* Re: [PATCH v1] man/man3/dlopen.3: EXAMPLES: Simplify use of dlsym(3)
From: Bruno Haible @ 2026-05-15 16:19 UTC (permalink / raw)
To: linux-man, Alejandro Colomar; +Cc: Martin Uecker, Walter Harms
In-Reply-To: <508bb4972e4846eab32f11e924aec8e1c9132515.1778859636.git.alx@kernel.org>
The patch looks good to me. Thanks for removing the misleading comment!
Bruno
^ permalink raw reply
* [PATCH v2 0/3] Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX
From: Günther Noack @ 2026-05-15 16:57 UTC (permalink / raw)
To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack
Thanks for the review!
This documents the LANDLOCK_ACCESS_FS_RESOLVE_UNIX feature,
introduced in the upcoming Linux 7.1 (Landlock ABI v9).
I applied the suggestions unmodified in most cases. For the ABI
versions, I used the same style as in the landlock_restrict_self(2)
manpage, which I like for its succinctness.
* Patch 1: should already be applied (including it just for
completeness, because it's not reflected in the git.kernel.org
mirror yet)
* Patch 2: Changes the ABI version style for existing documentation,
this is fine to apply before Linux 7.1.
* Patch 3: Describes the new "resolve UNIX" functionality in Linux 7.1
–Günther
Change Log
==========
V2:
- s/only applies/applies only/.
- Use italics for "*" in LANDLOCK_SCOPE_*.
- s/resolve attempt/resolution attempt/
- ABI version indicators: Use cardinals for ABI versions, and refer
to it next to tagged paragraph titles where possible. Also,
introduce an additional preparation commit to fix this up for the
exitisting documentation.
- Use C99 comments in source code example
V1: Initial version
Günther Noack (3):
man/man7/landlock.7: Adapt compatibility in code example to ABI v8
man/man7/landlock.7: Simplify references to ABI versions
man/man7/landlock.7: Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX (ABI v9)
man/man7/landlock.7 | 75 ++++++++++++++++++++++++++++++---------------
1 file changed, 51 insertions(+), 24 deletions(-)
Range-diff against v1:
1: 07b854876a09 = 1: fd6de0eb416e man/man7/landlock.7: Adapt compatibility in code example to ABI v8
-: ------------ > 2: 33b9972559c5 man/man7/landlock.7: Simplify references to ABI versions
2: 414c8fa8f643 ! 3: a937ec4a113b man/man7/landlock.7: Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX (ABI v9)
@@ Commit message
## man/man7/landlock.7 ##
@@ man/man7/landlock.7: whose implementations are safe and return the right error codes
+ .BR FICLONERANGE ,
+ .BR FIDEDUPERANGE )
.RE
- .IP
- This access right is available since the fifth version of the Landlock ABI.
+.TP
-+.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
++.BR LANDLOCK_ACCESS_FS_RESOLVE_UNIX " (since Landlock ABI version 9)"
+Look up pathname UNIX
+domain sockets
+.RB ( unix (7)).
@@ man/man7/landlock.7: whose implementations are safe and return the right error c
+.BR sendmsg (2)
+with an explicit recipient address.
+.IP
-+This access right only applies to connections to UNIX server sockets
++This access right applies only to connections to UNIX server sockets
+which were created outside the newly created Landlock domain
+(e.g., from within a parent domain or from an unrestricted process).
+Newly created UNIX servers
@@ man/man7/landlock.7: whose implementations are safe and return the right error c
+In this regard,
+.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
+has the same semantics as the
-+.B LANDLOCK_SCOPE_*
++.BI LANDLOCK_SCOPE_ *
+flags.
+.IP
-+If a resolve attempt is denied,
++If a resolution attempt is denied,
+the operation returns an
+.B EACCES
+error,
+in line with other filesystem access rights
+(but different to denials for abstract UNIX domain sockets).
-+.IP
-+This access right is available since the ninth version of the Landlock ABI.
.P
Whether an opened file can be truncated with
.BR ftruncate (2)
@@ man/man7/landlock.7: and only use the available subset of access rights:
- (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v6: same */
- (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v7: same */
- (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v8: same */
-+ (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, /* v1 */
-+ (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, /* v2: add "refer" */
-+ (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v3: add "truncate" */
-+ (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v4: TCP support */
-+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v5: add "ioctl_dev" */
-+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v6: same */
-+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v7: same */
-+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v8: same */
-+ (LANDLOCK_ACCESS_FS_RESOLVE_UNIX << 1) \- 1, /* v9: add "resolve_unix" */
++ (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, // v1
++ (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, // v2: add "refer"
++ (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, // v3: add "truncate"
++ (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, // v4: TCP support
++ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v5: add "ioctl_dev"
++ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v6: same
++ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v7: same
++ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v8: same
++ (LANDLOCK_ACCESS_FS_RESOLVE_UNIX << 1) \- 1, // v9: add "resolve_unix"
};
\&
int abi = landlock_create_ruleset(NULL, 0,
--
2.54.0
^ permalink raw reply
* [PATCH v2 1/3] man/man7/landlock.7: Adapt compatibility in code example to ABI v8
From: Günther Noack @ 2026-05-15 16:57 UTC (permalink / raw)
To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack
In-Reply-To: <20260515165753.8830-1-gnoack3000@gmail.com>
* Bring the code example up to speed with Landlock ABI v8
* Use the correct ABI level in the MIN() macro
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
man/man7/landlock.7 | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
index 06910ccab5b1..0e3a11489af2 100644
--- a/man/man7/landlock.7
+++ b/man/man7/landlock.7
@@ -583,6 +583,9 @@ __u64 landlock_fs_access_rights[] = {
(LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v3: add "truncate" */
(LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v4: TCP support */
(LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v5: add "ioctl_dev" */
+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v6: same */
+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v7: same */
+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v8: same */
};
\&
int abi = landlock_create_ruleset(NULL, 0,
@@ -595,7 +598,7 @@ if (abi == \-1) {
perror("Unable to use Landlock");
return; /* Graceful fallback: Do nothing. */
}
-abi = MIN(abi, 3);
+abi = MIN(abi, 8);
\&
/* Only use the available rights in the ruleset. */
attr.handled_access_fs &= landlock_fs_access_rights[abi \- 1];
--
2.54.0
^ permalink raw reply related
* [PATCH v2 2/3] man/man7/landlock.7: Simplify references to ABI versions
From: Günther Noack @ 2026-05-15 16:57 UTC (permalink / raw)
To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack
In-Reply-To: <20260515165753.8830-1-gnoack3000@gmail.com>
* Use cardinal numbers for referring to Landlock ABI versions,
where possible.
