From: "Günther Noack" <gnoack@google.com>
To: "Konstantin Meskhidze (A)" <konstantin.meskhidze@huawei.com>
Cc: "Alejandro Colomar" <alx@kernel.org>,
"Mickaël Salaün" <mic@digikod.net>,
linux-man@vger.kernel.org, "Artem Kuzin" <artem.kuzin@huawei.com>,
yusongping <yusongping@huawei.com>
Subject: Re: [PATCH v3 1/2] landlock.7, landlock_*.2: Document Landlock ABI version 4
Date: Thu, 8 Aug 2024 11:28:48 +0200 [thread overview]
Message-ID: <ZrSP0NU2MQz0kCGl@google.com> (raw)
In-Reply-To: <b684e2c4-ccb5-4402-ad2d-0eb99db1b57b@huawei.com>
Hello Konstantin!
On Tue, Aug 06, 2024 at 01:34:01PM +0300, Konstantin Meskhidze (A) wrote:
> 8/6/2024 1:19 PM, Alejandro Colomar пишет:
> > On Tue, Aug 06, 2024 at 11:38:57AM GMT, Konstantin Meskhidze (A) wrote:
> > > 7/23/2024 1:19 PM, Günther Noack пишет:
> > > > Landlock ABI 4 restricts bind(2) and connect(2) on TCP port numbers.
> > > > > The intent is to bring the man pages mostly in line with the
> > > kernel
> > > > documentation again. I intentionally did not add networking support to the
> > > > usage example in landlock.7 - I feel that in the long run, we would be better
> > > > advised to maintain longer example code in the kernel samples.
> > > > > Closes: <https://github.com/landlock-lsm/linux/issues/32>
> > > > Cc: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
> > > > Reviewed-by: Mickaël Salaün <mic@digikod.net>
> > > > Signed-off-by: Günther Noack <gnoack@google.com>
> > > > @@ -439,9 +455,10 @@ and only use the available subset of access rights:
> > > > * numbers hardcoded to keep the example short.
> > > > */
> > > > __u64 landlock_fs_access_rights[] = {
> > > > - (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, /* v1 */
> > > > - (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, /* v2: add "refer" */
> > > > - (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v3: add "truncate" */
> > > > + (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1, /* v1 */
> > > > + (LANDLOCK_ACCESS_FS_REFER << 1) \- 1, /* v2: add "refer" */
> > > > + (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v3: add "truncate" */
> > > > + (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1, /* v4: TCP support */ Double "LANDLOCK_ACCESS_FS_TRUNCATE << 1", I think its a mistype here.
> Double "LANDLOCK_ACCESS_FS_TRUNCATE << 1", I think its a mistype here or
> its ok??
No, this is intentionally the same as on the previous line.
This table is part of the example code in the landlock(7) man page. As I
mentioned in the commit message, the example code is (intentionally) still only
using Landlock's file system features, not the network access rights.
The table lists the file system(!) access rights which are available at
different Landlock ABI versions, but those did not change between v3 and v4.
—Günther
next prev parent reply other threads:[~2024-08-08 9:28 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-23 10:19 [PATCH v3 0/2] landlock*: Bring documentation up to date Günther Noack
2024-07-23 10:19 ` [PATCH v3 1/2] landlock.7, landlock_*.2: Document Landlock ABI version 4 Günther Noack
2024-07-23 13:03 ` Alejandro Colomar
2024-07-24 14:19 ` Günther Noack
2024-07-24 14:31 ` Alejandro Colomar
2024-07-24 14:51 ` Günther Noack
2024-07-24 14:54 ` Alejandro Colomar
2024-07-31 9:43 ` Günther Noack
2024-07-31 9:51 ` Alejandro Colomar
2024-08-06 8:38 ` Konstantin Meskhidze (A)
2024-08-06 10:19 ` Alejandro Colomar
2024-08-06 10:34 ` Konstantin Meskhidze (A)
2024-08-08 9:28 ` Günther Noack [this message]
2024-08-21 15:30 ` Konstantin Meskhidze (A)
2024-08-21 16:37 ` Günther Noack
2024-08-22 8:46 ` Konstantin Meskhidze (A)
2024-08-21 21:54 ` Alejandro Colomar
2024-08-22 8:47 ` Konstantin Meskhidze (A)
2024-07-23 10:19 ` [PATCH v3 2/2] landlock.7: Document Landlock ABI version 5 (IOCTL) Günther Noack
2024-07-31 10:58 ` Alejandro Colomar
2024-07-31 11:40 ` Günther Noack
2024-07-31 11:58 ` Alejandro Colomar
2024-08-07 12:09 ` Konstantin Meskhidze (A)
2024-08-08 10:09 ` Günther Noack
2024-08-16 12:37 ` Alejandro Colomar
2024-08-21 13:26 ` Konstantin Meskhidze (A)
2024-08-21 14:06 ` Alejandro Colomar
2024-08-21 15:24 ` Konstantin Meskhidze (A)
2024-08-21 13:30 ` Konstantin Meskhidze (A)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZrSP0NU2MQz0kCGl@google.com \
--to=gnoack@google.com \
--cc=alx@kernel.org \
--cc=artem.kuzin@huawei.com \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-man@vger.kernel.org \
--cc=mic@digikod.net \
--cc=yusongping@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox