diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-07-20 11:41:52 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-07-20 11:41:52 -0700 |
| commit | 9fa23750c6e591a6e095057ec07c81dddec0d72c (patch) | |
| tree | 5224d89c0e8a4f5f8b0d6c9eae78d075134db75c /security/landlock/syscalls.c | |
| parent | 8326f5e1a47b1a657524678cb62b264a84fbea7e (diff) | |
| parent | f4b89d8ce5a835afa51404977ee7e3889c2b9722 (diff) | |
Merge tag 'landlock-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux
Pull landlock updates from Mickaël Salaün:
"This simplifies code and improves documentation"
* tag 'landlock-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
landlock: Various documentation improvements
landlock: Clarify documentation for struct landlock_ruleset_attr
landlock: Use bit-fields for storing handled layer access masks
Diffstat (limited to 'security/landlock/syscalls.c')
| -rw-r--r-- | security/landlock/syscalls.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c index 03b470f5a85a..ccc8bc6c1584 100644 --- a/security/landlock/syscalls.c +++ b/security/landlock/syscalls.c @@ -378,8 +378,7 @@ static int add_rule_net_port(struct landlock_ruleset *ruleset, * with the new rule. * @rule_type: Identify the structure type pointed to by @rule_attr: * %LANDLOCK_RULE_PATH_BENEATH or %LANDLOCK_RULE_NET_PORT. - * @rule_attr: Pointer to a rule (only of type &struct - * landlock_path_beneath_attr for now). + * @rule_attr: Pointer to a rule (matching the @rule_type). * @flags: Must be 0. * * This system call enables to define a new rule and add it to an existing @@ -390,18 +389,20 @@ static int add_rule_net_port(struct landlock_ruleset *ruleset, * - %EOPNOTSUPP: Landlock is supported by the kernel but disabled at boot time; * - %EAFNOSUPPORT: @rule_type is %LANDLOCK_RULE_NET_PORT but TCP/IP is not * supported by the running kernel; - * - %EINVAL: @flags is not 0, or inconsistent access in the rule (i.e. + * - %EINVAL: @flags is not 0; + * - %EINVAL: The rule accesses are inconsistent (i.e. * &landlock_path_beneath_attr.allowed_access or - * &landlock_net_port_attr.allowed_access is not a subset of the - * ruleset handled accesses), or &landlock_net_port_attr.port is - * greater than 65535; - * - %ENOMSG: Empty accesses (e.g. &landlock_path_beneath_attr.allowed_access); + * &landlock_net_port_attr.allowed_access is not a subset of the ruleset + * handled accesses) + * - %EINVAL: &landlock_net_port_attr.port is greater than 65535; + * - %ENOMSG: Empty accesses (e.g. &landlock_path_beneath_attr.allowed_access is + * 0); * - %EBADF: @ruleset_fd is not a file descriptor for the current thread, or a * member of @rule_attr is not a file descriptor as expected; * - %EBADFD: @ruleset_fd is not a ruleset file descriptor, or a member of * @rule_attr is not the expected file descriptor type; * - %EPERM: @ruleset_fd has no write access to the underlying ruleset; - * - %EFAULT: @rule_attr inconsistency. + * - %EFAULT: @rule_attr was not a valid address. */ SYSCALL_DEFINE4(landlock_add_rule, const int, ruleset_fd, const enum landlock_rule_type, rule_type, |