[PATCH man v3 1/2] landlock.7: Copy introductory description of Landlock rules

[Günther Noack]

Copy over the existing wording from kernel documentation, as it was introduced
in Linux commit 51442e8d64bc ("landlock: Document network support").  Landlock
rules are not only about the filesystem any more and the new wording is more
appropriate.

Signed-off-by: Günther Noack <gnoack at google.com>
---
 man/man7/landlock.7 | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
index c6b7272ea..7b7a797ad 100644
--- a/man/man7/landlock.7
+++ b/man/man7/landlock.7
@@ -39,13 +39,23 @@ the running kernel must support Landlock and
 it must be enabled at boot time.
 .\"
 .SS Landlock rules
-A Landlock rule describes an action on an object.
-An object is currently a file hierarchy,
-and the related filesystem actions are defined with access rights (see
-.BR landlock_add_rule (2)).
+A Landlock rule describes an action on an object
+which the process intends to perform.
 A set of rules is aggregated in a ruleset,
 which can then restrict the thread enforcing it,
 and its future children.
+.P
+The two existing types of rules are:
+.TP
+.B Filesystem rules
+For these rules, the object is a file hierarchy,
+and the related filesystem actions are defined with
+.IR "filesystem access rights" .
+.TP
+.BR "Network rules" " (since ABI v4)"
+For these rules, the object is a TCP port,
+and the related actions are defined with
+.IR "network access rights" .
 .\"
 .SS Filesystem actions
 These flags enable to restrict a sandboxed process to a
-- 
2.48.1.711.g2feabab25a-goog