From 16023b05f0832f5bc14e6e0d1e7be4d00e01e1bb Mon Sep 17 00:00:00 2001 From: Mickaël Salaün Date: Fri, 23 Sep 2022 17:42:06 +0200 Subject: landlock: Slightly improve documentation and fix spelling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now that we have more than one ABI version, make limitation explanation more consistent by replacing "ABI 1" with "ABI < 2". This also indicates which ABIs support such past limitation. Improve documentation consistency by not using contractions. Fix spelling in fs.c . Cc: Paul Moore Signed-off-by: Mickaël Salaün Reviewed-by: Günther Noack Link: https://lore.kernel.org/r/20220923154207.3311629-3-mic@digikod.net --- Documentation/security/landlock.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Documentation/security') diff --git a/Documentation/security/landlock.rst b/Documentation/security/landlock.rst index 5c77730b4479..cc9617f3175b 100644 --- a/Documentation/security/landlock.rst +++ b/Documentation/security/landlock.rst @@ -7,7 +7,7 @@ Landlock LSM: kernel documentation ================================== :Author: Mickaël Salaün -:Date: May 2022 +:Date: September 2022 Landlock's goal is to create scoped access-control (i.e. sandboxing). To harden a whole system, this feature should be available to any process, @@ -49,7 +49,7 @@ Filesystem access rights ------------------------ All access rights are tied to an inode and what can be accessed through it. -Reading the content of a directory doesn't imply to be allowed to read the +Reading the content of a directory does not imply to be allowed to read the content of a listed inode. Indeed, a file name is local to its parent directory, and an inode can be referenced by multiple file names thanks to (hard) links. Being able to unlink a file only has a direct impact on the -- cgit v1.2.3-59-g8ed1b