linux-man.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/4] landlock.7: Code example improvements
@ 2023-04-19 18:54 Günther Noack
  2023-04-19 18:54 ` [PATCH 1/4] landlock.7: Check syscall result with == -1 instead of <= 0 Günther Noack
                   ` (4 more replies)
  0 siblings, 5 replies; 7+ messages in thread
From: Günther Noack @ 2023-04-19 18:54 UTC (permalink / raw)
  To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack

Various improvements as pointed out by Mickaël Salaün in
https://lore.kernel.org/linux-man/5d90e3b0-1577-7efd-03b8-f94b6e50fbc1@digikod.net/

* Checking system call results differently, for consistency
* Use constants for the compatibility table
  (I'm not very attached to the other solution)
* Better wording for error message if Landlock unusable
* Return instead of exit() if Landlock unusable

Regarding the EOPNOTSUPP/ENOTSUP discussion, the consensus seems to be
that EOPNOTSUPP is preferable, because that is the only of the two
error codes that the kernel knows about.

Günther Noack (4):
  landlock.7: Check syscall result with == -1 instead of <= 0
  landlock.7: Use LANDLOCK_* constants for compatibility table
  landlock.7: wfix: Error message wording in code example
  landlock.7: Return instead of exit() if Landlock is unusable

 man7/landlock.7 | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)


base-commit: 6693a21cf73c502f2429b4ec07698130a2be9a93
-- 
2.40.0


^ permalink raw reply	[flat|nested] 7+ messages in thread
* [PATCH 1/4] landlock.7: Check syscall result with == -1 instead of <= 0
  2023-04-19 18:54 [PATCH 0/4] landlock.7: Code example improvements Günther Noack
@ 2023-04-19 18:54 ` Günther Noack
  2023-04-19 18:54 ` [PATCH 2/4] landlock.7: Use LANDLOCK_* constants for compatibility table Günther Noack
                   ` (3 subsequent siblings)
  4 siblings, 0 replies; 7+ messages in thread
From: Günther Noack @ 2023-04-19 18:54 UTC (permalink / raw)
  To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack

As pointed out by Mickaël Salaün in
https://lore.kernel.org/linux-man/5d90e3b0-1577-7efd-03b8-f94b6e50fbc1@digikod.net/

Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
 man7/landlock.7 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/man7/landlock.7 b/man7/landlock.7
index 16feef42c..fc4a95031 100644
--- a/man7/landlock.7
+++ b/man7/landlock.7
@@ -445,7 +445,7 @@ __u64 landlock_fs_access_rights[] = {
 
 int abi = landlock_create_ruleset(NULL, 0,
                                   LANDLOCK_CREATE_RULESET_VERSION);
-if (abi <= 0) {
+if (abi == \-1) {
     /*
      * Kernel too old, not compiled with Landlock,
      * or Landlock was not enabled at boot time.
-- 
2.40.0


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* [PATCH 2/4] landlock.7: Use LANDLOCK_* constants for compatibility table
  2023-04-19 18:54 [PATCH 0/4] landlock.7: Code example improvements Günther Noack
  2023-04-19 18:54 ` [PATCH 1/4] landlock.7: Check syscall result with == -1 instead of <= 0 Günther Noack
@ 2023-04-19 18:54 ` Günther Noack
  2023-04-19 18:54 ` [PATCH 3/4] landlock.7: wfix: Error message wording in code example Günther Noack
                   ` (2 subsequent siblings)
  4 siblings, 0 replies; 7+ messages in thread
From: Günther Noack @ 2023-04-19 18:54 UTC (permalink / raw)
  To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack

As discussed in
https://lore.kernel.org/linux-man/5d90e3b0-1577-7efd-03b8-f94b6e50fbc1@digikod.net/

Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
 man7/landlock.7 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/man7/landlock.7 b/man7/landlock.7
index fc4a95031..cb8a4f62e 100644
--- a/man7/landlock.7
+++ b/man7/landlock.7
@@ -438,9 +438,9 @@ and only use the available subset of access rights:
  * numbers hardcoded to keep the example short.
  */
 __u64 landlock_fs_access_rights[] = {
-    (1ULL << 13) \- 1,  /* ABI v1                 */
-    (1ULL << 14) \- 1,  /* ABI v2: add "refer"    */
-    (1ULL << 15) \- 1,  /* ABI v3: add "truncate" */
+    (LANDLOCK_ACCESS_FS_MAKE_SYM << 1) \- 1,  /* v1                 */
+    (LANDLOCK_ACCESS_FS_REFER    << 1) \- 1,  /* v2: add "refer"    */
+    (LANDLOCK_ACCESS_FS_TRUNCATE << 1) \- 1,  /* v3: add "truncate" */
 };
 
 int abi = landlock_create_ruleset(NULL, 0,
-- 
2.40.0


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* [PATCH 3/4] landlock.7: wfix: Error message wording in code example
  2023-04-19 18:54 [PATCH 0/4] landlock.7: Code example improvements Günther Noack
  2023-04-19 18:54 ` [PATCH 1/4] landlock.7: Check syscall result with == -1 instead of <= 0 Günther Noack
  2023-04-19 18:54 ` [PATCH 2/4] landlock.7: Use LANDLOCK_* constants for compatibility table Günther Noack
@ 2023-04-19 18:54 ` Günther Noack
  2023-04-19 18:54 ` [PATCH 4/4] landlock.7: Return instead of exit() if Landlock is unusable Günther Noack
  2023-04-19 20:37 ` [PATCH 0/4] landlock.7: Code example improvements Alejandro Colomar
  4 siblings, 0 replies; 7+ messages in thread
From: Günther Noack @ 2023-04-19 18:54 UTC (permalink / raw)
  To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack

As suggested by Mickaël Salaün in
https://lore.kernel.org/linux-man/5d90e3b0-1577-7efd-03b8-f94b6e50fbc1@digikod.net/

Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
 man7/landlock.7 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/man7/landlock.7 b/man7/landlock.7
index cb8a4f62e..7067c058c 100644
--- a/man7/landlock.7
+++ b/man7/landlock.7
@@ -450,7 +450,7 @@ if (abi == \-1) {
      * Kernel too old, not compiled with Landlock,
      * or Landlock was not enabled at boot time.
      */
-    perror("Giving up \- No Landlock support");
+    perror("Unable to use Landlock");
     exit(EXIT_FAILURE);
 }
 abi = MIN(abi, 3);
-- 
2.40.0


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* [PATCH 4/4] landlock.7: Return instead of exit() if Landlock is unusable
  2023-04-19 18:54 [PATCH 0/4] landlock.7: Code example improvements Günther Noack
                   ` (2 preceding siblings ...)
  2023-04-19 18:54 ` [PATCH 3/4] landlock.7: wfix: Error message wording in code example Günther Noack
@ 2023-04-19 18:54 ` Günther Noack
  2023-04-19 20:37 ` [PATCH 0/4] landlock.7: Code example improvements Alejandro Colomar
  4 siblings, 0 replies; 7+ messages in thread
From: Günther Noack @ 2023-04-19 18:54 UTC (permalink / raw)
  To: Alejandro Colomar, Mickaël Salaün; +Cc: linux-man, Günther Noack

When following a best effort approach,
we should not fail when Landlock is unusable,
but we should fall back to doing nothing.

As discussed in
https://lore.kernel.org/linux-man/5d90e3b0-1577-7efd-03b8-f94b6e50fbc1@digikod.net/

Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
 man7/landlock.7 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/man7/landlock.7 b/man7/landlock.7
index 7067c058c..b6c9d3821 100644
--- a/man7/landlock.7
+++ b/man7/landlock.7
@@ -451,7 +451,7 @@ if (abi == \-1) {
      * or Landlock was not enabled at boot time.
      */
     perror("Unable to use Landlock");
-    exit(EXIT_FAILURE);
+    return;  /* Graceful fallback: Do nothing. */
 }
 abi = MIN(abi, 3);
 
-- 
2.40.0


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [PATCH 0/4] landlock.7: Code example improvements
  2023-04-19 18:54 [PATCH 0/4] landlock.7: Code example improvements Günther Noack
                   ` (3 preceding siblings ...)
  2023-04-19 18:54 ` [PATCH 4/4] landlock.7: Return instead of exit() if Landlock is unusable Günther Noack
@ 2023-04-19 20:37 ` Alejandro Colomar
  2023-04-20 16:34   ` Mickaël Salaün
  4 siblings, 1 reply; 7+ messages in thread
From: Alejandro Colomar @ 2023-04-19 20:37 UTC (permalink / raw)
  To: Günther Noack, Mickaël Salaün; +Cc: linux-man


[-- Attachment #1.1: Type: text/plain, Size: 1321 bytes --]

Hi Günther!