* Adopt the format already used in landlock_restrict_self(2),
where the ABI versions are described next to the flag names
in their tagged paragraphs. For example:
.TP
.BR FLAG " (since Landlock ABI version X)"
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
man/man7/landlock.7 | 26 ++++++++------------------
1 file changed, 8 insertions(+), 18 deletions(-)
diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
index 0e3a11489af2..60915bdd9728 100644
--- a/man/man7/landlock.7
+++ b/man/man7/landlock.7
@@ -89,7 +89,7 @@ these system calls truncate existing files when overwriting them
.B LANDLOCK_ACCESS_FS_READ_FILE
Open a file with read access.
.TP
-.B LANDLOCK_ACCESS_FS_TRUNCATE
+.BR LANDLOCK_ACCESS_FS_TRUNCATE " (since Landlock ABI version 3)"
Truncate a file with
.BR truncate (2),
.BR ftruncate (2),
@@ -98,10 +98,8 @@ or
.BR open (2)
with
.BR O_TRUNC .
-.IP
-This access right is available since the third version of the Landlock ABI.
.TP
-.B LANDLOCK_ACCESS_FS_IOCTL_DEV
+.BR LANDLOCK_ACCESS_FS_IOCTL_DEV " (since Landlock ABI version 5)"
Invoke
.BR ioctl (2)
commands on an opened character or block device.
@@ -137,8 +135,6 @@ whose implementations are safe and return the right error codes
.BR FICLONERANGE ,
.BR FIDEDUPERANGE )
.RE
-.IP
-This access right is available since the fifth version of the Landlock ABI.
.P
Whether an opened file can be truncated with
.BR ftruncate (2)
@@ -191,19 +187,17 @@ Create (or rename or link) a block device.
.B LANDLOCK_ACCESS_FS_MAKE_SYM
Create (or rename or link) a symbolic link.
.TP
-.B LANDLOCK_ACCESS_FS_REFER
+.BR LANDLOCK_ACCESS_FS_REFER " (since Landlock ABI version 2)"
Link or rename a file from or to a different directory
(i.e., reparent a file hierarchy).
.IP
-This access right is available since the second version of the Landlock ABI.
-.IP
This is the only access right which is denied by default by any ruleset,
even if the right is not specified as handled at ruleset creation time.
The only way to make a ruleset grant this right
is to explicitly allow it for a specific directory
by adding a matching rule to the ruleset.
.IP
-In particular, when using the first Landlock ABI version,
+In particular, when using Landlock ABI version 1,
Landlock will always deny attempts to reparent files
between different directories.
.IP
@@ -245,14 +239,12 @@ error code takes precedence over
These flags enable to restrict a sandboxed process
to a set of network actions.
.P
-This is supported since Landlock ABI version 4.
-.P
The following access rights apply to TCP port numbers:
.TP
-.B LANDLOCK_ACCESS_NET_BIND_TCP
+.BR LANDLOCK_ACCESS_NET_BIND_TCP " (since Landlock ABI version 4)"
Bind a TCP socket to a local port.
.TP
-.B LANDLOCK_ACCESS_NET_CONNECT_TCP
+.BR LANDLOCK_ACCESS_NET_CONNECT_TCP " (since Landlock ABI version 4)"
Connect an active TCP socket to a remote port.
.\"
.SS Scope flags
@@ -260,16 +252,14 @@ These flags enable isolating a sandboxed process from a set of IPC actions.
Setting a flag for a ruleset will isolate the Landlock domain
to forbid connections to resources outside the domain.
.P
-This is supported since Landlock ABI version 6.
-.P
The following scopes exist:
.TP
-.B LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET
+.BR LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET " (since Landlock ABI version 6)"
Restrict a sandboxed process from connecting to an abstract UNIX socket
created by a process outside the related Landlock domain
(e.g., a parent domain or a non-sandboxed process).
.TP
-.B LANDLOCK_SCOPE_SIGNAL
+.BR LANDLOCK_SCOPE_SIGNAL " (since Landlock ABI version 6)"
Restrict a sandboxed process from sending a signal
to another process outside the domain.
.\"
--
2.54.0
^ permalink raw reply related
* [PATCH v2 3/3] man/man7/landlock.7: Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX (ABI v9)
From: Günther Noack @ 2026-05-15 16:57 UTC (permalink / raw)
To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack
In-Reply-To: <20260515165753.8830-1-gnoack3000@gmail.com>
Document the new LANDLOCK_ACCESS_FS_RESOLVE_UNIX filesystem access right,
which controls lookups of pathname UNIX domain sockets. Restricts both
connect(2) and sendmsg(2) with an explicit recipient address to UNIX
sockets created outside the Landlock domain (same semantics as
LANDLOCK_SCOPE_* flags). Denied attempts return EACCES.
Available since Linux 7.1 (Landlock ABI version 9).
Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
man/man7/landlock.7 | 54 ++++++++++++++++++++++++++++++++++++---------
1 file changed, 44 insertions(+), 10 deletions(-)
diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
index 60915bdd9728..55cd002d5789 100644
--- a/man/man7/landlock.7
+++ b/man/man7/landlock.7
@@ -135,6 +135,36 @@ whose implementations are safe and return the right error codes
.BR FICLONERANGE ,
.BR FIDEDUPERANGE )
.RE
+.TP
+.BR LANDLOCK_ACCESS_FS_RESOLVE_UNIX " (since Landlock ABI version 9)"
+Look up pathname UNIX
+domain sockets
+.RB ( unix (7)).
+On UNIX domain sockets,
+this restricts both calls to
+.BR connect (2)
+and
+.BR sendmsg (2)
+with an explicit recipient address.
+.IP
+This access right applies only to connections to UNIX server sockets
+which were created outside the newly created Landlock domain
+(e.g., from within a parent domain or from an unrestricted process).
+Newly created UNIX servers
+within the same Landlock domain
+continue to be accessible.
+In this regard,
+.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
+has the same semantics as the
+.BI LANDLOCK_SCOPE_ *
+flags.
