€•      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ%/translations/zh_CN/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/zh_TW/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/it_IT/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/ja_JP/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/ko_KR/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/pt_BR/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/sp_SP/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1hµhhh²hh³Œ?/var/lib/git/docbuild/linux/Documentation/security/landlock.rst”h´Kubh¶)”}”(hŒ9Copyright Â© 2017-2020 MickaÃ«l SalaÃ¼n <mic@digikod.net>”h]”hŒ9Copyright Â© 2017-2020 MickaÃ«l SalaÃ¼n <mic@digikod.net>”…””}”hhÈsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1hµhhh²hh³hÇh´Kubh¶)”}”(hŒCopyright Â© 2019-2020 ANSSI”h]”hŒCopyright Â© 2019-2020 ANSSI”…””}”hhÖsbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1hµhhh²hh³hÇh´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ"Landlock LSM: kernel documentation”h]”hŒ"Landlock LSM: kernel documentation”…””}”(hhëh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhhæh²hh³hÇh´KubhŒ
field_list”“”)”}”(hhh]”(hŒfield”“”)”}”(hhh]”(hŒ
field_name”“”)”}”(hŒAuthor”h]”hŒAuthor”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj   h³hÇh´K ubhŒ
field_body”“”)”}”(hŒMickaÃ«l SalaÃ¼n”h]”hŒ	paragraph”“”)”}”(hj  h]”hŒMickaÃ«l SalaÃ¼n”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K	hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj   ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hþh³hÇh´K	hhûh²hubhÿ)”}”(hhh]”(j  )”}”(hŒDate”h]”hŒDate”…””}”(hj7  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj4  h³hÇh´K ubj  )”}”(hŒMarch 2026
”h]”j  )”}”(hŒ
March 2026”h]”hŒ
March 2026”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K
hjE  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj4  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hþh³hÇh´K
hhûh²hubeh}”(h]”h ]”h"]”h$]”h&]”uh1hùhhæh²hh³hÇh´K	ubj  )”}”(hXš  Landlock's goal is to create scoped access-control (i.e. sandboxing).  To
harden a whole system, this feature should be available to any process,
including unprivileged ones.  Because such a process may be compromised or
backdoored (i.e. untrusted), Landlock's features must be safe to use from the
kernel and other processes point of view.  Landlock's interface must therefore
expose a minimal attack surface.”h]”hX   Landlockâ€™s goal is to create scoped access-control (i.e. sandboxing).  To
harden a whole system, this feature should be available to any process,
including unprivileged ones.  Because such a process may be compromised or
backdoored (i.e. untrusted), Landlockâ€™s features must be safe to use from the
kernel and other processes point of view.  Landlockâ€™s interface must therefore
expose a minimal attack surface.”…””}”(hji  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Khhæh²hubj  )”}”(hX  Landlock is designed to be usable by unprivileged processes while following the
system security policy enforced by other access control mechanisms (e.g. DAC,
LSM).  A Landlock rule shall not interfere with other access-controls enforced
on the system, only add more restrictions.”h]”hX  Landlock is designed to be usable by unprivileged processes while following the
system security policy enforced by other access control mechanisms (e.g. DAC,
LSM).  A Landlock rule shall not interfere with other access-controls enforced
on the system, only add more restrictions.”…””}”(hjw  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Khhæh²hubj  )”}”(hŒ³Any user can enforce Landlock rulesets on their processes.  They are merged and
evaluated against inherited rulesets in a way that ensures that only more
constraints can be added.”h]”hŒ³Any user can enforce Landlock rulesets on their processes.  They are merged and
evaluated against inherited rulesets in a way that ensures that only more
constraints can be added.”…””}”(hj…  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Khhæh²hubj  )”}”(hŒUUser space documentation can be found here:
Documentation/userspace-api/landlock.rst.”h]”hŒUUser space documentation can be found here:
Documentation/userspace-api/landlock.rst.”…””}”(hj“  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Khhæh²hubhå)”}”(hhh]”(hê)”}”(hŒ+Guiding principles for safe access controls”h]”hŒ+Guiding principles for safe access controls”…””}”(hj¤  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhj¡  h²hh³hÇh´K ubhŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ A Landlock rule shall be focused on access control on kernel objects instead
of syscall filtering (i.e. syscall arguments), which is the purpose of
seccomp-bpf.”h]”j  )”}”(hŒ A Landlock rule shall be focused on access control on kernel objects instead
of syscall filtering (i.e. syscall arguments), which is the purpose of
seccomp-bpf.”h]”hŒ A Landlock rule shall be focused on access control on kernel objects instead
of syscall filtering (i.e. syscall arguments), which is the purpose of
seccomp-bpf.”…””}”(hj½  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K"hj¹  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj´  h²hh³hÇh´Nubj¸  )”}”(hŒ¶To avoid multiple kinds of side-channel attacks (e.g. leak of security
policies, CPU-based attacks), Landlock rules shall not be able to
programmatically communicate with user space.”h]”j  )”}”(hŒ¶To avoid multiple kinds of side-channel attacks (e.g. leak of security
policies, CPU-based attacks), Landlock rules shall not be able to
programmatically communicate with user space.”h]”hŒ¶To avoid multiple kinds of side-channel attacks (e.g. leak of security
policies, CPU-based attacks), Landlock rules shall not be able to
programmatically communicate with user space.”…””}”(hjÕ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K%hjÑ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj´  h²hh³hÇh´Nubj¸  )”}”(hŒRKernel access check shall not slow down access request from unsandboxed
processes.”h]”j  )”}”(hŒRKernel access check shall not slow down access request from unsandboxed
processes.”h]”hŒRKernel access check shall not slow down access request from unsandboxed
processes.”…””}”(hjí  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K(hjé  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj´  h²hh³hÇh´Nubj¸  )”}”(hŒvComputation related to Landlock operations (e.g. enforcing a ruleset) shall
