From: "Günther Noack" <gnoack3000@gmail.com>
To: "Alejandro Colomar" <alx@kernel.org>, "Mickaël Salaün" <mic@digikod.net>
Cc: linux-man@vger.kernel.org, "Günther Noack" <gnoack3000@gmail.com>
Subject: [PATCH v4 1/2] man/man2/landlock_restrict_self.2: Document ABI requirement for logging flags
Date: Wed, 22 Apr 2026 21:23:29 +0200 [thread overview]
Message-ID: <20260422192330.7623-2-gnoack3000@gmail.com> (raw)
In-Reply-To: <20260422192330.7623-1-gnoack3000@gmail.com>
Missed this on the earlier commit; we should mention since which
Landlock version these flags are available. Users can correlate this
with the Landlock ABI version as it can be queried through
landlock_create_ruleset(2).
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
man/man2/landlock_restrict_self.2 | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/man2/landlock_restrict_self.2 b/man/man2/landlock_restrict_self.2
index c43b9cc4dd3e..3b8f897cff05 100644
--- a/man/man2/landlock_restrict_self.2
+++ b/man/man2/landlock_restrict_self.2
@@ -89,7 +89,7 @@ and
.B LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON
flags apply to the newly created Landlock domain.
.TP
-.B LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF
+.BR LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF " (since Landlock ABI version 7)"
Disables logging of denied accesses
originating from the thread creating the Landlock domain,
as well as its children,
@@ -105,7 +105,7 @@ Programs that only sandbox themselves should not set this flag,
so users can be notified of unauthorized access attempts
via system logs.
.TP
-.B LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON
+.BR LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON " (since Landlock ABI version 7)"
Enables logging of denied accesses after an
.BR execve (2)
call,
@@ -116,7 +116,7 @@ in the domain are expected to comply with the access restrictions,
as excessive audit log entries could make it more difficult
to identify critical events.
.TP
-.B LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
+.BR LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF " (since Landlock ABI version 7)"
Disables logging of denied accesses
originating from nested Landlock domains created by the caller
or its descendants.
--
2.53.0
next prev parent reply other threads:[~2026-04-22 19:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-22 19:23 [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8 Günther Noack
2026-04-22 19:23 ` Günther Noack [this message]
2026-04-22 19:23 ` [PATCH v4 2/2] man/man2/landlock_add_rule.2: mention ABI version for LANDLOCK_RULE_NET_PORT Günther Noack
2026-04-22 19:32 ` [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8 Alejandro Colomar
2026-05-04 13:03 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260422192330.7623-2-gnoack3000@gmail.com \
--to=gnoack3000@gmail.com \
--cc=alx@kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=mic@digikod.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.