+.IP
+If a resolution attempt is denied,
+the operation returns an
+.B EACCES
+error,
+in line with other filesystem access rights
+(but different to denials for abstract UNIX domain sockets).
.P
Whether an opened file can be truncated with
.BR ftruncate (2)
@@ -468,6 +498,8 @@ _ _ _
\^ \^ LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
_ _ _
8 7.0 LANDLOCK_RESTRICT_SELF_TSYNC
+_ _ _
+9 7.1 LANDLOCK_ACCESS_FS_RESOLVE_UNIX
.TE
.P
Users should use the Landlock ABI version rather than the kernel version
@@ -553,7 +585,8 @@ attr.handled_access_fs =
LANDLOCK_ACCESS_FS_MAKE_SYM |
LANDLOCK_ACCESS_FS_REFER |
LANDLOCK_ACCESS_FS_TRUNCATE |
- LANDLOCK_ACCESS_FS_IOCTL_DEV;
+ LANDLOCK_ACCESS_FS_IOCTL_DEV |
+ LANDLOCK_ACCESS_FS_RESOLVE_UNIX;
.EE
.in
.P
@@ -568,14 +601,15 @@ and only use the available subset of access rights:
* numbers hardcoded to keep the example short.
*/
__u64 landlock_fs_access_rights[] = {
- (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, /* v1 */
- (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, /* v2: add "refer" */
- (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v3: add "truncate" */
- (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v4: TCP support */
- (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v5: add "ioctl_dev" */
- (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v6: same */
- (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v7: same */
- (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v8: same */
+ (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, // v1
+ (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, // v2: add "refer"
+ (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, // v3: add "truncate"
+ (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, // v4: TCP support
+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v5: add "ioctl_dev"
+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v6: same
+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v7: same
+ (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v8: same
+ (LANDLOCK_ACCESS_FS_RESOLVE_UNIX << 1) \- 1, // v9: add "resolve_unix"
};
\&
int abi = landlock_create_ruleset(NULL, 0,
@@ -588,7 +622,7 @@ if (abi == \-1) {
perror("Unable to use Landlock");
return; /* Graceful fallback: Do nothing. */
}
-abi = MIN(abi, 8);
+abi = MIN(abi, 9);
\&
/* Only use the available rights in the ruleset. */
attr.handled_access_fs &= landlock_fs_access_rights[abi \- 1];
--
2.54.0
^ permalink raw reply related
* Re: [PATCH 2/2] man/man7/landlock.7: Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX (ABI v9)
From: Günther Noack @ 2026-05-15 17:47 UTC (permalink / raw)
To: Alejandro Colomar; +Cc: Mickaël Salaün, linux-man
In-Reply-To: <agW4yMK6CinJGqXt@devuan>
Hello Alejandro,
On Thu, May 14, 2026 at 02:21:14PM +0200, Alejandro Colomar wrote:
> On 2026-05-14T09:04:17+0200, Günther Noack wrote:
> > Document the new LANDLOCK_ACCESS_FS_RESOLVE_UNIX filesystem access right,
> > which controls lookups of pathname UNIX domain sockets. Restricts both
> > connect(2) and sendmsg(2) with an explicit recipient address to UNIX
> > sockets created outside the Landlock domain (same semantics as
> > LANDLOCK_SCOPE_* flags). Denied attempts return EACCES.
> >
> > Available since Linux 7.1 (Landlock ABI version 9).
> >
> > Signed-off-by: Günther Noack <gnoack3000@gmail.com>
> > ---
> > man/man7/landlock.7 | 56 +++++++++++++++++++++++++++++++++++++--------
> > 1 file changed, 46 insertions(+), 10 deletions(-)
> >
> > diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
> > index 0e3a11489af2..d0d9c720bfaf 100644
> > --- a/man/man7/landlock.7
> > +++ b/man/man7/landlock.7
> > @@ -139,6 +139,38 @@ whose implementations are safe and return the right error codes
> > .RE
> > .IP
> > This access right is available since the fifth version of the Landlock ABI.
> > +.TP
> > +.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
> > +Look up pathname UNIX
> > +domain sockets
> > +.RB ( unix (7)).
> > +On UNIX domain sockets,
> > +this restricts both calls to
> > +.BR connect (2)
> > +and
> > +.BR sendmsg (2)
> > +with an explicit recipient address.
> > +.IP
> > +This access right only applies to connections to UNIX server sockets
>
> s/only applies/applies only/
Done, thanks!
I should pay more attention to that,
it might be a German-ism to mix that up.
> > +which were created outside the newly created Landlock domain
> > +(e.g., from within a parent domain or from an unrestricted process).
> > +Newly created UNIX servers
> > +within the same Landlock domain
> > +continue to be accessible.
> > +In this regard,
> > +.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
> > +has the same semantics as the
> > +.B LANDLOCK_SCOPE_*
>
> * is variable part, so it should be in italics:
>
> .BI LANDLOCK_SCOPE_ *
Done.
> > +flags.
> > +.IP
> > +If a resolve attempt is denied,
>
> 'resolve attempt' seems weird. Should this be 'resolution attempt'?
Good point, done.
> > +the operation returns an
> > +.B EACCES
> > +error,
> > +in line with other filesystem access rights
> > +(but different to denials for abstract UNIX domain sockets).
> > +.IP
> > +This access right is available since the ninth version of the Landlock ABI.
>
> I see this is consistent with the rest of the page, but we should change
> all of these to use cardinals instead of ordinals (and in digits, not
> letters).
Done. I made it consistent with the landlock_restrict_self(2) man page
as well, where we have put these version indicators as shorter phrases
next to the tagged paragraph headlines of the affected flags.
> > .P
> > Whether an opened file can be truncated with
> > .BR ftruncate (2)
> > @@ -478,6 +510,8 @@ _ _ _
> > \^ \^ LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
> > _ _ _
> > 8 7.0 LANDLOCK_RESTRICT_SELF_TSYNC
> > +_ _ _
> > +9 7.1 LANDLOCK_ACCESS_FS_RESOLVE_UNIX
> > .TE
> > .P
> > Users should use the Landlock ABI version rather than the kernel version
> > @@ -563,7 +597,8 @@ attr.handled_access_fs =
> > LANDLOCK_ACCESS_FS_MAKE_SYM |
> > LANDLOCK_ACCESS_FS_REFER |
> > LANDLOCK_ACCESS_FS_TRUNCATE |
> > - LANDLOCK_ACCESS_FS_IOCTL_DEV;
> > + LANDLOCK_ACCESS_FS_IOCTL_DEV |
> > + LANDLOCK_ACCESS_FS_RESOLVE_UNIX;
> > .EE
> > .in
> > .P
> > @@ -578,14 +613,15 @@ and only use the available subset of access rights:
> > * numbers hardcoded to keep the example short.