only impact the processes requesting them.”h]”j  )”}”(hŒvComputation related to Landlock operations (e.g. enforcing a ruleset) shall
only impact the processes requesting them.”h]”hŒvComputation related to Landlock operations (e.g. enforcing a ruleset) shall
only impact the processes requesting them.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K*hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj´  h²hh³hÇh´Nubj¸  )”}”(hŒåResources (e.g. file descriptors) directly obtained from the kernel by a
sandboxed process shall retain their scoped accesses (at the time of resource
acquisition) whatever process uses them.
Cf. `File descriptor access rights`_.”h]”j  )”}”(hŒåResources (e.g. file descriptors) directly obtained from the kernel by a
sandboxed process shall retain their scoped accesses (at the time of resource
acquisition) whatever process uses them.
Cf. `File descriptor access rights`_.”h]”(hŒÄResources (e.g. file descriptors) directly obtained from the kernel by a
sandboxed process shall retain their scoped accesses (at the time of resource
acquisition) whatever process uses them.
Cf. ”…””}”(hj  h²hh³Nh´NubhŒ	reference”“”)”}”(hŒ `File descriptor access rights`_”h]”hŒFile descriptor access rights”…””}”(hj'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒFile descriptor access rights”Œrefid”Œfile-descriptor-access-rights”uh1j%  hj  Œresolved”KubhŒ.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K,hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj´  h²hh³hÇh´Nubj¸  )”}”(hX*  Access denials shall be logged according to system and Landlock domain
configurations.  Log entries must contain information about the cause of the
denial and the owner of the related security policy.  Such log generation
should have a negligible performance and memory impact on allowed requests.
”h]”j  )”}”(hX)  Access denials shall be logged according to system and Landlock domain
configurations.  Log entries must contain information about the cause of the
denial and the owner of the related security policy.  Such log generation
should have a negligible performance and memory impact on allowed requests.”h]”hX)  Access denials shall be logged according to system and Landlock domain
configurations.  Log entries must contain information about the cause of the
denial and the owner of the related security policy.  Such log generation
should have a negligible performance and memory impact on allowed requests.”…””}”(hjN  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K0hjJ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj´  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1j²  h³hÇh´K"hj¡  h²hubeh}”(h]”Œ+guiding-principles-for-safe-access-controls”ah ]”h"]”Œ+guiding principles for safe access controls”ah$]”h&]”uh1hähhæh²hh³hÇh´K ubhå)”}”(hhh]”(hê)”}”(hŒDesign choices”h]”hŒDesign choices”…””}”(hju  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhjr  h²hh³hÇh´K6ubhå)”}”(hhh]”(hê)”}”(hŒInode access rights”h]”hŒInode access rights”…””}”(hj†  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhjƒ  h²hh³hÇh´K9ubj  )”}”(hX/  All access rights are tied to an inode and what can be accessed through it.
Reading the content of a directory does not imply to be allowed to read the
content of a listed inode.  Indeed, a file name is local to its parent
directory, and an inode can be referenced by multiple file names thanks to
(hard) links.  Being able to unlink a file only has a direct impact on the
directory, not the unlinked inode.  This is the reason why
``LANDLOCK_ACCESS_FS_REMOVE_FILE`` or ``LANDLOCK_ACCESS_FS_REFER`` are not
allowed to be tied to files but only to directories.”h]”(hX°  All access rights are tied to an inode and what can be accessed through it.
Reading the content of a directory does not imply to be allowed to read the
content of a listed inode.  Indeed, a file name is local to its parent
directory, and an inode can be referenced by multiple file names thanks to
(hard) links.  Being able to unlink a file only has a direct impact on the
directory, not the unlinked inode.  This is the reason why
”…””}”(hj”  h²hh³Nh´NubhŒliteral”“”)”}”(hŒ"``LANDLOCK_ACCESS_FS_REMOVE_FILE``”h]”hŒLANDLOCK_ACCESS_FS_REMOVE_FILE”…””}”(hjž  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj”  ubhŒ or ”…””}”(hj”  h²hh³Nh´Nubj  )”}”(hŒ``LANDLOCK_ACCESS_FS_REFER``”h]”hŒLANDLOCK_ACCESS_FS_REFER”…””}”(hj°  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj”  ubhŒ= are not
allowed to be tied to files but only to directories.”…””}”(hj”  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K;hjƒ  h²hubeh}”(h]”Œinode-access-rights”ah ]”h"]”Œinode access rights”ah$]”h&]”uh1hähjr  h²hh³hÇh´K9ubhå)”}”(hhh]”(hê)”}”(hŒFile descriptor access rights”h]”hŒFile descriptor access rights”…””}”(hjÓ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhjÐ  h²hh³hÇh´KEubj  )”}”(hŒáAccess rights are checked and tied to file descriptors at open time.  The
underlying principle is that equivalent sequences of operations should lead to
the same results, when they are executed under the same Landlock domain.”h]”hŒáAccess rights are checked and tied to file descriptors at open time.  The
underlying principle is that equivalent sequences of operations should lead to
the same results, when they are executed under the same Landlock domain.”…””}”(hjá  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KGhjÐ  h²hubj  )”}”(hX[  Taking the ``LANDLOCK_ACCESS_FS_TRUNCATE`` right as an example, it may be
allowed to open a file for writing without being allowed to
:manpage:`ftruncate` the resulting file descriptor if the related file
hierarchy doesn't grant that access right.  The following sequences of
operations have the same semantic and should then have the same result:”h]”(hŒTaking the ”…””}”(hjï  h²hh³Nh´Nubj  )”}”(hŒ``LANDLOCK_ACCESS_FS_TRUNCATE``”h]”hŒLANDLOCK_ACCESS_FS_TRUNCATE”…””}”(hj÷  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjï  ubhŒ\ right as an example, it may be
allowed to open a file for writing without being allowed to
”…””}”(hjï  h²hh³Nh´Nubh Œmanpage”“”)”}”(hŒ:manpage:`ftruncate`”h]”hŒ	ftruncate”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”j	  ah"]”h$]”h&]”hÅhÆŒpath”Œ	ftruncate”Œpage”j  hähuh1j	  hjï  ubhŒÃ the resulting file descriptor if the related file
hierarchy doesnâ€™t grant that access right.  The following sequences of
operations have the same semantic and should then have the same result:”…””}”(hjï  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KKhjÐ  h²hubj³  )”}”(hhh]”(j¸  )”}”(hŒ``truncate(path);``”h]”j  )”}”(hj+  h]”j  )”}”(hj+  h]”hŒtruncate(path);”…””}”(hj0  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj-  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KQhj)  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj&  h²hh³hÇh´Nubj¸  )”}”(hŒ=``int fd = open(path, O_WRONLY); ftruncate(fd); close(fd);``
”h]”j  )”}”(hŒ<``int fd = open(path, O_WRONLY); ftruncate(fd); close(fd);``”h]”j  )”}”(hjO  h]”hŒ8int fd = open(path, O_WRONLY); ftruncate(fd); close(fd);”…””}”(hjQ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjM  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KRhjI  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj&  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”jh  ji  uh1j²  h³hÇh´KQhjÐ  h²hubj  )”}”(hXÞ  Similarly to file access modes (e.g. ``O_RDWR``), Landlock access rights
attached to file descriptors are retained even if they are passed between
processes (e.g. through a Unix domain socket).  Such access rights will then be
enforced even if the receiving process is not sandboxed by Landlock.  Indeed,
this is required to keep access controls consistent over the whole system, and
this avoids unattended bypasses through file descriptor passing (i.e. confused
deputy attack).”h]”(hŒ%Similarly to file access modes (e.g. ”…””}”(hjp  h²hh³Nh´Nubj  )”}”(hŒ
``O_RDWR``”h]”hŒO_RDWR”…””}”(hjx  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjp  ubhX¯  ), Landlock access rights
attached to file descriptors are retained even if they are passed between
processes (e.g. through a Unix domain socket).  Such access rights will then be
enforced even if the receiving process is not sandboxed by Landlock.  Indeed,
this is required to keep access controls consistent over the whole system, and
this avoids unattended bypasses through file descriptor passing (i.e. confused
deputy attack).”…””}”(hjp  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KThjÐ  h²hubhŒtarget”“”)”}”(hŒ.. _scoped-flags-interaction:”h]”h}”(h]”h ]”h"]”h$]”h&]”j7  Œscoped-flags-interaction”uh1j  h´K\hjÐ  h²hh³hÇubeh}”(h]”j8  ah ]”h"]”Œfile descriptor access rights”ah$]”h&]”uh1hähjr  h²hh³hÇh´KEŒ
referenced”Kubhå)”}”(hhh]”(hê)”}”(hŒ8Interaction between scoped flags and other access rights”h]”hŒ8Interaction between scoped flags and other access rights”…””}”(hj¨  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhj¥  h²hh³hÇh´K_ubj  )”}”(hŒÐThe ``scoped`` flags in &struct landlock_ruleset_attr restrict the
use of *outgoing* IPC from the created Landlock domain, while they
permit reaching out to IPC endpoints *within* the created Landlock
domain.”h]”(hŒThe ”…””}”(hj¶  h²hh³Nh´Nubj  )”}”(hŒ
``scoped``”h]”hŒscoped”…””}”(hj¾  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj¶  ubhŒ< flags in &struct landlock_ruleset_attr restrict the
use of ”…””}”(hj¶  h²hh³Nh´NubhŒemphasis”“”)”}”(hŒ
*outgoing*”h]”hŒoutgoing”…””}”(hjÒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj¶  ubhŒW IPC from the created Landlock domain, while they
permit reaching out to IPC endpoints ”…””}”(hj¶  h²hh³Nh´NubjÑ  )”}”(hŒ*within*”h]”hŒwithin”…””}”(hjä  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj¶  ubhŒ the created Landlock
domain.”…””}”(hj¶  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Kahj¥  h²hubj  )”}”(hŒÏIn the future, scoped flags *may* interact with other access rights,
e.g. so that abstract UNIX sockets can be allow-listed by name, or so
that signals can be allow-listed by signal number or target process.”h]”(hŒIn the future, scoped flags ”…””}”(hjü  h²hh³Nh´NubjÑ  )”}”(hŒ*may*”h]”hŒmay”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjü  ubhŒ® interact with other access rights,
e.g. so that abstract UNIX sockets can be allow-listed by name, or so
that signals can be allow-listed by signal number or target process.”…””}”(hjü  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Kfhj¥  h²hubj  )”}”(hX1  When introducing ``LANDLOCK_ACCESS_FS_RESOLVE_UNIX``, we defined it to
implicitly have the same scoping semantics as a
``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET`` flag would have: connecting to
UNIX sockets within the same domain (where
``LANDLOCK_ACCESS_FS_RESOLVE_UNIX`` is used) is unconditionally
allowed.”h]”(hŒWhen introducing ”…””}”(hj  h²hh³Nh´Nubj  )”}”(hŒ#``LANDLOCK_ACCESS_FS_RESOLVE_UNIX``”h]”hŒLANDLOCK_ACCESS_FS_RESOLVE_UNIX”…””}”(hj$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj  ubhŒC, we defined it to
implicitly have the same scoping semantics as a
”…””}”(hj  h²hh³Nh´Nubj  )”}”(hŒ'``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET``”h]”hŒ#LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET”…””}”(hj6  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj  ubhŒK flag would have: connecting to
UNIX sockets within the same domain (where
”…””}”(hj  h²hh³Nh´Nubj  )”}”(hŒ#``LANDLOCK_ACCESS_FS_RESOLVE_UNIX``”h]”hŒLANDLOCK_ACCESS_FS_RESOLVE_UNIX”…””}”(hjH  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj  ubhŒ% is used) is unconditionally
allowed.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Kjhj¥  h²hubj  )”}”(hŒThe reasoning is:”h]”hŒThe reasoning is:”…””}”(hj`  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Kqhj¥  h²hubj³  )”}”(hhh]”(j¸  )”}”(hŒöLike other IPC mechanisms, connecting to named UNIX sockets in the
same domain should be expected and harmless.  (If needed, users can
further refine their Landlock policies with nested domains or by
restricting ``LANDLOCK_ACCESS_FS_MAKE_SOCK``.)”h]”j  )”}”(hŒöLike other IPC mechanisms, connecting to named UNIX sockets in the
same domain should be expected and harmless.  (If needed, users can
further refine their Landlock policies with nested domains or by
restricting ``LANDLOCK_ACCESS_FS_MAKE_SOCK``.)”h]”(hŒÔLike other IPC mechanisms, connecting to named UNIX sockets in the
same domain should be expected and harmless.  (If needed, users can
further refine their Landlock policies with nested domains or by
restricting ”…””}”(hju  h²hh³Nh´Nubj  )”}”(hŒ ``LANDLOCK_ACCESS_FS_MAKE_SOCK``”h]”hŒLANDLOCK_ACCESS_FS_MAKE_SOCK”…””}”(hj}  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hju  ubhŒ.)”…””}”(hju  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Kshjq  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hjn  h²hh³hÇh´Nubj¸  )”}”(hŒÌWe reserve the option to still introduce
``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET`` in the future.  (This would
