From: "Günther Noack" <gnoack3000@gmail.com>
To: "Alejandro Colomar" <alx@kernel.org>, "Mickaël Salaün" <mic@digikod.net>
Cc: linux-man@vger.kernel.org, "Günther Noack" <gnoack3000@gmail.com>
Subject: [PATCH v4 1/2] man/man2/landlock_restrict_self.2: Document ABI requirement for logging flags
Date: Wed, 22 Apr 2026 21:23:29 +0200 [thread overview]
Message-ID: <20260422192330.7623-2-gnoack3000@gmail.com> (raw)
In-Reply-To: <20260422192330.7623-1-gnoack3000@gmail.com>
Missed this on the earlier commit; we should mention since which
Landlock version these flags are available. Users can correlate this
with the Landlock ABI version as it can be queried through
landlock_create_ruleset(2).
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
man/man2/landlock_restrict_self.2 | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/man2/landlock_restrict_self.2 b/man/man2/landlock_restrict_self.2
index c43b9cc4dd3e..3b8f897cff05 100644
--- a/man/man2/landlock_restrict_self.2
+++ b/man/man2/landlock_restrict_self.2
@@ -89,7 +89,7 @@ and
.B LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON
flags apply to the newly created Landlock domain.
.TP
-.B LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF
+.BR LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF " (since Landlock ABI version 7)"
Disables logging of denied accesses
originating from the thread creating the Landlock domain,
as well as its children,
@@ -105,7 +105,7 @@ Programs that only sandbox themselves should not set this flag,
so users can be notified of unauthorized access attempts
via system logs.
.TP
-.B LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON
+.BR LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON " (since Landlock ABI version 7)"
Enables logging of denied accesses after an
.BR execve (2)
call,
@@ -116,7 +116,7 @@ in the domain are expected to comply with the access restrictions,
as excessive audit log entries could make it more difficult
to identify critical events.
.TP
-.B LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
+.BR LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF " (since Landlock ABI version 7)"
Disables logging of denied accesses
originating from nested Landlock domains created by the caller
or its descendants.
--
2.53.0
next prev parent reply other threads:[~2026-04-22 19:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-22 19:23 [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8 Günther Noack
2026-04-22 19:23 ` Günther Noack [this message]
2026-04-22 19:23 ` [PATCH v4 2/2] man/man2/landlock_add_rule.2: mention ABI version for LANDLOCK_RULE_NET_PORT Günther Noack
2026-04-22 19:32 ` [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8 Alejandro Colomar
2026-05-04 13:03 ` Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260422192330.7623-2-gnoack3000@gmail.com \
--to=gnoack3000@gmail.com \
--cc=alx@kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=mic@digikod.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox