Re: [PATCH 2/4] man/man[27]/{landlock_create_ruleset.2,landlock.7}: Document LANDLOCK_CREATE_RULESET_ERRATA

["Günther Noack" <gnoack3000@gmail.com>]

Hello Alejandro,

On Sun, Apr 19, 2026 at 10:11:55PM +0200, Alejandro Colomar wrote:
> On 2026-04-13T21:34:46+0200, Günther Noack wrote:
> > Document the LANDLOCK_CREATE_RULESET_ERRATA flag, which returns a
> > bitmask of fixed issues for the current Landlock ABI version.
> > 
> > This mechanism was introduced in Linux 6.15, but backported to all
> > older kernel releases where these errata fixes were backported to.
> > On official Linux kernel releases, if landlock_create_ruleset() with
> > LANDLOCK_CREATE_RULESET_ERRATA returns an error, this is equivalent to
> > the case where none of the known errata have been fixed.
> > 
> > Signed-off-by: Günther Noack <gnoack3000@gmail.com>
> > ---
> >  man/man2/landlock_create_ruleset.2 | 25 ++++++++++++++++++++++++-
> >  1 file changed, 24 insertions(+), 1 deletion(-)
> > 
> > diff --git a/man/man2/landlock_create_ruleset.2 b/man/man2/landlock_create_ruleset.2
> > index 7bca831cbd65..90d0341d2682 100644
> > --- a/man/man2/landlock_create_ruleset.2
> > +++ b/man/man2/landlock_create_ruleset.2
> > @@ -129,11 +129,34 @@ version.
> >  Unless noted otherwise,
> >  all features documented in these man pages are available with the
> >  version 1.
> > +.TP
> > +.B LANDLOCK_CREATE_RULESET_ERRATA
> > +If
> > +.I attr
> > +is NULL and
> > +.I size
> > +is 0,
> 
> You don't say what happens otherwise.  Is it an error?  If so, you
> should say so; or rather, specify that they must be NULL and 0, instead
> of having a condition.

Yes, good point that the explanation is a bit incomplete.

The "If attr is NULL and size is 0, ..." formulation is found in the
man pages only and I copied it from LANDLOCK_CREATE_RULESET_VERSION
which started the same way.  Let me switch to a slightly clearer
format where the docs for LANDLOCK_CREATE_RULESET_VERSION and
LANDLOCK_CREATE_RULESET_ERRATA just explain what is returned and I
explain below these two tagged paragraphs that they both require
attr=NULL and size=0.  I'll use the same formulation as in the kernel
docs [1]:

    If LANDLOCK_CREATE_RULESET_VERSION or
    LANDLOCK_CREATE_RULESET_ERRATA is set, then attr must be NULL and
    size must be 0.

(Done.)

> > then the returned value is a bitmask of fixed issues
> > +for the current Landlock ABI version.
> > +If bit N is set (i.e.,
> > +.IR "errata & (1 << (N - 1))" ),
> > +then erratum N has been fixed in the running kernel.
> 
> Are those bits documented anywhere?

Yes, in https://docs.kernel.org/userspace-api/landlock.html#landlock-errata.

It feels a bit awkward to copy these explanations into the manpage, as
they are lengthy, and because they are errata, any user interested in
them should ideally consult the most up to date version in the kernel
docs.  I'll add a link to it.

> > +.IP
> > +In addition to ABI versions, Landlock's errata mechanism tracks fixes
> 
> Please use semantic newlines.
> 
> > +for issues that may affect backwards compatibility
> > +or require userspace awareness.
> 
> I'd reflow the above as:
> 
> 	In addition to ABI versions,
> 	Landlock's errata mechanism
> 	tracks fixes for issues that
> 	may affect backwards compatibility
> 	or require user-space awareness.

Done.


> > +.IP
> > +Only check errata if your application specifically relies on behavior
> > +that changed due to the fix.
> 
> > +The fixes generally make Landlock less restrictive or more correct,
> > +not more restrictive.
> 
> This sentence seems inconsistent.  Is more correct the same as less
> restrictive?  Otherwise, more correct could imply more restrictive in
> some cases.  If more correct *always* means less restrictive, it should
> be parenthesized.  If it doesn't, then I'm not convinced by the
> sentence.

I copied the sentence from
https://docs.kernel.org/userspace-api/landlock.html#landlock-errata

For Landlock, ABI backwards compatibility means two things:

* Existing programs keep working (that means that the interpretation
  of the enforced Landlock policies can not get stricter)
* When a process enforces a policy, the policy still needs to enforce
  what the policy meant to enforce.

I can see that the phrasing of this sentence is a bit confusing. Let
me drop it.

> 
> > +.IP
> > +This flag is available on Linux versions where errata were fixed.
> 
> Is it possible that future Linux versions don't have any errata that
> were fixed?  If so, does this mean that it won't be available then?

No, the errata numbers are stable over time and have to accumulate, as
they too are part of the ABI.  When we have an erratum, it has
generally been backported to all stable releases where it applied.  As
we have had erratums that went all the way back to the oldest
Landlock-enabled stable release, all Landlock-enabled kernels in their
latest bugfix versions have this flag and will return some subset of
the existing errata.

I added a short sentence to explain that this can be expected in all
newer stable kernel bugfix releases where Landlock is supported.

I'll send a V2.

Thanks for the review!
–Günther


[1] https://docs.kernel.org/userspace-api/landlock.html#c.sys_landlock_create_ruleset