be useful if we wanted to have a Landlock rule to permit IPC access
to other Landlock domains.)”h]”j  )”}”(hŒÌWe reserve the option to still introduce
``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET`` in the future.  (This would
be useful if we wanted to have a Landlock rule to permit IPC access
to other Landlock domains.)”h]”(hŒ)We reserve the option to still introduce
”…””}”(hjŸ  h²hh³Nh´Nubj  )”}”(hŒ'``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET``”h]”hŒ#LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET”…””}”(hj§  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjŸ  ubhŒ| in the future.  (This would
be useful if we wanted to have a Landlock rule to permit IPC access
to other Landlock domains.)”…””}”(hjŸ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´Kwhj›  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hjn  h²hh³hÇh´Nubj¸  )”}”(hŒóBut we can postpone the point in time when users have to deal with
two interacting flags visible in the userspace API.  (In particular,
it is possible that it won't be needed in practice, in which case we
can avoid the second flag altogether.)”h]”j  )”}”(hŒóBut we can postpone the point in time when users have to deal with
two interacting flags visible in the userspace API.  (In particular,
it is possible that it won't be needed in practice, in which case we
can avoid the second flag altogether.)”h]”hŒõBut we can postpone the point in time when users have to deal with
two interacting flags visible in the userspace API.  (In particular,
it is possible that it wonâ€™t be needed in practice, in which case we
can avoid the second flag altogether.)”…””}”(hjÉ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K{hjÅ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hjn  h²hh³hÇh´Nubj¸  )”}”(hŒüIf we *do* introduce ``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET`` in the
future, setting this scoped flag in a ruleset does *not reduce* the
restrictions, because access within the same scope is already
allowed based on ``LANDLOCK_ACCESS_FS_RESOLVE_UNIX``.
”h]”j  )”}”(hŒûIf we *do* introduce ``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET`` in the
future, setting this scoped flag in a ruleset does *not reduce* the
restrictions, because access within the same scope is already
allowed based on ``LANDLOCK_ACCESS_FS_RESOLVE_UNIX``.”h]”(hŒIf we ”…””}”(hjá  h²hh³Nh´NubjÑ  )”}”(hŒ*do*”h]”hŒdo”…””}”(hjé  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjá  ubhŒ introduce ”…””}”(hjá  h²hh³Nh´Nubj  )”}”(hŒ'``LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET``”h]”hŒ#LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET”…””}”(hjû  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjá  ubhŒ; in the
future, setting this scoped flag in a ruleset does ”…””}”(hjá  h²hh³Nh´NubjÑ  )”}”(hŒ*not reduce*”h]”hŒ
not reduce”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjá  ubhŒT the
restrictions, because access within the same scope is already
allowed based on ”…””}”(hjá  h²hh³Nh´Nubj  )”}”(hŒ#``LANDLOCK_ACCESS_FS_RESOLVE_UNIX``”h]”hŒLANDLOCK_ACCESS_FS_RESOLVE_UNIX”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjá  ubhŒ.”…””}”(hjá  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´KhjÝ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hjn  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”jh  ji  uh1j²  h³hÇh´Kshj¥  h²hubeh}”(h]”(Œ8interaction-between-scoped-flags-and-other-access-rights”jœ  eh ]”h"]”(Œ8interaction between scoped flags and other access rights”Œscoped-flags-interaction”eh$]”h&]”uh1hähjr  h²hh³hÇh´K_Œexpect_referenced_by_name”}”jI  j’  sŒexpect_referenced_by_id”}”jœ  j’  subeh}”(h]”Œdesign-choices”ah ]”h"]”Œdesign choices”ah$]”h&]”uh1hähhæh²hh³hÇh´K6ubhå)”}”(hhh]”(hê)”}”(hŒTests”h]”hŒTests”…””}”(hj[  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhjX  h²hh³hÇh´K…ubj  )”}”(hŒUserspace tests for backward compatibility, ptrace restrictions and filesystem
support can be found here: `tools/testing/selftests/landlock/`_.”h]”(hŒjUserspace tests for backward compatibility, ptrace restrictions and filesystem
support can be found here: ”…””}”(hji  h²hh³Nh´Nubj&  )”}”(hŒ$`tools/testing/selftests/landlock/`_”h]”hŒ!tools/testing/selftests/landlock/”…””}”(hjq  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œ!tools/testing/selftests/landlock/”Œrefuri”Œghttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/tools/testing/selftests/landlock/”uh1j%  hji  j9  KubhŒ.”…””}”(hji  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K‡hjX  h²hubeh}”(h]”Œtests”ah ]”h"]”Œtests”ah$]”h&]”uh1hähhæh²hh³hÇh´K…ubhå)”}”(hhh]”(hê)”}”(hŒKernel structures”h]”hŒKernel structures”…””}”(hj˜  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhj•  h²hh³hÇh´K‹ubhå)”}”(hhh]”(hê)”}”(hŒObject”h]”hŒObject”…””}”(hj©  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhj¦  h²hh³hÇh´KŽubh Œindex”“”)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(Œsingle”Œ#landlock_object_underops (C struct)”Œc.landlock_object_underops”hNt”auh1j·  hj¦  h²hh³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´Nubh Œdesc”“”)”}”(hhh]”(h Œdesc_signature”“”)”}”(hŒlandlock_object_underops”h]”h Œdesc_signature_line”“”)”}”(hŒstruct landlock_object_underops”h]”(h Œdesc_sig_keyword”“”)”}”(hŒstruct”h]”hŒstruct”…””}”(hjÜ  h²hh³Nh´Nubah}”(h]”h ]”Œk”ah"]”h$]”h&]”uh1jÚ  hjÖ  h²hh³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´Kubh Œdesc_sig_space”“”)”}”(hŒ ”h]”hŒ ”…””}”(hjî  h²hh³Nh´Nubah}”(h]”h ]”Œw”ah"]”h$]”h&]”uh1jì  hjÖ  h²hh³jë  h´Kubh Œ	desc_name”“”)”}”(hŒlandlock_object_underops”h]”h Œdesc_sig_name”“”)”}”(hjÒ  h]”hŒlandlock_object_underops”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”Œn”ah"]”h$]”h&]”uh1j  hjÿ  ubah}”(h]”h ]”(Œsig-name”Œdescname”eh"]”h$]”h&]”hÅhÆuh1jý  hjÖ  h²hh³jë  h´Kubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆŒadd_permalink”ˆuh1jÔ  Œsphinx_line_type”Œ
declarator”hjÐ  h²hh³jë  h´Kubah}”(h]”jÆ  ah ]”(Œsig”Œ
sig-object”eh"]”h$]”h&]”Œis_multiline”ˆŒ
_toc_parts”)Œ	_toc_name”huh1jÎ  h³jë  h´KhjË  h²hubh Œdesc_content”“”)”}”(hhh]”j  )”}”(hŒ"Operations on an underlying object”h]”hŒ"Operations on an underlying object”…””}”(hj4  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´Khj1  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hjË  h²hh³jë  h´Kubeh}”(h]”h ]”(Œc”Œstruct”eh"]”h$]”h&]”Œdomain”jL  Œobjtype”jM  Œdesctype”jM  Œnoindex”‰Œnoindexentry”‰Œnocontentsentry”‰uh1jÉ  h²hhj¦  h³jÈ  h´NubhŒ	container”“”)”}”(hŒÎ**Definition**::

