From: Alejandro Colomar <alx@kernel.org>
To: "Günther Noack" <gnoack3000@gmail.com>
Cc: "Mickaël Salaün" <mic@digikod.net>, linux-man@vger.kernel.org
Subject: Re: [PATCH 2/4] man/man[27]/{landlock_create_ruleset.2,landlock.7}: Document LANDLOCK_CREATE_RULESET_ERRATA
Date: Sun, 19 Apr 2026 22:11:55 +0200 [thread overview]
Message-ID: <aeU009YvtkZvFyeJ@devuan> (raw)
In-Reply-To: <20260413193446.24328-4-gnoack3000@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 3140 bytes --]
Hi Günther,
On 2026-04-13T21:34:46+0200, Günther Noack wrote:
> Document the LANDLOCK_CREATE_RULESET_ERRATA flag, which returns a
> bitmask of fixed issues for the current Landlock ABI version.
>
> This mechanism was introduced in Linux 6.15, but backported to all
> older kernel releases where these errata fixes were backported to.
> On official Linux kernel releases, if landlock_create_ruleset() with
> LANDLOCK_CREATE_RULESET_ERRATA returns an error, this is equivalent to
> the case where none of the known errata have been fixed.
>
> Signed-off-by: Günther Noack <gnoack3000@gmail.com>
> ---
> man/man2/landlock_create_ruleset.2 | 25 ++++++++++++++++++++++++-
> 1 file changed, 24 insertions(+), 1 deletion(-)
>
> diff --git a/man/man2/landlock_create_ruleset.2 b/man/man2/landlock_create_ruleset.2
> index 7bca831cbd65..90d0341d2682 100644
> --- a/man/man2/landlock_create_ruleset.2
> +++ b/man/man2/landlock_create_ruleset.2
> @@ -129,11 +129,34 @@ version.
> Unless noted otherwise,
> all features documented in these man pages are available with the
> version 1.
> +.TP
> +.B LANDLOCK_CREATE_RULESET_ERRATA
> +If
> +.I attr
> +is NULL and
> +.I size
> +is 0,
You don't say what happens otherwise. Is it an error? If so, you
should say so; or rather, specify that they must be NULL and 0, instead
of having a condition.
> then the returned value is a bitmask of fixed issues
> +for the current Landlock ABI version.
> +If bit N is set (i.e.,
> +.IR "errata & (1 << (N - 1))" ),
> +then erratum N has been fixed in the running kernel.
Are those bits documented anywhere?
> +.IP
> +In addition to ABI versions, Landlock's errata mechanism tracks fixes
Please use semantic newlines.
> +for issues that may affect backwards compatibility
> +or require userspace awareness.
I'd reflow the above as:
In addition to ABI versions,
Landlock's errata mechanism
tracks fixes for issues that
may affect backwards compatibility
or require user-space awareness.
> +.IP
> +Only check errata if your application specifically relies on behavior
> +that changed due to the fix.
> +The fixes generally make Landlock less restrictive or more correct,
> +not more restrictive.
This sentence seems inconsistent. Is more correct the same as less
restrictive? Otherwise, more correct could imply more restrictive in
some cases. If more correct *always* means less restrictive, it should
be parenthesized. If it doesn't, then I'm not convinced by the
sentence.
> +.IP
> +This flag is available on Linux versions where errata were fixed.
Is it possible that future Linux versions don't have any errata that
were fixed? If so, does this mean that it won't be available then?
Have a lovely night!
Alex
> .SH RETURN VALUE
> On success,
> .BR landlock_create_ruleset ()
> returns a new Landlock ruleset file descriptor,
> -or a Landlock ABI version,
> +a Landlock ABI version,
> +or a Landlock errata bitmask,
> according to
> .IR flags .
> On error,
> --
> 2.53.0
>
>
--
<https://www.alejandro-colomar.es>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2026-04-19 20:11 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-13 19:34 [PATCH 1/4] man/man2/landlock_create_ruleset.2: Clarify default Landlock ABI Günther Noack
2026-04-13 19:34 ` [PATCH 2/4] man/man[27]/{landlock_create_ruleset.2,landlock.7}: Document LANDLOCK_CREATE_RULESET_ERRATA Günther Noack
2026-04-19 20:11 ` Alejandro Colomar [this message]
2026-04-20 22:25 ` Günther Noack
2026-04-13 19:34 ` [PATCH 3/4] man/man[27]/{landlock_restrict_self.2,landlock.7}: Document LANDLOCK_RESTRICT_SELF_TSYNC (ABI v8) Günther Noack
2026-04-13 19:34 ` [PATCH 4/4] man/man2/landlock_restrict_self.2: Document ABI requirement for logging flags Günther Noack
2026-04-19 20:02 ` [PATCH 1/4] man/man2/landlock_create_ruleset.2: Clarify default Landlock ABI Alejandro Colomar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aeU009YvtkZvFyeJ@devuan \
--to=alx@kernel.org \
--cc=gnoack3000@gmail.com \
--cc=linux-man@vger.kernel.org \
--cc=mic@digikod.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox