From: Alyssa Ross <hi@alyssa.is>
To: "Günther Noack" <gnoack3000@gmail.com>,
"Mickaël Salaün" <mic@digikod.net>,
"John Johansen" <john.johansen@canonical.com>
Cc: "Günther Noack" <gnoack3000@gmail.com>,
linux-security-module@vger.kernel.org,
"Tingmao Wang" <m@maowtm.org>,
"Justin Suess" <utilityemal77@gmail.com>,
"Samasth Norway Ananda" <samasth.norway.ananda@oracle.com>,
"Matthieu Buffet" <matthieu@buffet.re>,
"Mikhail Ivanov" <ivanov.mikhail1@huawei-partners.com>,
konstantin.meskhidze@huawei.com,
"Demi Marie Obenour" <demiobenour@gmail.com>,
"Jann Horn" <jannh@google.com>,
"Tahera Fahimi" <fahimitahera@gmail.com>
Subject: Re: [PATCH v5 9/9] landlock: Document design rationale for scoped access rights
Date: Sun, 15 Feb 2026 19:09:27 +0100 [thread overview]
Message-ID: <87fr71ube0.fsf@alyssa.is> (raw)
In-Reply-To: <20260215105158.28132-10-gnoack3000@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 550 bytes --]
Günther Noack <gnoack3000@gmail.com> writes:
> Document the (possible future) interaction between scoped flags and
> other access rights in struct landlock_ruleset_attr, and summarize the
> rationale, as discussed in code review leading up to [1].
>
> Link[1]: https://lore.kernel.org/all/20260205.8531e4005118@gnoack.org/
> Signed-off-by: Günther Noack <gnoack3000@gmail.com>
> ---
> Documentation/security/landlock.rst | 38 +++++++++++++++++++++++++++++
> 1 file changed, 38 insertions(+)
Reviewed-by: Alyssa Ross <hi@alyssa.is>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
prev parent reply other threads:[~2026-02-15 19:16 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-15 10:51 [PATCH v5 0/9] landlock: UNIX connect() control by pathname and scope Günther Noack
2026-02-15 10:51 ` [PATCH v5 1/9] lsm: Add LSM hook security_unix_find Günther Noack
2026-02-18 9:36 ` Mickaël Salaün
2026-02-19 13:26 ` Justin Suess
2026-02-19 20:04 ` [PATCH v6] " Justin Suess
2026-02-19 20:26 ` Günther Noack
2026-03-10 22:39 ` Paul Moore
2026-03-11 12:34 ` Justin Suess
2026-03-11 16:08 ` Paul Moore
2026-03-12 11:57 ` Günther Noack
2026-02-20 15:49 ` Günther Noack
2026-02-21 13:22 ` Justin Suess
2026-02-23 16:09 ` Mickaël Salaün
2026-02-15 10:51 ` [PATCH v5 2/9] landlock: Control pathname UNIX domain socket resolution by path Günther Noack
2026-02-18 9:37 ` Mickaël Salaün
2026-02-19 9:45 ` Mickaël Salaün
2026-02-19 13:59 ` Günther Noack
2026-03-08 9:09 ` Mickaël Salaün
2026-03-08 11:50 ` Mickaël Salaün
2026-03-14 23:15 ` Günther Noack
2026-03-17 21:14 ` Mickaël Salaün
2026-02-20 14:33 ` Günther Noack
2026-03-08 9:18 ` Mickaël Salaün
2026-03-10 15:19 ` Sebastian Andrzej Siewior
2026-03-11 4:46 ` Kuniyuki Iwashima
2026-03-08 9:09 ` Mickaël Salaün
2026-03-15 20:58 ` Günther Noack
2026-02-15 10:51 ` [PATCH v5 3/9] samples/landlock: Add support for named UNIX domain socket restrictions Günther Noack
2026-02-18 9:37 ` Mickaël Salaün
2026-02-20 16:08 ` Günther Noack
2026-02-15 10:51 ` [PATCH v5 4/9] landlock/selftests: Test LANDLOCK_ACCESS_FS_RESOLVE_UNIX Günther Noack
2026-02-18 19:11 ` Mickaël Salaün
2026-02-20 16:27 ` Günther Noack
2026-02-20 17:04 ` Günther Noack
2026-02-15 10:51 ` [PATCH v5 5/9] landlock/selftests: Audit test for LANDLOCK_ACCESS_FS_RESOLVE_UNIX Günther Noack
2026-02-15 10:51 ` [PATCH v5 6/9] landlock/selftests: Check that coredump sockets stay unrestricted Günther Noack
2026-02-18 20:05 ` Mickaël Salaün
2026-02-15 10:51 ` [PATCH v5 7/9] landlock/selftests: fs_test: Simplify ruleset creation and enforcement Günther Noack
2026-02-15 10:51 ` [PATCH v5 8/9] landlock: Document FS access right for pathname UNIX sockets Günther Noack
2026-02-18 9:39 ` Mickaël Salaün
2026-03-14 21:16 ` Günther Noack
2026-02-15 10:51 ` [PATCH v5 9/9] landlock: Document design rationale for scoped access rights Günther Noack
2026-02-15 18:09 ` Alyssa Ross [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fr71ube0.fsf@alyssa.is \
--to=hi@alyssa.is \
--cc=demiobenour@gmail.com \
--cc=fahimitahera@gmail.com \
--cc=gnoack3000@gmail.com \
--cc=ivanov.mikhail1@huawei-partners.com \
--cc=jannh@google.com \
--cc=john.johansen@canonical.com \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-security-module@vger.kernel.org \
--cc=m@maowtm.org \
--cc=matthieu@buffet.re \
--cc=mic@digikod.net \
--cc=samasth.norway.ananda@oracle.com \
--cc=utilityemal77@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.