  struct landlock_object_underops {
      void (*release)(struct landlock_object *const object);
  };

**Members**

``release``
  Releases the underlying object (e.g. iput() for an inode).”h]”(j  )”}”(hŒ**Definition**::”h]”(hŒstrong”“”)”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjc  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj]  ubhŒ:”…””}”(hj]  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´KhjY  ubhŒliteral_block”“”)”}”(hŒ_struct landlock_object_underops {
    void (*release)(struct landlock_object *const object);
};”h]”hŒ_struct landlock_object_underops {
    void (*release)(struct landlock_object *const object);
};”…””}”hj~  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´KhjY  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hj  h]”hŒMembers”…””}”(hj‘  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´KhjY  ubhŒdefinition_list”“”)”}”(hhh]”hŒdefinition_list_item”“”)”}”(hŒF``release``
Releases the underlying object (e.g. iput() for an inode).”h]”(hŒterm”“”)”}”(hŒ``release``”h]”j  )”}”(hj´  h]”hŒrelease”…””}”(hj¶  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj²  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´Khj¬  ubhŒ
definition”“”)”}”(hhh]”j  )”}”(hŒ:Releases the underlying object (e.g. iput() for an inode).”h]”hŒ:Releases the underlying object (e.g. iput() for an inode).”…””}”(hjÏ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´KhjÌ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj¬  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jÉ  h´Khj§  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hjY  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj¦  h²hh³jÈ  h´Nubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œlandlock_object (C struct)”Œc.landlock_object”hNt”auh1j·  hj¦  h²hh³jÈ  h´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_object”h]”jÕ  )”}”(hŒstruct landlock_object”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj  h²hh³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´Kubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj  h²hh³j  h´Kubjþ  )”}”(hŒlandlock_object”h]”j  )”}”(hj
  h]”hŒlandlock_object”…””}”(hj0  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj,  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hj  h²hh³j  h´Kubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hj  h²hh³j  h´Kubah}”(h]”j  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³j  h´Khj  h²hubj0  )”}”(hhh]”j  )”}”(hŒ%Security blob tied to a kernel object”h]”hŒ%Security blob tied to a kernel object”…””}”(hjR  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´KhjO  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hj  h²hh³j  h´Kubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  jj  jS  jj  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj¦  h³jÈ  h´NubjX  )”}”(hXµ  **Definition**::

  struct landlock_object {
      refcount_t usage;
      spinlock_t lock;
      void *underobj;
      union {
          struct rcu_head rcu_free;
          const struct landlock_object_underops *underops;
      };
  };

**Members**

``usage``
  This counter is used to tie an object to the rules matching
  it or to keep it alive while adding a new rule.  If this counter
  reaches zero, this struct must not be modified, but this counter can
  still be read from within an RCU read-side critical section.  When
  adding a new rule to an object with a usage counter of zero, we must
  wait until the pointer to this object is set to NULL (or recycled).