> > */
> > __u64 landlock_fs_access_rights[] = {
> > - (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, /* v1 */
> > - (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, /* v2: add "refer" */
> > - (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v3: add "truncate" */
> > - (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v4: TCP support */
> > - (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v5: add "ioctl_dev" */
> > - (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v6: same */
> > - (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v7: same */
> > - (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v8: same */
> > + (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, /* v1 */
> > + (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, /* v2: add "refer" */
> > + (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v3: add "truncate" */
> > + (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v4: TCP support */
> > + (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v5: add "ioctl_dev" */
> > + (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v6: same */
> > + (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v7: same */
> > + (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v8: same */
> > + (LANDLOCK_ACCESS_FS_RESOLVE_UNIX << 1) \- 1, /* v9: add "resolve_unix" */
>
> We should probably use C99 comments (//), to reduce the width, and
> alignment issues.
Good idea, done.
> Feel free to send formatting patches for these side issues.
I split it up a bit, so that the fixes independent of the new feature
can go separately; see
https://lore.kernel.org/all/20260515165753.8830-1-gnoack3000@gmail.com/
Thanks for the review!
–Günther
^ permalink raw reply
* Re: [PATCH v1] man/man3/dlopen.3: EXAMPLES: Simplify use of dlsym(3)
From: Alejandro Colomar @ 2026-05-15 22:51 UTC (permalink / raw)
To: Bruno Haible; +Cc: linux-man, Martin Uecker, Walter Harms
In-Reply-To: <3628881.qSoW2BAyJ8@nimes>
[-- Attachment #1: Type: text/plain, Size: 336 bytes --]
Hi Bruno,
On 2026-05-15T18:19:44+0200, Bruno Haible wrote:
> The patch looks good to me. Thanks for removing the misleading comment!
You're welcome! Thanks for the report! I've taken your reply as an
Acked-by tag in the patch.
Have a lovely night!
Alex
> Bruno
>
>
>
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* Re: [PATCH v2 2/3] man/man7/landlock.7: Simplify references to ABI versions
From: Alejandro Colomar @ 2026-05-15 22:54 UTC (permalink / raw)
To: Günther Noack; +Cc: Mickaël Salaün, linux-man
In-Reply-To: <20260515165753.8830-3-gnoack3000@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4325 bytes --]
Hi!
On 2026-05-15T18:57:52+0200, Günther Noack wrote:
> * Use cardinal numbers for referring to Landlock ABI versions,
> where possible.
>
> * Adopt the format already used in landlock_restrict_self(2),
> where the ABI versions are described next to the flag names
> in their tagged paragraphs. For example:
>
> .TP
> .BR FLAG " (since Landlock ABI version X)"
>
> Signed-off-by: Günther Noack <gnoack3000@gmail.com>
Patch applied; thanks!
Have a lovely night!
Alex
> ---
> man/man7/landlock.7 | 26 ++++++++------------------
> 1 file changed, 8 insertions(+), 18 deletions(-)
>
> diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
> index 0e3a11489af2..60915bdd9728 100644
> --- a/man/man7/landlock.7
> +++ b/man/man7/landlock.7
> @@ -89,7 +89,7 @@ these system calls truncate existing files when overwriting them
> .B LANDLOCK_ACCESS_FS_READ_FILE
> Open a file with read access.
> .TP
> -.B LANDLOCK_ACCESS_FS_TRUNCATE
> +.BR LANDLOCK_ACCESS_FS_TRUNCATE " (since Landlock ABI version 3)"
> Truncate a file with
> .BR truncate (2),
> .BR ftruncate (2),
> @@ -98,10 +98,8 @@ or
> .BR open (2)
> with
> .BR O_TRUNC .
> -.IP
> -This access right is available since the third version of the Landlock ABI.
> .TP
> -.B LANDLOCK_ACCESS_FS_IOCTL_DEV
> +.BR LANDLOCK_ACCESS_FS_IOCTL_DEV " (since Landlock ABI version 5)"
> Invoke
> .BR ioctl (2)
> commands on an opened character or block device.
> @@ -137,8 +135,6 @@ whose implementations are safe and return the right error codes
> .BR FICLONERANGE ,
> .BR FIDEDUPERANGE )
> .RE
> -.IP
> -This access right is available since the fifth version of the Landlock ABI.
> .P
> Whether an opened file can be truncated with
> .BR ftruncate (2)
> @@ -191,19 +187,17 @@ Create (or rename or link) a block device.
> .B LANDLOCK_ACCESS_FS_MAKE_SYM
> Create (or rename or link) a symbolic link.
> .TP
> -.B LANDLOCK_ACCESS_FS_REFER
> +.BR LANDLOCK_ACCESS_FS_REFER " (since Landlock ABI version 2)"
> Link or rename a file from or to a different directory
> (i.e., reparent a file hierarchy).
> .IP
> -This access right is available since the second version of the Landlock ABI.
> -.IP
> This is the only access right which is denied by default by any ruleset,
> even if the right is not specified as handled at ruleset creation time.
> The only way to make a ruleset grant this right
> is to explicitly allow it for a specific directory
> by adding a matching rule to the ruleset.
> .IP
> -In particular, when using the first Landlock ABI version,
> +In particular, when using Landlock ABI version 1,
> Landlock will always deny attempts to reparent files
> between different directories.
> .IP
> @@ -245,14 +239,12 @@ error code takes precedence over
> These flags enable to restrict a sandboxed process
> to a set of network actions.
> .P
> -This is supported since Landlock ABI version 4.
> -.P
> The following access rights apply to TCP port numbers:
> .TP
> -.B LANDLOCK_ACCESS_NET_BIND_TCP
> +.BR LANDLOCK_ACCESS_NET_BIND_TCP " (since Landlock ABI version 4)"
> Bind a TCP socket to a local port.
> .TP
> -.B LANDLOCK_ACCESS_NET_CONNECT_TCP
> +.BR LANDLOCK_ACCESS_NET_CONNECT_TCP " (since Landlock ABI version 4)"
> Connect an active TCP socket to a remote port.
