Unverified Commit 50492f94 authored by Mickaël Salaün's avatar Mickaël Salaün
Browse files

landlock: Fix documentation for landlock_create_ruleset(2) 

Move and fix the flags documentation, and improve formatting.

It makes more sense and it eases maintenance to document syscall flags
in landlock.h, where they are defined.  This is already the case for
landlock_restrict_self(2)'s flags.

The flags are now rendered like the syscall's parameters and
description.

Cc: Günther Noack <gnoack@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Link: https://lore.kernel.org/r/20250416154716.1799902-1-mic@digikod.net


Signed-off-by: default avatarMickaël Salaün <mic@digikod.net>
parent 6b456640

include/uapi/linux/landlock.h

+9 −5
Original line number Diff line number Diff line
@@ -53,12 +53,16 @@ struct landlock_ruleset_attr { 
	__u64 scoped;

};



/*

 * sys_landlock_create_ruleset() flags:

/**

 * DOC: landlock_create_ruleset_flags

 *

 * **Flags**

 *

 * %LANDLOCK_CREATE_RULESET_VERSION

 *     Get the highest supported Landlock ABI version (starting at 1).

 *

 * - %LANDLOCK_CREATE_RULESET_VERSION: Get the highest supported Landlock ABI

 *   version.

 * - %LANDLOCK_CREATE_RULESET_ERRATA: Get a bitmask of fixed issues.

 * %LANDLOCK_CREATE_RULESET_ERRATA

 *     Get a bitmask of fixed issues for the current Landlock ABI version.

 */

/* clang-format off */

#define LANDLOCK_CREATE_RULESET_VERSION			(1U << 0)

security/landlock/syscalls.c

+7 −8
Original line number Diff line number Diff line
@@ -169,20 +169,16 @@ const int landlock_abi_version = 7; 
 *        the new ruleset.

 * @size: Size of the pointed &struct landlock_ruleset_attr (needed for

 *        backward and forward compatibility).

 * @flags: Supported value:

 * @flags: Supported values:

 *

 *         - %LANDLOCK_CREATE_RULESET_VERSION

 *         - %LANDLOCK_CREATE_RULESET_ERRATA

 *

 * This system call enables to create a new Landlock ruleset, and returns the

 * related file descriptor on success.

 *

 * If @flags is %LANDLOCK_CREATE_RULESET_VERSION and @attr is NULL and @size is

 * 0, then the returned value is the highest supported Landlock ABI version

 * (starting at 1).

 *

 * If @flags is %LANDLOCK_CREATE_RULESET_ERRATA and @attr is NULL and @size is

 * 0, then the returned value is a bitmask of fixed issues for the current

 * Landlock ABI version.

 * If %LANDLOCK_CREATE_RULESET_VERSION or %LANDLOCK_CREATE_RULESET_ERRATA is

 * set, then @attr must be NULL and @size must be 0.

 *

 * Possible returned errors are:

 *
@@ -191,6 +187,9 @@ const int landlock_abi_version = 7; 
 * - %E2BIG: @attr or @size inconsistencies;

 * - %EFAULT: @attr or @size inconsistencies;

 * - %ENOMSG: empty &landlock_ruleset_attr.handled_access_fs.

 *

 * .. kernel-doc:: include/uapi/linux/landlock.h

 *     :identifiers: landlock_create_ruleset_flags

 */

SYSCALL_DEFINE3(landlock_create_ruleset,

		const struct landlock_ruleset_attr __user *const, attr,