From: "Günther Noack" <gnoack@google.com>
To: "Mickaël Salaün" <mic@digikod.net>,
"Tahera Fahimi" <fahimitahera@gmail.com>,
"Alejandro Colomar" <alx@kernel.org>
Cc: "Günther Noack" <gnoack@google.com>,
"Tanya Agarwal" <tanyaagarwal25699@gmail.com>,
linux-security-module@vger.kernel.org,
"Daniel Burgener" <dburgener@linux.microsoft.com>
Subject: [PATCH v2 0/1] landlock: Clarify IPC scoping documentation
Date: Wed, 26 Feb 2025 22:18:14 +0100 [thread overview]
Message-ID: <20250226211814.31420-2-gnoack@google.com> (raw)
Hello!
Thank you for your feedback, here is the second version.
Changes in V2:
* As Mickaël already applied the first commit ("Minor typo and grammar fixes in
IPC scoping documentation"), this one is left out here.
* Applied remarks by Daniel Burgener, Alejandro Colomar and Mickaël Salaün
* Replaced reference to send(2) with sendto(2), which is slightly more
appropriate in that place.
For your convenience, the range-diff at the bottom shows the diff between the
two patch sets (checkpatch.pl complains about it, but it's just in the cover
letter).
—Günther
Günther Noack (1):
landlock: Clarify IPC scoping documentation
Documentation/userspace-api/landlock.rst | 45 ++++++++++++------------
1 file changed, 22 insertions(+), 23 deletions(-)
Range-diff against v1:
1: 7df39814a3a6 < -: ------------ landlock: Minor typo and grammar fixes in IPC scoping documentation
2: c86636efac8d ! 1: d288be2c7b94 landlock: Clarify IPC scoping documentation
@@ Commit message
* The *IPC Scope* of a Landlock domain is that Landlock domain and its
nested domains.
- * An *operation* (e.g., signaling, connecting to abstract UDS) is said
- *to be scoped within a domain* when the flag for that operation was
- *set at ruleset creation time. This means that for the purpose of
- *this operation, only processes within the domain's IPC scope are
- *reachable.
+ * An *operation* (e.g., signaling, connecting to abstract UDS) is said to
+ be *scoped within a domain* when the flag for that operation was set at
+ ruleset creation time. This means that for the purpose of this
+ operation, only processes within the domain's IPC scope are reachable.
- Cc: Mickaël Salaün <mic@digikod.net>
- Cc: Tahera Fahimi <fahimitahera@gmail.com>
- Cc: Tanya Agarwal <tanyaagarwal25699@gmail.com>
Signed-off-by: Günther Noack <gnoack@google.com>
## Documentation/userspace-api/landlock.rst ##
@@ Documentation/userspace-api/landlock.rst: IPC scoping
-scenario, a non-connected datagram socket cannot send data (with
-:manpage:`sendto(2)`) outside its scope.
+``LANDLOCK_SCOPE_SIGNAL``
-+ When set, this limits the sending of signals to target processes which run
-+ within the same or a nested Landlock domain.
++ This limits the sending of signals to target processes which run within the
++ same or a nested Landlock domain.
-A process with a scoped domain can inherit a socket created by a non-scoped
-process. The process cannot connect to this socket since it has a scoped
-domain.
+``LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET``
-+ When set, this limits the set of abstract :manpage:`unix(7)` sockets we can
-+ :manpage:`connect(2)` to to socket addresses which were created by a process
-+ in the same or a nested Landlock domain.
++ This limits the set of abstract :manpage:`unix(7)` sockets to which we can
++ :manpage:`connect(2)` to socket addresses which were created by a process in
++ the same or a nested Landlock domain.
-IPC scoping does not support exceptions, so if a domain is scoped, no rules can
-be added to allow access to resources or processes outside of the scope.
-+ A :manpage:`send(2)` on a non-connected datagram socket is treated like an
-+ implicit :manpage:`connect(2)` and will be blocked when the remote end does
-+ not stem from the same or a nested Landlock domain.
++ A :manpage:`sendto(2)` on a non-connected datagram socket is treated as if
++ it were doing an implicit :manpage:`connect(2)` and will be blocked if the
++ remote end does not stem from the same or a nested Landlock domain.
+
-+ A :manpage:`send(2)` on a socket which was previously connected will work.
-+ This works for both datagram and stream sockets.
++ A :manpage:`sendto(2)` on a socket which was previously connected will not
++ be restricted. This works for both datagram and stream sockets.
+
+IPC scoping does not support exceptions via :manpage:`landlock_add_rule(2)`.
+If an operation is scoped within a domain, no rules can be added to allow access
--
2.48.1.711.g2feabab25a-goog
next reply other threads:[~2025-02-26 21:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-26 21:18 Günther Noack [this message]
2025-02-26 21:18 ` [PATCH v2 1/1] landlock: Clarify IPC scoping documentation Günther Noack
2025-02-26 21:29 ` [PATCH v2 1/3] landlock.7: Update description of Landlock rules Günther Noack
2025-02-26 21:40 ` Günther Noack
2025-02-28 21:31 ` Alejandro Colomar
2025-03-03 15:16 ` Günther Noack
2025-02-26 21:29 ` [PATCH v2 2/3] landlock.7: Move over documentation for ABI version 6 Günther Noack
2025-02-28 21:23 ` Alejandro Colomar
2025-03-03 16:24 ` Günther Noack
2025-03-03 18:30 ` Alejandro Colomar
2025-02-26 21:29 ` [PATCH v2 3/3] landlock.7: Clarify IPC scoping documentation in line with kernel side Günther Noack
2025-02-28 21:37 ` Alejandro Colomar
2025-03-03 16:36 ` Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250226211814.31420-2-gnoack@google.com \
--to=gnoack@google.com \
--cc=alx@kernel.org \
--cc=dburgener@linux.microsoft.com \
--cc=fahimitahera@gmail.com \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=tanyaagarwal25699@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).