``lock``
  Protects against concurrent modifications.  This lock must be
  held from the time **usage** drops to zero until any weak references
  from **underobj** to this object have been cleaned up.

  Lock ordering: inode->i_lock nests inside this.

``underobj``
  Used when cleaning up an object and to mark an object as
  tied to its underlying kernel structure.  This pointer is protected
  by **lock**.  Cf. landlock_release_inodes() and release_inode().

``{unnamed_union}``
  anonymous

``rcu_free``
  Enables lockless use of **usage**, **lock** and
  **underobj** from within an RCU read-side critical section.
  **rcu_free** and **underops** are only used by
  landlock_put_object().

``underops``
  Enables landlock_put_object() to release the
  underlying object (e.g. inode).”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjv  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjr  ubhŒ:”…””}”(hjr  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´K"hjn  ubj}  )”}”(hŒÈstruct landlock_object {
    refcount_t usage;
    spinlock_t lock;
    void *underobj;
    union {
        struct rcu_head rcu_free;
        const struct landlock_object_underops *underops;
    };
};”h]”hŒÈstruct landlock_object {
    refcount_t usage;
    spinlock_t lock;
    void *underobj;
    union {
        struct rcu_head rcu_free;
        const struct landlock_object_underops *underops;
    };
};”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´K$hjn  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hj   h]”hŒMembers”…””}”(hj¢  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjž  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´K.hjn  ubj¦  )”}”(hhh]”(j«  )”}”(hX˜  ``usage``
This counter is used to tie an object to the rules matching
it or to keep it alive while adding a new rule.  If this counter
reaches zero, this struct must not be modified, but this counter can
still be read from within an RCU read-side critical section.  When
adding a new rule to an object with a usage counter of zero, we must
wait until the pointer to this object is set to NULL (or recycled).
”h]”(j±  )”}”(hŒ	``usage``”h]”j  )”}”(hj¿  h]”hŒusage”…””}”(hjÁ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj½  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´K/hj¹  ubjË  )”}”(hhh]”j  )”}”(hX  This counter is used to tie an object to the rules matching
it or to keep it alive while adding a new rule.  If this counter
reaches zero, this struct must not be modified, but this counter can
still be read from within an RCU read-side critical section.  When
adding a new rule to an object with a usage counter of zero, we must
wait until the pointer to this object is set to NULL (or recycled).”h]”hX  This counter is used to tie an object to the rules matching
it or to keep it alive while adding a new rule.  If this counter
reaches zero, this struct must not be modified, but this counter can
still be read from within an RCU read-side critical section.  When
adding a new rule to an object with a usage counter of zero, we must
wait until the pointer to this object is set to NULL (or recycled).”…””}”(hjØ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´K*hjÕ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj¹  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jÔ  h´K/hj¶  ubj«  )”}”(hŒô``lock``
Protects against concurrent modifications.  This lock must be
held from the time **usage** drops to zero until any weak references
from **underobj** to this object have been cleaned up.