> .\"
> .SS Scope flags
> @@ -260,16 +252,14 @@ These flags enable isolating a sandboxed process from a set of IPC actions.
> Setting a flag for a ruleset will isolate the Landlock domain
> to forbid connections to resources outside the domain.
> .P
> -This is supported since Landlock ABI version 6.
> -.P
> The following scopes exist:
> .TP
> -.B LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET
> +.BR LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET " (since Landlock ABI version 6)"
> Restrict a sandboxed process from connecting to an abstract UNIX socket
> created by a process outside the related Landlock domain
> (e.g., a parent domain or a non-sandboxed process).
> .TP
> -.B LANDLOCK_SCOPE_SIGNAL
> +.BR LANDLOCK_SCOPE_SIGNAL " (since Landlock ABI version 6)"
> Restrict a sandboxed process from sending a signal
> to another process outside the domain.
> .\"
> --
> 2.54.0
>
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* Re: [PATCH v2 3/3] man/man7/landlock.7: Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX (ABI v9)
From: Alejandro Colomar @ 2026-05-15 22:56 UTC (permalink / raw)
To: Günther Noack; +Cc: Mickaël Salaün, linux-man
In-Reply-To: <20260515165753.8830-4-gnoack3000@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 4568 bytes --]
Hi Günther,
On 2026-05-15T18:57:53+0200, Günther Noack wrote:
> Document the new LANDLOCK_ACCESS_FS_RESOLVE_UNIX filesystem access right,
> which controls lookups of pathname UNIX domain sockets. Restricts both
> connect(2) and sendmsg(2) with an explicit recipient address to UNIX
> sockets created outside the Landlock domain (same semantics as
> LANDLOCK_SCOPE_* flags). Denied attempts return EACCES.
>
> Available since Linux 7.1 (Landlock ABI version 9).
>
> Signed-off-by: Günther Noack <gnoack3000@gmail.com>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Cheers,
Alex
> ---
> man/man7/landlock.7 | 54 ++++++++++++++++++++++++++++++++++++---------
> 1 file changed, 44 insertions(+), 10 deletions(-)
>
> diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
> index 60915bdd9728..55cd002d5789 100644
> --- a/man/man7/landlock.7
> +++ b/man/man7/landlock.7
> @@ -135,6 +135,36 @@ whose implementations are safe and return the right error codes
> .BR FICLONERANGE ,
> .BR FIDEDUPERANGE )
> .RE
> +.TP
> +.BR LANDLOCK_ACCESS_FS_RESOLVE_UNIX " (since Landlock ABI version 9)"
> +Look up pathname UNIX
> +domain sockets
> +.RB ( unix (7)).
> +On UNIX domain sockets,
> +this restricts both calls to
> +.BR connect (2)
> +and
> +.BR sendmsg (2)
> +with an explicit recipient address.
> +.IP
> +This access right applies only to connections to UNIX server sockets
> +which were created outside the newly created Landlock domain
> +(e.g., from within a parent domain or from an unrestricted process).
> +Newly created UNIX servers
> +within the same Landlock domain
> +continue to be accessible.
> +In this regard,
> +.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
> +has the same semantics as the
> +.BI LANDLOCK_SCOPE_ *
> +flags.
> +.IP
> +If a resolution attempt is denied,
> +the operation returns an
> +.B EACCES
> +error,
> +in line with other filesystem access rights
> +(but different to denials for abstract UNIX domain sockets).
> .P
> Whether an opened file can be truncated with
> .BR ftruncate (2)
> @@ -468,6 +498,8 @@ _ _ _
> \^ \^ LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
> _ _ _
> 8 7.0 LANDLOCK_RESTRICT_SELF_TSYNC
> +_ _ _
> +9 7.1 LANDLOCK_ACCESS_FS_RESOLVE_UNIX
> .TE
> .P
> Users should use the Landlock ABI version rather than the kernel version
> @@ -553,7 +585,8 @@ attr.handled_access_fs =
> LANDLOCK_ACCESS_FS_MAKE_SYM |
> LANDLOCK_ACCESS_FS_REFER |
> LANDLOCK_ACCESS_FS_TRUNCATE |
> - LANDLOCK_ACCESS_FS_IOCTL_DEV;
> + LANDLOCK_ACCESS_FS_IOCTL_DEV |
> + LANDLOCK_ACCESS_FS_RESOLVE_UNIX;
> .EE
> .in
> .P
> @@ -568,14 +601,15 @@ and only use the available subset of access rights:
> * numbers hardcoded to keep the example short.
> */
> __u64 landlock_fs_access_rights[] = {
> - (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, /* v1 */
> - (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, /* v2: add "refer" */
> - (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v3: add "truncate" */
> - (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v4: TCP support */
> - (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v5: add "ioctl_dev" */
> - (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v6: same */
> - (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v7: same */
> - (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, /* v8: same */
> + (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, // v1
> + (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, // v2: add "refer"
> + (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, // v3: add "truncate"
> + (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, // v4: TCP support
> + (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v5: add "ioctl_dev"
> + (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v6: same
> + (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v7: same
> + (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1, // v8: same
> + (LANDLOCK_ACCESS_FS_RESOLVE_UNIX << 1) \- 1, // v9: add "resolve_unix"
> };
> \&
> int abi = landlock_create_ruleset(NULL, 0,
> @@ -588,7 +622,7 @@ if (abi == \-1) {
> perror("Unable to use Landlock");
> return; /* Graceful fallback: Do nothing. */
> }
> -abi = MIN(abi, 8);
> +abi = MIN(abi, 9);
> \&
> /* Only use the available rights in the ruleset. */
> attr.handled_access_fs &= landlock_fs_access_rights[abi \- 1];
> --
> 2.54.0
>
>
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* [PATCH] man/man2const/PAGEMAP_SCAN.2const: fix typo
From: funsafemath @ 2026-05-16 4:57 UTC (permalink / raw)
To: Alejandro Colomar; +Cc: linux-man
Signed-off-by: funsafemath <funsafemath@proton.me>
---
man/man2const/PAGEMAP_SCAN.2const | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/man2const/PAGEMAP_SCAN.2const b/man/man2const/PAGEMAP_SCAN.2const
index ed2f6b72a..ff6436ec0 100644
--- a/man/man2const/PAGEMAP_SCAN.2const
+++ b/man/man2const/PAGEMAP_SCAN.2const
@@ -197,7 +197,7 @@ .SH ERRORS
No memory is available.
