From patchwork Sat Jun 5 13:18:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mauro Carvalho Chehab X-Patchwork-Id: 12301515 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B58DC49EA3 for ; Sat, 5 Jun 2021 13:18:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6A5AB61415 for ; Sat, 5 Jun 2021 13:18:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230286AbhFENUc (ORCPT ); Sat, 5 Jun 2021 09:20:32 -0400 Received: from mail.kernel.org ([198.145.29.99]:35314 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230134AbhFENU1 (ORCPT ); Sat, 5 Jun 2021 09:20:27 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 7945261456; Sat, 5 Jun 2021 13:18:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1622899118; bh=JmkxZbG0Dzpqyif7bYYY62pQc/1q5Vp2mW4DafqUD9E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=dEU3HnoUOGVwHG4GOZPzAmDwfX84nFO9FFOjsZsjU9MbabfiElLA72X8LcDLbJHp+ LyX6j36mcF+YuCEquenyX049Vz94IQCzFXhnGwEFJGed2C6pTfLwuO3wb0sbDWvKgW uO2VDL231/2bl64mW6z7nHw2kLNOd8SjNB+xQMQCxmrpptS+lQUHmy157KiyTCI6jL 87tGxZyZJVPB9mFiaXpV0u8hErlMRR688KI3vtQ4zdq1SkscPPWu+3ed8YFbxsR+on iunidDVbs+amECjmYSruZw3dFhifYif2HcfPrYX3QkWrJEngNkyDlhIhINSbJk7Ebb +p3VgbKv+Nagg== Received: by mail.kernel.org with local (Exim 4.94.2) (envelope-from ) id 1lpWCC-008GGL-Kq; Sat, 05 Jun 2021 15:18:36 +0200 From: Mauro Carvalho Chehab To: "Jonathan Corbet" , Linux Doc Mailing List Cc: Mauro Carvalho Chehab , =?utf-8?q?Micka=C3=AB?= =?utf-8?q?l_Sala=C3=BCn?= , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH 29/34] docs: security: landlock.rst: avoid using ReSt :doc:`foo` markup Date: Sat, 5 Jun 2021 15:18:28 +0200 Message-Id: <07fc83f40702a11a60ca12c9345346e52f14f4ef.1622898327.git.mchehab+huawei@kernel.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Sender: Mauro Carvalho Chehab Precedence: bulk List-ID: The :doc:`foo` tag is auto-generated via automarkup.py. So, use the filename at the sources, instead of :doc:`foo`. Signed-off-by: Mauro Carvalho Chehab --- Documentation/security/landlock.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Documentation/security/landlock.rst b/Documentation/security/landlock.rst index 2e84925ae971..3df68cb1d10f 100644 --- a/Documentation/security/landlock.rst +++ b/Documentation/security/landlock.rst @@ -25,7 +25,8 @@ Any user can enforce Landlock rulesets on their processes. They are merged and evaluated according to the inherited ones in a way that ensures that only more constraints can be added. -User space documentation can be found here: :doc:`/userspace-api/landlock`. +User space documentation can be found here: +Documentation/userspace-api/landlock.rst. Guiding principles for safe access controls =========================================== From patchwork Sat Jun 5 13:18:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Mauro Carvalho Chehab X-Patchwork-Id: 12301519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28790C49EA3 for ; Sat, 5 Jun 2021 13:18:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1CD586140B for ; Sat, 5 Jun 2021 13:18:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230356AbhFENUn (ORCPT ); Sat, 5 Jun 2021 09:20:43 -0400 Received: from mail.kernel.org ([198.145.29.99]:35102 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230129AbhFENU0 (ORCPT ); Sat, 5 Jun 2021 09:20:26 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 