Lock ordering: inode->i_lock nests inside this.
”h]”(j±  )”}”(hŒ``lock``”h]”j  )”}”(hjù  h]”hŒlock”…””}”(hjû  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj÷  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´K7hjó  ubjË  )”}”(hhh]”(j  )”}”(hŒ¹Protects against concurrent modifications.  This lock must be
held from the time **usage** drops to zero until any weak references
from **underobj** to this object have been cleaned up.”h]”(hŒQProtects against concurrent modifications.  This lock must be
held from the time ”…””}”(hj  h²hh³Nh´Nubjb  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ. drops to zero until any weak references
from ”…””}”(hj  h²hh³Nh´Nubjb  )”}”(hŒ**underobj**”h]”hŒunderobj”…””}”(hj,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ% to this object have been cleaned up.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´K3hj  ubj  )”}”(hŒ/Lock ordering: inode->i_lock nests inside this.”h]”hŒ/Lock ordering: inode->i_lock nests inside this.”…””}”(hjE  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j  h´K7hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjó  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j  h´K7hj¶  ubj«  )”}”(hŒË``underobj``
Used when cleaning up an object and to mark an object as
tied to its underlying kernel structure.  This pointer is protected
by **lock**.  Cf. landlock_release_inodes() and release_inode().
”h]”(j±  )”}”(hŒ``underobj``”h]”j  )”}”(hje  h]”hŒunderobj”…””}”(hjg  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjc  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´K=hj_  ubjË  )”}”(hhh]”j  )”}”(hŒ½Used when cleaning up an object and to mark an object as
tied to its underlying kernel structure.  This pointer is protected
by **lock**.  Cf. landlock_release_inodes() and release_inode().”h]”(hŒ€Used when cleaning up an object and to mark an object as
tied to its underlying kernel structure.  This pointer is protected
by ”…””}”(hj~  h²hh³Nh´Nubjb  )”}”(hŒ**lock**”h]”hŒlock”…””}”(hj†  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj~  ubhŒ5.  Cf. landlock_release_inodes() and release_inode().”…””}”(hj~  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´K;hj{  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj_  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jz  h´K=hj¶  ubj«  )”}”(hŒ``{unnamed_union}``
anonymous
”h]”(j±  )”}”(hŒ``{unnamed_union}``”h]”j  )”}”(hj±  h]”hŒ{unnamed_union}”…””}”(hj³  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj¯  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´Khj«  ubjË  )”}”(hhh]”j  )”}”(hŒ	anonymous”h]”hŒ	anonymous”…””}”(hjÊ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jÆ  h´KhjÇ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj«  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jÆ  h´Khj¶  ubj«  )”}”(hŒ¿``rcu_free``
Enables lockless use of **usage**, **lock** and
**underobj** from within an RCU read-side critical section.
**rcu_free** and **underops** are only used by
landlock_put_object().
”h]”(j±  )”}”(hŒ``rcu_free``”h]”j  )”}”(hjê  h]”hŒrcu_free”…””}”(hjì  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjè  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´KEhjä  ubjË  )”}”(hhh]”j  )”}”(hŒ±Enables lockless use of **usage**, **lock** and
**underobj** from within an RCU read-side critical section.
**rcu_free** and **underops** are only used by
landlock_put_object().”h]”(hŒEnables lockless use of ”…””}”(hj	  h²hh³Nh´Nubjb  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj	  ubhŒ, ”…””}”(hj	  h²hh³Nh´Nubjb  )”}”(hŒ**lock**”h]”hŒlock”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj	  ubhŒ and
”…””}”(hj	  h²hh³Nh´Nubjb  )”}”(hŒ**underobj**”h]”hŒunderobj”…””}”(hj/	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj	  ubhŒ0 from within an RCU read-side critical section.
”…””}”(hj	  h²hh³Nh´Nubjb  )”}”(hŒ**rcu_free**”h]”hŒrcu_free”…””}”(hjA	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj	  ubhŒ and ”…””}”(hj	  h²hh³Nh´Nubjb  )”}”(hŒ**underops**”h]”hŒunderops”…””}”(hjS	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj	  ubhŒ( are only used by
landlock_put_object().”…””}”(hj	  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´KBhj 	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjä  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jÿ  h´KEhj¶  ubj«  )”}”(hŒY``underops``
Enables landlock_put_object() to release the
underlying object (e.g. inode).”h]”(j±  )”}”(hŒ``underops``”h]”j  )”}”(hj~	  h]”hŒunderops”…””}”(hj€	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj|	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´KIhjx	  ubjË  )”}”(hhh]”j  )”}”(hŒLEnables landlock_put_object() to release the
underlying object (e.g. inode).”h]”hŒLEnables landlock_put_object() to release the
underlying object (e.g. inode).”…””}”(hj—	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j“	  h´KIhj”	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjx	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j“	  h´KIhj¶  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hjn  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj¦  h²hh³jÈ  h´Nubj  )”}”(hŒ**Description**”h]”jb  )”}”(hjÀ	  h]”hŒDescription”…””}”(hjÂ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj¾	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´KMhj¦  h²hubj  )”}”(hŒÛThe goal of this structure is to enable to tie a set of ephemeral access
rights (pertaining to different domains) to a kernel object (e.g an inode)
in a safe way.  This implies to handle concurrent use and modification.”h]”hŒÛThe goal of this structure is to enable to tie a set of ephemeral access
rights (pertaining to different domains) to a kernel object (e.g an inode)
in a safe way.  This implies to handle concurrent use and modification.”…””}”(hjÖ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´Khj¦  h²hubj  )”}”(hŒjThe lifetime of a :c:type:`struct landlock_object <landlock_object>` depends on the rules referring to
it.”h]”(hŒThe lifetime of a ”…””}”(hjå	  h²hh³Nh´Nubh)”}”(hŒ2:c:type:`struct landlock_object <landlock_object>`”h]”j  )”}”(hjï	  h]”hŒstruct landlock_object”…””}”(hjñ	  h²hh³Nh´Nubah}”(h]”h ]”(Œxref”jL  Œc-type”eh"]”h$]”h&]”uh1jœ  hjí	  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”Œsecurity/landlock”Œ	refdomain”jL  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰Œc:parent_key”Œsphinx.domains.c”Œ	LookupKey”“”)”}”Œdata”]”sbŒ	reftarget”Œlandlock_object”uh1hh³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:144: ./security/landlock/object.h”h´K#hjå	  ubhŒ& depends on the rules referring to
it.”…””}”(hjå	  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j
  h´K#hj¦  h²hubeh}”(h]”Œobject”ah ]”h"]”Œobject”ah$]”h&]”uh1hähj•  h²hh³hÇh´KŽubhå)”}”(hhh]”(hê)”}”(hŒ
Filesystem”h]”hŒ
Filesystem”…””}”(hj-
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhj*
  h²hh³hÇh´K”ubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œ"landlock_inode_security (C struct)”Œc.landlock_inode_security”hNt”auh1j·  hj*
  h²hh³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_inode_security”h]”jÕ  )”}”(hŒstruct landlock_inode_security”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hjU
  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjQ
  h²hh³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Kubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjc
  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjQ
  h²hh³jb
  h´Kubjþ  )”}”(hŒlandlock_inode_security”h]”j  )”}”(hjO
  h]”hŒlandlock_inode_security”…””}”(hju
  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjq
  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hjQ
  h²hh³jb
  h´Kubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hjM
  h²hh³jb
  h´Kubah}”(h]”jG
  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³jb
  h´KhjJ
  h²hubj0  )”}”(hhh]”j  )”}”(hŒInode security blob”h]”hŒInode security blob”…””}”(hj—
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Khj”
  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hjJ
  h²hh³jb
  h´Kubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  j¯
  jS  j¯
  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj*
  h³jI
  h´NubjX  )”}”(hXz  **Definition**::

  struct landlock_inode_security {
      struct landlock_object *object;
  };