.TP
.B EINTR
-Fetal signal is pending.
+Fatal signal is pending.
.SH STANDARDS
Linux.
.SH HISTORY
--
2.52.0
^ permalink raw reply related
* Re: [PATCH] man/man2const/PAGEMAP_SCAN.2const: fix typo
From: G. Branden Robinson @ 2026-05-16 9:37 UTC (permalink / raw)
To: linux-man; +Cc: Alejandro Colomar, funsafemath, Carlos O'Donell
In-Reply-To: <agf5NqqQzWRde7IR@nix-mail>
[-- Attachment #1: Type: text/plain, Size: 606 bytes --]
At 2026-05-16T05:57:31+0100, funsafemath wrote:
> diff --git a/man/man2const/PAGEMAP_SCAN.2const b/man/man2const/PAGEMAP_SCAN.2const
> index ed2f6b72a..ff6436ec0 100644
> --- a/man/man2const/PAGEMAP_SCAN.2const
> +++ b/man/man2const/PAGEMAP_SCAN.2const
> @@ -197,7 +197,7 @@ .SH ERRORS
> No memory is available.
> .TP
> .B EINTR
> -Fetal signal is pending.
> +Fatal signal is pending.
> .SH STANDARDS
> Linux.
> .SH HISTORY
It appears that Stallman's notorious joke from the glibc manual[1] was
not, in fact, destroyed, but merely migrated...
Regards,
Branden
[1] https://lwn.net/Articles/770966/
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* Re: [PATCH] man/man2const/PAGEMAP_SCAN.2const: fix typo
From: Alejandro Colomar @ 2026-05-16 11:55 UTC (permalink / raw)
To: funsafemath; +Cc: linux-man
In-Reply-To: <agf5NqqQzWRde7IR@nix-mail>
[-- Attachment #1: Type: text/plain, Size: 747 bytes --]
Hi,
On 2026-05-16T05:57:31+0100, funsafemath wrote:
> Signed-off-by: funsafemath <funsafemath@proton.me>
Thanks! I've applied the patch.
Have a lovely day!
Alex
> ---
> man/man2const/PAGEMAP_SCAN.2const | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/man/man2const/PAGEMAP_SCAN.2const b/man/man2const/PAGEMAP_SCAN.2const
> index ed2f6b72a..ff6436ec0 100644
> --- a/man/man2const/PAGEMAP_SCAN.2const
> +++ b/man/man2const/PAGEMAP_SCAN.2const
> @@ -197,7 +197,7 @@ .SH ERRORS
> No memory is available.
> .TP
> .B EINTR
> -Fetal signal is pending.
> +Fatal signal is pending.
> .SH STANDARDS
> Linux.
> .SH HISTORY
> --
> 2.52.0
>
>
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* [Bug 221533] New: strstr/c23/constness
From: bugzilla-daemon @ 2026-05-16 16:47 UTC (permalink / raw)
To: linux-man
https://bugzilla.kernel.org/show_bug.cgi?id=221533
Bug ID: 221533
Summary: strstr/c23/constness
Product: Documentation
Version: unspecified
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P3
Component: man-pages
Assignee: documentation_man-pages@kernel-bugs.osdl.org
Reporter: linux@treblig.org
Regression: No
Hi,
In C23 strstr can return a const char* if the first parameter is a const
char*; this is also true of a bunch of the other routines.
I'm not really sure how this should be documented, I guess two entries for
each function with some note saying it's only C23 and later?
See:
https://sourceware.org/cgit/glibc/commit/string/string.h?id=cd748a63ab1a7ae846175c532a3daab341c62690
for the glibc change that implemented it.
It can break some existing code, e.g. something like:
int foo(const char *a)
{
char *bar = strstr(a, "frog");
}
gives:
t.c:9:16: warning: initialization discards ‘const’ qualifier from pointer
target type [-Wdiscarded-qualifiers]
9 | char *bar = strstr(a, "frog");
| ^~~~~~
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply
* [Bug 221533] strstr/c23/constness
From: bugzilla-daemon @ 2026-05-16 16:57 UTC (permalink / raw)
To: linux-man
In-Reply-To: <bug-221533-11311@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=221533
--- Comment #1 from Alejandro Colomar (alx@kernel.org) ---
Hi,
On 2026-05-16T16:47:42+0000, bugzilla-daemon@kernel.org wrote:
> Hi,
> In C23 strstr can return a const char* if the first parameter is a const
> char*; this is also true of a bunch of the other routines.
>
> I'm not really sure how this should be documented, I guess two entries for
> each function with some note saying it's only C23 and later?
I've been thinking about this. At the moment, I've documented one
function that has this property: strnul(3) (which is a gnulib extension,
not part of C23). There, I've used C++-style, documenting it with two
prototypes, as if it were a function overload. I think we should do the
same for the C23 const-preserving macros.
SYNOPSIS
#include <string.h>
char *strnul(char *s);
const char *strnul(const char *s);
I'll work on some patches for the C23 APIs.
> See:
>
> https://sourceware.org/cgit/glibc/commit/string/string.h?id=cd748a63ab1a7ae846175c532a3daab341c62690
>
> for the glibc change that implemented it.
>
> It can break some existing code, e.g. something like:
Indeed, it broke mutt(1), for example. That allowed finding a few bugs
in mutt(1), which were modifying read-only strings. Most of the cases
were false positives, though, which could be fixed easily by adding
const.
> int foo(const char *a)
> {
> char *bar = strstr(a, "frog");
> }
>
> gives:
> t.c:9:16: warning: initialization discards ‘const’ qualifier from pointer
> target type [-Wdiscarded-qualifiers]
> 9 | char *bar = strstr(a, "frog");
> | ^~~~~~
Yup.
Have a lovely day!
Alex
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply
* [PATCH v1] man/man2/quotactl.2: tfix
From: Alejandro Colomar @ 2026-05-16 17:12 UTC (permalink / raw)
To: linux-man, Jan Kara; +Cc: Alejandro Colomar, Petr Gajdos, Jan Blunck
It seems most likely that this was a typo, and that Q_XQUOTAON was
meant.
