* [PATCH v4 1/2] man/man2/landlock_restrict_self.2: Document ABI requirement for logging flags
2026-04-22 19:23 [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8 Günther Noack
@ 2026-04-22 19:23 ` Günther Noack
2026-04-22 19:23 ` [PATCH v4 2/2] man/man2/landlock_add_rule.2: mention ABI version for LANDLOCK_RULE_NET_PORT Günther Noack
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Günther Noack @ 2026-04-22 19:23 UTC (permalink / raw)
To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack
Missed this on the earlier commit; we should mention since which
Landlock version these flags are available. Users can correlate this
with the Landlock ABI version as it can be queried through
landlock_create_ruleset(2).
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
man/man2/landlock_restrict_self.2 | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/man2/landlock_restrict_self.2 b/man/man2/landlock_restrict_self.2
index c43b9cc4dd3e..3b8f897cff05 100644
--- a/man/man2/landlock_restrict_self.2
+++ b/man/man2/landlock_restrict_self.2
@@ -89,7 +89,7 @@ and
.B LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON
flags apply to the newly created Landlock domain.
.TP
-.B LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF
+.BR LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF " (since Landlock ABI version 7)"
Disables logging of denied accesses
originating from the thread creating the Landlock domain,
as well as its children,
@@ -105,7 +105,7 @@ Programs that only sandbox themselves should not set this flag,
so users can be notified of unauthorized access attempts
via system logs.
.TP
-.B LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON
+.BR LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON " (since Landlock ABI version 7)"
Enables logging of denied accesses after an
.BR execve (2)
call,
@@ -116,7 +116,7 @@ in the domain are expected to comply with the access restrictions,
as excessive audit log entries could make it more difficult
to identify critical events.
.TP
-.B LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
+.BR LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF " (since Landlock ABI version 7)"
Disables logging of denied accesses
originating from nested Landlock domains created by the caller
or its descendants.
--
2.53.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* [PATCH v4 2/2] man/man2/landlock_add_rule.2: mention ABI version for LANDLOCK_RULE_NET_PORT
2026-04-22 19:23 [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8 Günther Noack
2026-04-22 19:23 ` [PATCH v4 1/2] man/man2/landlock_restrict_self.2: Document ABI requirement for logging flags Günther Noack
@ 2026-04-22 19:23 ` Günther Noack
2026-04-22 19:32 ` [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8 Alejandro Colomar
2026-05-04 13:03 ` Alejandro Colomar
3 siblings, 0 replies; 5+ messages in thread
From: Günther Noack @ 2026-04-22 19:23 UTC (permalink / raw)
To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack
Add the ABI version in the place where LANDLOCK_RULE_NET_PORT is
described. For LANDLOCK_RULE_PATH_BENEATH, the ABI version is
implicit, it is supported since the start.
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
man/man2/landlock_add_rule.2 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/man2/landlock_add_rule.2 b/man/man2/landlock_add_rule.2
index 48d7d3b25c9e..fe01a98d99ea 100644
--- a/man/man2/landlock_add_rule.2
+++ b/man/man2/landlock_add_rule.2
@@ -80,7 +80,7 @@ flag,
which identifies the parent directory of the file hierarchy or
just a file.
.TP
-.B LANDLOCK_RULE_NET_PORT
+.BR LANDLOCK_RULE_NET_PORT " (since Landlock ABI version 4)"
For these rules,
the object is a TCP port,
and the related actions are defined with
--
2.53.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8
2026-04-22 19:23 [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8 Günther Noack
2026-04-22 19:23 ` [PATCH v4 1/2] man/man2/landlock_restrict_self.2: Document ABI requirement for logging flags Günther Noack
2026-04-22 19:23 ` [PATCH v4 2/2] man/man2/landlock_add_rule.2: mention ABI version for LANDLOCK_RULE_NET_PORT Günther Noack
@ 2026-04-22 19:32 ` Alejandro Colomar
2026-05-04 13:03 ` Alejandro Colomar
3 siblings, 0 replies; 5+ messages in thread
From: Alejandro Colomar @ 2026-04-22 19:32 UTC (permalink / raw)
To: Günther Noack; +Cc: Mickaël Salaün, linux-man
[-- Attachment #1: Type: text/plain, Size: 2375 bytes --]
On 2026-04-22T21:23:28+0200, Günther Noack wrote:
> Hello!
Hello!
> Thanks for the review! Here's the fourth round of the patch set, this
> time just adding the missing ABI version information. Added another
> small patch in the same style for the adjacent Landlock man page where
> it applies. (The third Landlock manpage, landlock_create_ruleset.2,
> doesn't need it because one flag is available since the start and the
> errata flag is available where needed and backported everywhere, as
> previously discussed.)