8C9486145A; Sat, 5 Jun 2021 13:18:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1622899118; bh=BSGXxyqvPvWufTNDi9kWzIf7K9GAT+ID0ZQoJHx3Or0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Fo9nVj/u+WA7bi9Pk8u/N8TTSwrl9W0cqIRvVOsTNHm3OgrDpc3RMi9ptidM+GRci PYCAbMGrkwSWyn81lbuOM0anzN+qnc9u+PlnLyVkahDPN+PQZun2l5rzjJrcfewnq8 8PZHByDwXZq8JKQonfYhEY+0tZxNfaYrTu2F0a4T6XlDMQ9Gzb1ZQkFmqhvgk1a2sr ck6/jlVlBIGEtkZ5dOCH7aQlgZWhmsujSEfLuXFVwkqIE78HwShzu7pZbhKWOKV6Sr CKnLhzJK2B8JuDi5kjOzw7i3HvSmtaxyi0L/hnD01XYnkzlMHCIPDpy2Y2GsxrIWjt Ied8+cbd2tFtA== Received: by mail.kernel.org with local (Exim 4.94.2) (envelope-from ) id 1lpWCC-008GGX-Rg; Sat, 05 Jun 2021 15:18:36 +0200 From: Mauro Carvalho Chehab To: "Jonathan Corbet" , Linux Doc Mailing List Cc: Mauro Carvalho Chehab , =?utf-8?q?Micka=C3=AB?= =?utf-8?q?l_Sala=C3=BCn?= , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH 32/34] docs: userspace-api: landlock.rst: avoid using ReSt :doc:`foo` markup Date: Sat, 5 Jun 2021 15:18:31 +0200 Message-Id: <5a40dfed12363477bf961e4ca2dceeef987c322d.1622898327.git.mchehab+huawei@kernel.org> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 Sender: Mauro Carvalho Chehab Precedence: bulk List-ID: The :doc:`foo` tag is auto-generated via automarkup.py. So, use the filename at the sources, instead of :doc:`foo`. Signed-off-by: Mauro Carvalho Chehab --- Documentation/userspace-api/landlock.rst | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Documentation/userspace-api/landlock.rst b/Documentation/userspace-api/landlock.rst index 62c9361a3c7f..f35552ff19ba 100644 --- a/Documentation/userspace-api/landlock.rst +++ b/Documentation/userspace-api/landlock.rst @@ -145,7 +145,8 @@ Bind mounts and OverlayFS Landlock enables to restrict access to file hierarchies, which means that these access rights can be propagated with bind mounts (cf. -:doc:`/filesystems/sharedsubtree`) but not with :doc:`/filesystems/overlayfs`. +Documentation/filesystems/sharedsubtree.rst) but not with +Documentation/filesystems/overlayfs.rst. A bind mount mirrors a source file hierarchy to a destination. The destination hierarchy is then composed of the exact same files, on which Landlock rules can @@ -170,8 +171,8 @@ Inheritance Every new thread resulting from a :manpage:`clone(2)` inherits Landlock domain restrictions from its parent. This is similar to the seccomp inheritance (cf. -:doc:`/userspace-api/seccomp_filter`) or any other LSM dealing with task's -:manpage:`credentials(7)`. For instance, one process's thread may apply +Documentation/userspace-api/seccomp_filter.rst) or any other LSM dealing with +task's :manpage:`credentials(7)`. For instance, one process's thread may apply Landlock rules to itself, but they will not be automatically applied to other sibling threads (unlike POSIX thread credential changes, cf. :manpage:`nptl(7)`). @@ -278,7 +279,7 @@ Memory usage ------------ Kernel memory allocated to create rulesets is accounted and can be restricted -by the :doc:`/admin-guide/cgroup-v1/memory`. +by the Documentation/admin-guide/cgroup-v1/memory.rst. Questions and answers ===================== @@ -303,7 +304,7 @@ issues, especially when untrusted processes can manipulate them (cf. Additional documentation ======================== -* :doc:`/security/landlock` +* Documentation/security/landlock.rst * https://landlock.io .. Links