Fixes: 1eeddf25 (2010-06-16; "quotactl.2: Major updates")
Cc: Jan Kara <jack@suse.cz>
Cc: Petr Gajdos <pgajdos@suse.cz>
Cc: Jan Blunck <jblunck@novell.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
Hi Jan,
I'm working on this page, and found what seems to be a typo. I'd like
you to confirm, in case I'm missing something.
Have a lovely day!
Alex
man/man2/quotactl.2 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/man2/quotactl.2 b/man/man2/quotactl.2
index ef050714..bf361409 100644
--- a/man/man2/quotactl.2
+++ b/man/man2/quotactl.2
@@ -130,7 +130,7 @@ .SH DESCRIPTION
.B Q_XQUOTAOFF
Turn off quotas for an XFS filesystem.
As with
-.BR Q_QUOTAON (2const),
+.BR Q_XQUOTAON (2const),
XFS filesystems expect a pointer to an
.I "unsigned int"
that specifies whether quota accounting and/or limit enforcement need
Range-diff against v0:
-: -------- > 1: 9d328eab man/man2/quotactl.2: tfix
--
2.53.0
^ permalink raw reply related
* [Bug 221533] strstr/c23/constness
From: bugzilla-daemon @ 2026-05-16 17:18 UTC (permalink / raw)
To: linux-man
In-Reply-To: <bug-221533-11311@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=221533
--- Comment #2 from Dr. David Alan Gilbert (linux@treblig.org) ---
Yep, makes sense; I tripped over it yesterday in one of qemu's tests (someone
has already sent a test).
Thanks!
Dave
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply
* non-standard const-preserving string APIs
From: Alejandro Colomar @ 2026-05-16 18:15 UTC (permalink / raw)
To: libc-alpha; +Cc: linux-man
[-- Attachment #1: Type: text/plain, Size: 472 bytes --]
Hi!
I'm working on documenting the recent API change of strchr(3) et al.
to adapt to C23. While doing that, I've realized that the related APIs
that are not standardized by ISO C, such as memrchr(3), have not been
changed consistently with their relatives. Has this been discussed?
I think the inconsistency might be dangerous. Should we change the
other string functions accordingly?
Have a lovely day!
Alex
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* [PATCH 1/2] man/man2/seccomp.2: Document SECCOMP_FILTER_FLAG_TSYNC_ESRCH
From: funsafemath @ 2026-05-16 20:53 UTC (permalink / raw)
To: Alejandro Colomar; +Cc: linux-man
[-- Attachment #1: Type: text/plain, Size: 1164 bytes --]
Document SECCOMP_FILTER_FLAG_TSYNC_ESRCH flag, which allows to
use SECCOMP_FILTER_FLAG_TSYNC and SECCOMP_FILTER_FLAG_NEW_LISTENER
flags together by returning ESRCH on synchronization error instead
of the thread ID.
<https://lore.kernel.org/r/20200304180517.23867-1-tycho@tycho.ws>
---
man/man2/seccomp.2 | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/man/man2/seccomp.2 b/man/man2/seccomp.2
index 75c7b2d58..0729a653c 100644
--- a/man/man2/seccomp.2
+++ b/man/man2/seccomp.2
@@ -241,6 +241,21 @@ .SH DESCRIPTION
.B SECCOMP_MODE_STRICT
or if it has attached new seccomp filters to itself,
diverging from the calling thread's filter tree.
+.TP
+.BR SECCOMP_FILTER_FLAG_TSYNC_ESRCH " (since Linux 5.7)"
+.\" commit 51891498f2da78ee64dfad88fa53c9e85fb50abf
+Return
+.B ESRCH
+instead of the thread ID on synchronization failure if
+.B SECCOMP_FILTER_FLAG_TSYNC
+was specified.
+.IP
+If this flag is not set, using
+.B SECCOMP_FILTER_FLAG_NEW_LISTENER
+and
+.B SECCOMP_FILTER_FLAG_TSYNC
+flags together results in
+.BR EINVAL .
.RE
.TP
.BR SECCOMP_GET_ACTION_AVAIL " (since Linux 4.14)"
--
2.52.0
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply related
* [PATCH 2/2] man/man2/seccomp.2: Document SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV
From: funsafemath @ 2026-05-16 20:55 UTC (permalink / raw)
To: Alejandro Colomar; +Cc: linux-man
[-- Attachment #1: Type: text/plain, Size: 895 bytes --]
Document the SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag,
which makes the process ignore non-fatal signals until the supervisor sends a response.
Relevant kernel documentation: <Documentation/userspace-api/seccomp_filter.rst>
---
man/man2/seccomp.2 | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/man/man2/seccomp.2 b/man/man2/seccomp.2
index 0729a653c..5dd2675fc 100644
--- a/man/man2/seccomp.2
+++ b/man/man2/seccomp.2
@@ -256,6 +256,13 @@ .SH DESCRIPTION
.B SECCOMP_FILTER_FLAG_TSYNC
flags together results in
.BR EINVAL .
+.TP
+.BR SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV " (since Linux 5.19)"
+.\" commit c2aa2dfef243efe213a480a1ee8566507a5152f4
+Ignore non-fatal signals until the supervisor sends a response.
+.IP
+.B SECCOMP_FILTER_FLAG_NEW_LISTENER
+flag must be set.
.RE
.TP
.BR SECCOMP_GET_ACTION_AVAIL " (since Linux 4.14)"
--
2.52.0
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply related
* Re: [PATCH 2/2] man/man2/seccomp.2: Document SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV
From: funsafemath @ 2026-05-16 21:15 UTC (permalink / raw)
To: Alejandro Colomar; +Cc: linux-man
In-Reply-To: <agjZR_2uzuZCeMPs@nix-mail>
[-- Attachment #1: Type: text/plain, Size: 75 bytes --]
Sorry, set a wrong reply header, so message was sent in a separate thread
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply
* Re: [PATCH 1/2] man/man2/seccomp.2: Document SECCOMP_FILTER_FLAG_TSYNC_ESRCH
From: Alejandro Colomar @ 2026-05-16 21:38 UTC (permalink / raw)
To: funsafemath; +Cc: linux-man, Tycho Andersen
In-Reply-To: <agjZM97qL3w4JZBX@nix-mail>
[-- Attachment #1: Type: text/plain, Size: 1592 bytes --]
Hi,
On 2026-05-16T21:53:17+0100, funsafemath wrote:
> Document SECCOMP_FILTER_FLAG_TSYNC_ESRCH flag, which allows to
> use SECCOMP_FILTER_FLAG_TSYNC and SECCOMP_FILTER_FLAG_NEW_LISTENER
> flags together by returning ESRCH on synchronization error instead
> of the thread ID.