Thanks!
> Kept the cover letter title as is, to reduce confusion (but the part
> where Landlock ABI v8 gets described is already submitted).
You may want to use --in-reply-to instead, so that all revisions are
subthreads of the same thread (v1). But thanks!
>
> –Günther
>
> P.S.: I have a half-finished commit for the upcoming Linux 7.1 release
> as well; I can send this one soon, I assume it's OK to send these
> slightly before the release, given that the code is already on Linux
> master?
Yup, that's fine.
Have a lovely night!
Alex
>
>
> Change Log
> ==========
>
> v4:
> - mention ABI versions for flags next to the tagged paragraph title
> where they are described
> - 1/2: do that in landlock_restrict_self.2 (based on v3's patch 4)
> - 2/2: do that in landlock_add_rule.2 as well
> - earlier patches 1,2,3 from v3 were already merged
>
> v3:
> - split the size/attr clarifications from the "errata" patch into a
> separate commit
> - earlier patch from v2 about the "scoped" EINVAL error was already
> merged
>
> v2:
> - landlock_create_ruleset.2: added a tiny patch to add a missing
> mention of "scoped" in the errors list.
> - landlock_create_ruleset.2: various reformulations for errata
> - earlier patch from v1 about the default ABI version assumption was
> already merged (thanks!)
>
> Günther Noack (2):
> man/man2/landlock_restrict_self.2: Document ABI requirement for
> logging flags
> man/man2/landlock_add_rule.2: mention ABI version for
> LANDLOCK_RULE_NET_PORT
>
> man/man2/landlock_add_rule.2 | 2 +-
> man/man2/landlock_restrict_self.2 | 6 +++---
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> --
> 2.53.0
>
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8
2026-04-22 19:23 [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8 Günther Noack
` (2 preceding siblings ...)
2026-04-22 19:32 ` [PATCH v4 0/2] Update Landlock docs to Landlock ABI v8 Alejandro Colomar
@ 2026-05-04 13:03 ` Alejandro Colomar
3 siblings, 0 replies; 5+ messages in thread
From: Alejandro Colomar @ 2026-05-04 13:03 UTC (permalink / raw)
To: Günther Noack; +Cc: Mickaël Salaün, linux-man
[-- Attachment #1: Type: text/plain, Size: 2287 bytes --]
Hi Günther!
On 2026-04-22T21:23:28+0200, Günther Noack wrote:
> Hello!
>
> Thanks for the review! Here's the fourth round of the patch set, this
> time just adding the missing ABI version information. Added another
> small patch in the same style for the adjacent Landlock man page where
> it applies. (The third Landlock manpage, landlock_create_ruleset.2,
> doesn't need it because one flag is available since the start and the
> errata flag is available where needed and backported everywhere, as
> previously discussed.)
>
> Kept the cover letter title as is, to reduce confusion (but the part
> where Landlock ABI v8 gets described is already submitted).
>
> –Günther
I've applied the both patches of the patch set. Thanks!
Have a lovely day!
Alex
>
> P.S.: I have a half-finished commit for the upcoming Linux 7.1 release
> as well; I can send this one soon, I assume it's OK to send these
> slightly before the release, given that the code is already on Linux
> master?
>
>
> Change Log
> ==========
>
> v4:
> - mention ABI versions for flags next to the tagged paragraph title
> where they are described
> - 1/2: do that in landlock_restrict_self.2 (based on v3's patch 4)
> - 2/2: do that in landlock_add_rule.2 as well
> - earlier patches 1,2,3 from v3 were already merged
>
> v3:
> - split the size/attr clarifications from the "errata" patch into a
> separate commit
> - earlier patch from v2 about the "scoped" EINVAL error was already
> merged
>
> v2:
> - landlock_create_ruleset.2: added a tiny patch to add a missing
> mention of "scoped" in the errors list.
> - landlock_create_ruleset.2: various reformulations for errata
> - earlier patch from v1 about the default ABI version assumption was
> already merged (thanks!)
>
> Günther Noack (2):
> man/man2/landlock_restrict_self.2: Document ABI requirement for
> logging flags
> man/man2/landlock_add_rule.2: mention ABI version for
> LANDLOCK_RULE_NET_PORT
>
> man/man2/landlock_add_rule.2 | 2 +-
> man/man2/landlock_restrict_self.2 | 6 +++---
> 2 files changed, 4 insertions(+), 4 deletions(-)
>
> --
> 2.53.0
>
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread