From: Alyssa Ross <hi@alyssa.is>
To: "Günther Noack" <gnoack3000@gmail.com>,
"Mickaël Salaün" <mic@digikod.net>,
"John Johansen" <john.johansen@canonical.com>
Cc: "Günther Noack" <gnoack3000@gmail.com>,
linux-security-module@vger.kernel.org,
"Tingmao Wang" <m@maowtm.org>,
"Justin Suess" <utilityemal77@gmail.com>,
"Samasth Norway Ananda" <samasth.norway.ananda@oracle.com>,
"Matthieu Buffet" <matthieu@buffet.re>,
"Mikhail Ivanov" <ivanov.mikhail1@huawei-partners.com>,
konstantin.meskhidze@huawei.com,
"Demi Marie Obenour" <demiobenour@gmail.com>,
"Jann Horn" <jannh@google.com>,
"Tahera Fahimi" <fahimitahera@gmail.com>
Subject: Re: [PATCH v5 9/9] landlock: Document design rationale for scoped access rights
Date: Sun, 15 Feb 2026 19:09:27 +0100 [thread overview]
Message-ID: <87fr71ube0.fsf@alyssa.is> (raw)
In-Reply-To: <20260215105158.28132-10-gnoack3000@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 550 bytes --]
Günther Noack <gnoack3000@gmail.com> writes:
> Document the (possible future) interaction between scoped flags and
> other access rights in struct landlock_ruleset_attr, and summarize the
> rationale, as discussed in code review leading up to [1].
>
> Link[1]: https://lore.kernel.org/all/20260205.8531e4005118@gnoack.org/
> Signed-off-by: Günther Noack <gnoack3000@gmail.com>
> ---
> Documentation/security/landlock.rst | 38 +++++++++++++++++++++++++++++
> 1 file changed, 38 insertions(+)
Reviewed-by: Alyssa Ross <hi@alyssa.is>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
prev parent reply other threads:[~2026-02-15 19:16 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-15 10:51 [PATCH v5 0/9] landlock: UNIX connect() control by pathname and scope Günther Noack
2026-02-15 10:51 ` [PATCH v5 1/9] lsm: Add LSM hook security_unix_find Günther Noack
2026-02-18 9:36 ` Mickaël Salaün
2026-02-19 13:26 ` Justin Suess
2026-02-19 20:04 ` [PATCH v6] " Justin Suess
2026-02-19 20:26 ` Günther Noack
2026-03-10 22:39 ` Paul Moore
2026-03-11 12:34 ` Justin Suess
2026-03-11 16:08 ` Paul Moore
2026-03-12 11:57 ` Günther Noack
2026-02-20 15:49 ` Günther Noack
2026-02-21 13:22 ` Justin Suess
2026-02-23 16:09 ` Mickaël Salaün
2026-02-15 10:51 ` [PATCH v5 2/9] landlock: Control pathname UNIX domain socket resolution by path Günther Noack
2026-02-18 9:37 ` Mickaël Salaün
2026-02-19 9:45 ` Mickaël Salaün
2026-02-19 13:59 ` Günther Noack
2026-03-08 9:09 ` Mickaël Salaün
2026-03-08 11:50 ` Mickaël Salaün
2026-03-14 23:15 ` Günther Noack
2026-03-17 21:14 ` Mickaël Salaün
2026-02-20 14:33 ` Günther Noack
2026-03-08 9:18 ` Mickaël Salaün
2026-03-10 15:19 ` Sebastian Andrzej Siewior
2026-03-11 4:46 ` Kuniyuki Iwashima
2026-03-08 9:09 ` Mickaël Salaün
2026-03-15 20:58 ` Günther Noack
2026-02-15 10:51 ` [PATCH v5 3/9] samples/landlock: Add support for named UNIX domain socket restrictions Günther Noack
2026-02-18 9:37 ` Mickaël Salaün
2026-02-20 16:08 ` Günther Noack
2026-02-15 10:51 ` [PATCH v5 4/9] landlock/selftests: Test LANDLOCK_ACCESS_FS_RESOLVE_UNIX Günther Noack
2026-02-18 19:11 ` Mickaël Salaün
2026-02-20 16:27 ` Günther Noack
2026-02-20 17:04 ` Günther Noack
2026-02-15 10:51 ` [PATCH v5 5/9] landlock/selftests: Audit test for LANDLOCK_ACCESS_FS_RESOLVE_UNIX Günther Noack
2026-02-15 10:51 ` [PATCH v5 6/9] landlock/selftests: Check that coredump sockets stay unrestricted Günther Noack
2026-02-18 20:05 ` Mickaël Salaün
2026-02-15 10:51 ` [PATCH v5 7/9] landlock/selftests: fs_test: Simplify ruleset creation and enforcement Günther Noack
2026-02-15 10:51 ` [PATCH v5 8/9] landlock: Document FS access right for pathname UNIX sockets Günther Noack
2026-02-18 9:39 ` Mickaël Salaün
2026-03-14 21:16 ` Günther Noack
2026-02-15 10:51 ` [PATCH v5 9/9] landlock: Document design rationale for scoped access rights Günther Noack
2026-02-15 18:09 ` Alyssa Ross [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fr71ube0.fsf@alyssa.is \
--to=hi@alyssa.is \
--cc=demiobenour@gmail.com \
--cc=fahimitahera@gmail.com \
--cc=gnoack3000@gmail.com \
--cc=ivanov.mikhail1@huawei-partners.com \
--cc=jannh@google.com \
--cc=john.johansen@canonical.com \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-security-module@vger.kernel.org \
--cc=m@maowtm.org \
--cc=matthieu@buffet.re \
--cc=mic@digikod.net \
--cc=samasth.norway.ananda@oracle.com \
--cc=utilityemal77@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox