[PATCH v1 2/3] landlock: Slightly improve documentation and fix spelling

Günther Noack gnoack3000 at gmail.com
Fri Sep 23 21:03:18 UTC 2022 

Reviewed-by: Günther Noack <gnoack3000 at gmail.com>

On Fri, Sep 23, 2022 at 05:42:06PM +0200, Mickaël Salaün wrote:
> Now that we have more than one ABI version, make limitation explanation
> more consistent by replacing "ABI 1" with "ABI < 2".  This also
> indicates which ABIs support such past limitation.
> 
> Improve documentation consistency by not using contractions.
> 
> Fix spelling in fs.c .
> 
> Cc: Günther Noack <gnoack3000 at gmail.com>
> Cc: Paul Moore <paul at paul-moore.com>
> Signed-off-by: Mickaël Salaün <mic at digikod.net>
> Link: https://lore.kernel.org/r/20220923154207.3311629-3-mic@digikod.net
> ---
>  Documentation/security/landlock.rst      |  4 ++--
>  Documentation/userspace-api/landlock.rst | 10 +++++-----
>  security/landlock/fs.c                   |  2 +-
>  3 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/Documentation/security/landlock.rst b/Documentation/security/landlock.rst
> index 5c77730b4479..cc9617f3175b 100644
> --- a/Documentation/security/landlock.rst
> +++ b/Documentation/security/landlock.rst
> @@ -7,7 +7,7 @@ Landlock LSM: kernel documentation
>  ==================================
>  
>  :Author: Mickaël Salaün
> -:Date: May 2022
> +:Date: September 2022
>  
>  Landlock's goal is to create scoped access-control (i.e. sandboxing).  To
>  harden a whole system, this feature should be available to any process,
> @@ -49,7 +49,7 @@ Filesystem access rights
>  ------------------------
>  
>  All access rights are tied to an inode and what can be accessed through it.
> -Reading the content of a directory doesn't imply to be allowed to read the
> +Reading the content of a directory does not imply to be allowed to read the
>  content of a listed inode.  Indeed, a file name is local to its parent
>  directory, and an inode can be referenced by multiple file names thanks to
>  (hard) links.  Being able to unlink a file only has a direct impact on the
> diff --git a/Documentation/userspace-api/landlock.rst b/Documentation/userspace-api/landlock.rst
> index b8ea59493964..83bae71bf042 100644
> --- a/Documentation/userspace-api/landlock.rst
> +++ b/Documentation/userspace-api/landlock.rst
> @@ -8,7 +8,7 @@ Landlock: unprivileged access control
>  =====================================
>  
>  :Author: Mickaël Salaün
> -:Date: May 2022
> +:Date: September 2022
>  
>  The goal of Landlock is to enable to restrict ambient rights (e.g. global
>  filesystem access) for a set of processes.  Because Landlock is a stackable
> @@ -170,7 +170,7 @@ It is recommended setting access rights to file hierarchy leaves as much as
>  possible.  For instance, it is better to be able to have ``~/doc/`` as a
>  read-only hierarchy and ``~/tmp/`` as a read-write hierarchy, compared to
>  ``~/`` as a read-only hierarchy and ``~/tmp/`` as a read-write hierarchy.
> -Following this good practice leads to self-sufficient hierarchies that don't
> +Following this good practice leads to self-sufficient hierarchies that do not
>  depend on their location (i.e. parent directories).  This is particularly
>  relevant when we want to allow linking or renaming.  Indeed, having consistent
>  access rights per directory enables to change the location of such directory
> @@ -380,8 +380,8 @@ by the Documentation/admin-guide/cgroup-v1/memory.rst.
>  Previous limitations
>  ====================
>  
> -File renaming and linking (ABI 1)
> ----------------------------------
> +File renaming and linking (ABI < 2)
> +-----------------------------------
>  
>  Because Landlock targets unprivileged access controls, it needs to properly
>  handle composition of rules.  Such property also implies rules nesting.
> @@ -410,7 +410,7 @@ contains `CONFIG_LSM=landlock,[...]` with `[...]`  as the list of other
>  potentially useful security modules for the running system (see the
>  `CONFIG_LSM` help).
>  
> -If the running kernel doesn't have `landlock` in `CONFIG_LSM`, then we can
> +If the running kernel does not have `landlock` in `CONFIG_LSM`, then we can
>  still enable it by adding ``lsm=landlock,[...]`` to
>  Documentation/admin-guide/kernel-parameters.rst thanks to the bootloader
>  configuration.
> diff --git a/security/landlock/fs.c b/security/landlock/fs.c
> index a9dbd99d9ee7..64ed7665455f 100644
> --- a/security/landlock/fs.c
> +++ b/security/landlock/fs.c
> @@ -712,7 +712,7 @@ static inline access_mask_t maybe_remove(const struct dentry *const dentry)
>   * allowed accesses in @layer_masks_dom.
>   *
>   * This is similar to check_access_path_dual() but much simpler because it only
> - * handles walking on the same mount point and only check one set of accesses.
> + * handles walking on the same mount point and only checks one set of accesses.
>   *
>   * Returns:
>   * - true if all the domain access rights are allowed for @dir;
> -- 
> 2.37.2
> 

--

More information about the Linux-security-module-archive mailing list