[PATCH v7 1/4] Landlock: Add abstract unix socket connect restriction
Günther Noack
gnoack at google.com
Fri Jul 26 06:50:58 UTC 2024
On Thu, Jul 25, 2024 at 04:18:29PM +0200, Mickaël Salaün wrote:
> On Wed, Jul 17, 2024 at 10:15:19PM -0600, Tahera Fahimi wrote:
> > diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
> > index 03b470f5a85a..799a50f11d79 100644
> > --- a/security/landlock/syscalls.c
> > +++ b/security/landlock/syscalls.c
> > /**
> > * sys_landlock_create_ruleset - Create a new ruleset
> > @@ -170,7 +171,7 @@ static const struct file_operations ruleset_fops = {
> > * Possible returned errors are:
> > *
> > * - %EOPNOTSUPP: Landlock is supported by the kernel but disabled at boot time;
> > - * - %EINVAL: unknown @flags, or unknown access, or too small @size;
> > + * - %EINVAL: unknown @flags, or unknown access, or uknown scope, or too small @size;
>
> You'll need to rebase on top of my next branch to take into account
> recent Günther's changes.
Actually, I have missed this particular line in my recent documentation changes,
but I agree, we should follow the advice from man-pages(7) consistently -- the
preferred style is to list the same error code multiple times, if there are
multiple possible conditions under which it can be returned.
(Please also fix the typo in "uknown".)
Thanks,
—Günther
More information about the Linux-security-module-archive
mailing list