On 4/19/23 20:54, Günther Noack wrote:
> Various improvements as pointed out by Mickaël Salaün in
> https://lore.kernel.org/linux-man/5d90e3b0-1577-7efd-03b8-f94b6e50fbc1@digikod.net/
> 
> * Checking system call results differently, for consistency
> * Use constants for the compatibility table
>   (I'm not very attached to the other solution)
> * Better wording for error message if Landlock unusable
> * Return instead of exit() if Landlock unusable
> 
> Regarding the EOPNOTSUPP/ENOTSUP discussion, the consensus seems to be
> that EOPNOTSUPP is preferable, because that is the only of the two
> error codes that the kernel knows about.
> 
> Günther Noack (4):
>   landlock.7: Check syscall result with == -1 instead of <= 0
>   landlock.7: Use LANDLOCK_* constants for compatibility table
>   landlock.7: wfix: Error message wording in code example
>   landlock.7: Return instead of exit() if Landlock is unusable

Thanks!  Patch set applied.  (I tweaked the commit messages a little
bit.)

Cheers,
Alex

> 
>  man7/landlock.7 | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> 
> base-commit: 6693a21cf73c502f2429b4ec07698130a2be9a93

-- 
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH 0/4] landlock.7: Code example improvements
  2023-04-19 20:37 ` [PATCH 0/4] landlock.7: Code example improvements Alejandro Colomar
@ 2023-04-20 16:34   ` Mickaël Salaün
  0 siblings, 0 replies; 7+ messages in thread
From: Mickaël Salaün @ 2023-04-20 16:34 UTC (permalink / raw)
  To: Alejandro Colomar, Günther Noack; +Cc: linux-man


On 19/04/2023 22:37, Alejandro Colomar wrote:
> Hi Günther!
> 
> On 4/19/23 20:54, Günther Noack wrote:
>> Various improvements as pointed out by Mickaël Salaün in
>> https://lore.kernel.org/linux-man/5d90e3b0-1577-7efd-03b8-f94b6e50fbc1@digikod.net/
>>
>> * Checking system call results differently, for consistency
>> * Use constants for the compatibility table
>>    (I'm not very attached to the other solution)
>> * Better wording for error message if Landlock unusable
>> * Return instead of exit() if Landlock unusable
>>
>> Regarding the EOPNOTSUPP/ENOTSUP discussion, the consensus seems to be
>> that EOPNOTSUPP is preferable, because that is the only of the two
>> error codes that the kernel knows about.
>>
>> Günther Noack (4):
>>    landlock.7: Check syscall result with == -1 instead of <= 0
>>    landlock.7: Use LANDLOCK_* constants for compatibility table
>>    landlock.7: wfix: Error message wording in code example
>>    landlock.7: Return instead of exit() if Landlock is unusable
> 
> Thanks!  Patch set applied.  (I tweaked the commit messages a little
> bit.)

Thanks Günther and Alex!

> 
> Cheers,
> Alex
> 
>>
>>   man7/landlock.7 | 12 ++++++------
>>   1 file changed, 6 insertions(+), 6 deletions(-)
>>
>>
>> base-commit: 6693a21cf73c502f2429b4ec07698130a2be9a93
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-04-20 16:35 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-04-19 18:54 [PATCH 0/4] landlock.7: Code example improvements Günther Noack
2023-04-19 18:54 ` [PATCH 1/4] landlock.7: Check syscall result with == -1 instead of <= 0 Günther Noack
2023-04-19 18:54 ` [PATCH 2/4] landlock.7: Use LANDLOCK_* constants for compatibility table Günther Noack
2023-04-19 18:54 ` [PATCH 3/4] landlock.7: wfix: Error message wording in code example Günther Noack
2023-04-19 18:54 ` [PATCH 4/4] landlock.7: Return instead of exit() if Landlock is unusable Günther Noack
2023-04-19 20:37 ` [PATCH 0/4] landlock.7: Code example improvements Alejandro Colomar
2023-04-20 16:34   ` Mickaël Salaün

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).