can only be enforced for the calling
> +         * thread and its children. This behavior remains a default for ABI v8,
> +         * but the flag ``LANDLOCK_RESTRICT_SELF_TSYNC`` can now be used to
> +         * enforce policies across all threads of the calling process. If an
> +         * application's Landlock integration was designed under the assumption
> +         * that the flag is used (such as when children threads are responsible
> +         * for enforcing and/or overriding policies of parents and siblings),
> +         * removing said flag can decrease protection for older Linux versions.
> +         */
> +        restrict_flags &= ~LANDLOCK_RESTRICT_SELF_TSYNC;
>      }

Hello!

Sorry for nit-picking even further here;

* You have two immediately adjacent comments here which should be
  merged into one.
* It is enough to use a more terse warning here;
  would suggest something like:

/*
 * Removes multithreaded enforcement flag unsupported for ABI < 8.
 *
 * WARNING: Calling landlock_restrict_self(2) without this flag
 * is only equivalent if the calling process is single-threaded.
 */

Thanks,
–Günther