landlock: Minor typo and grammar fixes in IPC scoping documentation

* Fix some whitespace, punctuation and minor grammar. * Add a missing sentence about the minimum ABI version, to stay in line with the section next to it. Cc: Tahera Fahimi <fahimitahera@gmail.com> Cc: Tanya Agarwal <tanyaagarwal25699@gmail.com> Signed-off-by: Günther Noack <gnoack@google.com> Link: https://lore.kernel.org/r/20250124154445.162841-1-gnoack@google.com [mic: Add newlines, update doc date] Signed-off-by: Mickaël Salaün <mic@digikod.net>
2025-03-06 20:59:54 +01:00 · 2025-01-24 15:44:44 +00:00 · 2025-01-24 15:44:44 +00:00 · 192b7ff29b
commit 192b7ff29b
parent 143c9aae04
2 changed files with 9 additions and 5 deletions
--- a/Documentation/userspace-api/landlock.rst
+++ b/Documentation/userspace-api/landlock.rst
@ -8,7 +8,7 @@ Landlock: unprivileged access control
 =====================================

 :Author: Mickaël Salaün
-:Date: October 2024
+:Date: January 2025

 The goal of Landlock is to enable restriction of ambient rights (e.g. global
 filesystem or network access) for a set of processes.  Because Landlock
@ -329,11 +329,11 @@ non-sandboxed process, we can specify this restriction with
 A sandboxed process can connect to a non-sandboxed process when its domain is
 not scoped. If a process's domain is scoped, it can only connect to sockets
 created by processes in the same scope.
-Moreover, If a process is scoped to send signal to a non-scoped process, it can
+Moreover, if a process is scoped to send signal to a non-scoped process, it can
 only send signals to processes in the same scope.

 A connected datagram socket behaves like a stream socket when its domain is
-scoped, meaning if the domain is scoped after the socket is connected , it can
+scoped, meaning if the domain is scoped after the socket is connected, it can
 still :manpage:`send(2)` data just like a stream socket.  However, in the same
 scenario, a non-connected datagram socket cannot send data (with
 :manpage:`sendto(2)`) outside its scope.
--- a/include/uapi/linux/landlock.h
+++ b/include/uapi/linux/landlock.h
@ -268,7 +268,9 @@ struct landlock_net_port_attr {
 * ~~~~~~~~~~~~~~~~
 *
 * These flags enable to restrict a sandboxed process to a set of network
- * actions. This is supported since the Landlock ABI version 4.
+ * actions.
+ *
+ * This is supported since Landlock ABI version 4.
 *
 * The following access rights apply to TCP port numbers:
 *
@ -291,11 +293,13 @@ struct landlock_net_port_attr {
 * Setting a flag for a ruleset will isolate the Landlock domain to forbid
 * connections to resources outside the domain.
 *
+ * This is supported since Landlock ABI version 6.
+ *
 * Scopes:
 *
 * - %LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET: Restrict a sandboxed process from
 *   connecting to an abstract UNIX socket created by a process outside the
- *   related Landlock domain (e.g. a parent domain or a non-sandboxed process).
+ *   related Landlock domain (e.g., a parent domain or a non-sandboxed process).
 * - %LANDLOCK_SCOPE_SIGNAL: Restrict a sandboxed process from sending a signal
 *   to another process outside the domain.
 */