>
> <https://lore.kernel.org/r/20200304180517.23867-1-tycho@tycho.ws>
> ---
Would you mind signing the patch?
> man/man2/seccomp.2 | 15 +++++++++++++++
> 1 file changed, 15 insertions(+)
>
> diff --git a/man/man2/seccomp.2 b/man/man2/seccomp.2
> index 75c7b2d58..0729a653c 100644
> --- a/man/man2/seccomp.2
> +++ b/man/man2/seccomp.2
> @@ -241,6 +241,21 @@ .SH DESCRIPTION
> .B SECCOMP_MODE_STRICT
> or if it has attached new seccomp filters to itself,
> diverging from the calling thread's filter tree.
> +.TP
> +.BR SECCOMP_FILTER_FLAG_TSYNC_ESRCH " (since Linux 5.7)"
> +.\" commit 51891498f2da78ee64dfad88fa53c9e85fb50abf
> +Return
> +.B ESRCH
I expect that in user space, we'll see -1 in the return value, and ESRCH
in errno, right? If so, we should say "Fail with ESRCH ...".
> +instead of the thread ID on synchronization failure if
> +.B SECCOMP_FILTER_FLAG_TSYNC
Spurious double space. s/ / /
Have a lovely day!
Alex
> +was specified.
> +.IP
> +If this flag is not set, using
> +.B SECCOMP_FILTER_FLAG_NEW_LISTENER
> +and
> +.B SECCOMP_FILTER_FLAG_TSYNC
> +flags together results in
> +.BR EINVAL .
> .RE
> .TP
> .BR SECCOMP_GET_ACTION_AVAIL " (since Linux 4.14)"
> --
> 2.52.0
>
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* Re: [PATCH 2/2] man/man2/seccomp.2: Document SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV
From: Alejandro Colomar @ 2026-05-16 21:44 UTC (permalink / raw)
To: agjZM97qL3w4JZBX; +Cc: linux-man
In-Reply-To: <agjZR_2uzuZCeMPs@nix-mail>
[-- Attachment #1: Type: text/plain, Size: 1463 bytes --]
Hi,
> Subject: Re: [PATCH 2/2] man/man2/seccomp.2: Document SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV
Please use the In-Reply-To email header field so that related patches
are part of the same thread.
On 2026-05-16T21:55:29+0100, funsafemath wrote:
> Document the SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV flag,
> which makes the process ignore non-fatal signals until the supervisor sends a response.
>
> Relevant kernel documentation: <Documentation/userspace-api/seccomp_filter.rst>
Please sign the patch.
> ---
> man/man2/seccomp.2 | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/man/man2/seccomp.2 b/man/man2/seccomp.2
> index 0729a653c..5dd2675fc 100644
> --- a/man/man2/seccomp.2
> +++ b/man/man2/seccomp.2
> @@ -256,6 +256,13 @@ .SH DESCRIPTION
> .B SECCOMP_FILTER_FLAG_TSYNC
> flags together results in
> .BR EINVAL .
> +.TP
> +.BR SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV " (since Linux 5.19)"
> +.\" commit c2aa2dfef243efe213a480a1ee8566507a5152f4
> +Ignore non-fatal signals until the supervisor sends a response.
> +.IP
> +.B SECCOMP_FILTER_FLAG_NEW_LISTENER
> +flag must be set.
This sentence is incomplete. A correct English sentence would have to
be on of these:
- The XXX flag must be set.
- XXX must be set.
Have a lovely night!
Alex
> .RE
> .TP
> .BR SECCOMP_GET_ACTION_AVAIL " (since Linux 4.14)"
> --
> 2.52.0
>
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* [Bug 221533] strstr/c23/constness
From: bugzilla-daemon @ 2026-05-17 7:36 UTC (permalink / raw)
To: linux-man
In-Reply-To: <bug-221533-11311@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=221533
Artem S. Tashkinov (aros@gmx.com) changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |ANSWERED
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply
* Re: non-standard const-preserving string APIs
From: Adhemerval Zanella Netto @ 2026-05-17 12:22 UTC (permalink / raw)
To: Alejandro Colomar, libc-alpha; +Cc: linux-man
In-Reply-To: <agizh06CdDnhDvAB@devuan>
On 16/05/26 15:15, Alejandro Colomar wrote:
> Hi!
>
> I'm working on documenting the recent API change of strchr(3) et al.
> to adapt to C23. While doing that, I've realized that the related APIs
> that are not standardized by ISO C, such as memrchr(3), have not been
> changed consistently with their relatives. Has this been discussed?
>
> I think the inconsistency might be dangerous. Should we change the
> other string functions accordingly?
I think it is reasonable to support const-preserving to the GNU interfaces as
well. Are you preparing a patch?
^ permalink raw reply
* Re: non-standard const-preserving string APIs
From: Alejandro Colomar @ 2026-05-17 13:59 UTC (permalink / raw)
To: Adhemerval Zanella Netto; +Cc: libc-alpha, linux-man
In-Reply-To: <c57574d1-9031-4ae6-8cd1-0e74931b9af6@linaro.org>
[-- Attachment #1: Type: text/plain, Size: 971 bytes --]
Hi Adhemerval,
On 2026-05-17T09:22:41-0300, Adhemerval Zanella Netto wrote:
>
>
> On 16/05/26 15:15, Alejandro Colomar wrote:
> > Hi!
> >
> > I'm working on documenting the recent API change of strchr(3) et al.
> > to adapt to C23. While doing that, I've realized that the related APIs
> > that are not standardized by ISO C, such as memrchr(3), have not been
> > changed consistently with their relatives. Has this been discussed?
> >
> > I think the inconsistency might be dangerous. Should we change the
> > other string functions accordingly?
> I think it is reasonable to support const-preserving to the GNU interfaces as
> well. Are you preparing a patch?
Yup, I will. Thanks!
Have a lovely day!
Alex
P.S.: Adhemerval, would you mind having a look at my other recent patch
set? It was 'Add [v]aprintf(3)'. The message-ID was:
Message-ID: <cover.1776882798.git.alx@kernel.org>
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox