tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

landlock: Document LANDLOCK_RESTRICT_SELF_TSYNC

Add documentation for LANDLOCK_RESTRICT_SELF_TSYNC. It does not need to go
into the main example, but it has a section in the ABI compatibility notes.
In the HTML rendering, the main reference is the system call documentation,
which is included from the landlock.h header file.

Cc: Andrew G. Morgan <morgan@kernel.org>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20251127115136.3064948-4-gnoack@google.com
[mic: Update date]
Signed-off-by: Mickaël Salaün <mic@digikod.net>

authored by

Günther Noack and committed by
Mickaël Salaün 39508405 50c058e3

+9 -1
+9 -1
Documentation/userspace-api/landlock.rst
··· 8 8 ===================================== 9 9 10 10 :Author: Mickaël Salaün 11 - :Date: March 2025 11 + :Date: November 2025 12 12 13 13 The goal of Landlock is to enable restriction of ambient rights (e.g. global 14 14 filesystem or network access) for a set of processes. Because Landlock ··· 603 603 ``LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF`` flags passed to 604 604 sys_landlock_restrict_self(). See Documentation/admin-guide/LSM/landlock.rst 605 605 for more details on audit. 606 + 607 + Thread synchronization (ABI < 8) 608 + -------------------------------- 609 + 610 + Starting with the Landlock ABI version 8, it is now possible to 611 + enforce Landlock rulesets across all threads of the calling process 612 + using the ``LANDLOCK_RESTRICT_SELF_TSYNC`` flag passed to 613 + sys_landlock_restrict_self(). 606 614 607 615 .. _kernel_support: 608 616