diff options
author | Mickaël Salaün <mic@digikod.net> | 2022-09-23 17:42:06 +0200 |
---|---|---|
committer | Mickaël Salaün <mic@digikod.net> | 2022-09-29 18:43:03 +0200 |
commit | 16023b05f0832f5bc14e6e0d1e7be4d00e01e1bb (patch) | |
tree | 10303541aea37219351c59c1a7e1218b755472bb /Documentation/security | |
parent | samples/landlock: Print hints about ABI versions (diff) | |
download | linux-16023b05f0832f5bc14e6e0d1e7be4d00e01e1bb.tar.xz linux-16023b05f0832f5bc14e6e0d1e7be4d00e01e1bb.zip |
landlock: Slightly improve documentation and fix spelling
Now that we have more than one ABI version, make limitation explanation
more consistent by replacing "ABI 1" with "ABI < 2". This also
indicates which ABIs support such past limitation.
Improve documentation consistency by not using contractions.
Fix spelling in fs.c .
Cc: Paul Moore <paul@paul-moore.com>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Reviewed-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20220923154207.3311629-3-mic@digikod.net
Diffstat (limited to 'Documentation/security')
-rw-r--r-- | Documentation/security/landlock.rst | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Documentation/security/landlock.rst b/Documentation/security/landlock.rst index 5c77730b4479..cc9617f3175b 100644 --- a/Documentation/security/landlock.rst +++ b/Documentation/security/landlock.rst @@ -7,7 +7,7 @@ Landlock LSM: kernel documentation ================================== :Author: Mickaël Salaün -:Date: May 2022 +:Date: September 2022 Landlock's goal is to create scoped access-control (i.e. sandboxing). To harden a whole system, this feature should be available to any process, @@ -49,7 +49,7 @@ Filesystem access rights ------------------------ All access rights are tied to an inode and what can be accessed through it. -Reading the content of a directory doesn't imply to be allowed to read the +Reading the content of a directory does not imply to be allowed to read the content of a listed inode. Indeed, a file name is local to its parent directory, and an inode can be referenced by multiple file names thanks to (hard) links. Being able to unlink a file only has a direct impact on the |