**Members**

``object``
  Weak pointer to an allocated object.  All assignments of a
  new object are protected by the underlying inode->i_lock.  However,
  atomically disassociating **object** from the inode is only protected
  by **object->lock**, from the time **object**'s usage refcount drops to
  zero to the time this pointer is nulled out (cf. release_inode() and
  hook_sb_delete()).  Indeed, such disassociation doesn't require
  inode->i_lock thanks to the careful rcu_access_pointer() check
  performed by get_inode_object().”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj»
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj·
  ubhŒ:”…””}”(hj·
  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Khj³
  ubj}  )”}”(hŒGstruct landlock_inode_security {
    struct landlock_object *object;
};”h]”hŒGstruct landlock_inode_security {
    struct landlock_object *object;
};”…””}”hjÔ
  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Khj³
  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hjå
  h]”hŒMembers”…””}”(hjç
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjã
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K"hj³
  ubj¦  )”}”(hhh]”j«  )”}”(hXü  ``object``
Weak pointer to an allocated object.  All assignments of a
new object are protected by the underlying inode->i_lock.  However,
atomically disassociating **object** from the inode is only protected
by **object->lock**, from the time **object**'s usage refcount drops to
zero to the time this pointer is nulled out (cf. release_inode() and
hook_sb_delete()).  Indeed, such disassociation doesn't require
inode->i_lock thanks to the careful rcu_access_pointer() check
performed by get_inode_object().”h]”(j±  )”}”(hŒ
``object``”h]”j  )”}”(hj  h]”hŒobject”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K&hjþ
  ubjË  )”}”(hhh]”j  )”}”(hXñ  Weak pointer to an allocated object.  All assignments of a
new object are protected by the underlying inode->i_lock.  However,
atomically disassociating **object** from the inode is only protected
by **object->lock**, from the time **object**'s usage refcount drops to
zero to the time this pointer is nulled out (cf. release_inode() and
hook_sb_delete()).  Indeed, such disassociation doesn't require
inode->i_lock thanks to the careful rcu_access_pointer() check
performed by get_inode_object().”h]”(hŒ™Weak pointer to an allocated object.  All assignments of a
new object are protected by the underlying inode->i_lock.  However,
atomically disassociating ”…””}”(hj  h²hh³Nh´Nubjb  )”}”(hŒ
**object**”h]”hŒobject”…””}”(hj%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ% from the inode is only protected
by ”…””}”(hj  h²hh³Nh´Nubjb  )”}”(hŒ**object->lock**”h]”hŒobject->lock”…””}”(hj7  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ, from the time ”…””}”(hj  h²hh³Nh´Nubjb  )”}”(hŒ
**object**”h]”hŒobject”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhX  â€™s usage refcount drops to
zero to the time this pointer is nulled out (cf. release_inode() and
hook_sb_delete()).  Indeed, such disassociation doesnâ€™t require
inode->i_lock thanks to the careful rcu_access_pointer() check
performed by get_inode_object().”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjþ
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j  h´K&hjû
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hj³
  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj*
  h²hh³jI
  h´Nubj  )”}”(hŒ**Description**”h]”jb  )”}”(hj}  h]”hŒDescription”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj{  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K*hj*
  h²hubj  )”}”(hŒsEnable to reference a :c:type:`struct landlock_object <landlock_object>` tied to an inode (i.e.
underlying object).”h]”(hŒEnable to reference a ”…””}”(hj“  h²hh³Nh´Nubh)”}”(hŒ2:c:type:`struct landlock_object <landlock_object>`”h]”j  )”}”(hj  h]”hŒstruct landlock_object”…””}”(hjŸ  h²hh³Nh´Nubah}”(h]”h ]”(jû	  jL  Œc-type”eh"]”h$]”h&]”uh1jœ  hj›  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j
  Œ	refdomain”jL  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j
  j
  j
  Œlandlock_object”uh1hh³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Khj“  ubhŒ+ tied to an inode (i.e.
underlying object).”…””}”(hj“  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jº  h´Khj*
  h²hubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œ!landlock_file_security (C struct)”Œc.landlock_file_security”hNt”auh1j·  hj*
  h²hh³jI
  h´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_file_security”h]”jÕ  )”}”(hŒstruct landlock_file_security”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hjÞ  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjÚ  h²hh³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Kubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjì  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjÚ  h²hh³jë  h´Kubjþ  )”}”(hŒlandlock_file_security”h]”j  )”}”(hjØ  h]”hŒlandlock_file_security”…””}”(hjþ  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjú  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hjÚ  h²hh³jë  h´Kubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hjÖ  h²hh³jë  h´Kubah}”(h]”jÑ  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³jë  h´KhjÓ  h²hubj0  )”}”(hhh]”j  )”}”(hŒFile security blob”h]”hŒFile security blob”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K,hj  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hjÓ  h²hh³jë  h´Kubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  j8  jS  j8  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj*
  h³jI
  h´NubjX  )”}”(hXÈ  **Definition**::

  struct landlock_file_security {
      access_mask_t allowed_access;
  #ifdef CONFIG_AUDIT;
      deny_masks_t deny_masks;
      u8 fown_layer;
  #endif ;
      struct landlock_cred_security fown_subject;
  };

**Members**

``allowed_access``
  Access rights that were available at the time of
  opening the file. This is not necessarily the full set of access
  rights available at that time, but it's the necessary subset as
  needed to authorize later operations on the open file.

``deny_masks``
  Domain layer levels that deny an optional access (see
  _LANDLOCK_ACCESS_FS_OPTIONAL).

``fown_layer``
  Layer level of **fown_subject->domain** with
  LANDLOCK_SCOPE_SIGNAL.

``fown_subject``
  Landlock credential of the task that set the PID that
  may receive a signal e.g., SIGURG when writing MSG_OOB to the
  related socket.  This pointer is protected by the related
  file->f_owner->lock, as for fown_struct's members: pid, uid, and
  euid.”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjD  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj@  ubhŒ:”…””}”(hj@  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K0hj<  ubj}  )”}”(hŒÂstruct landlock_file_security {
    access_mask_t allowed_access;
#ifdef CONFIG_AUDIT;
    deny_masks_t deny_masks;
    u8 fown_layer;
#endif ;
    struct landlock_cred_security fown_subject;
};”h]”hŒÂstruct landlock_file_security {
    access_mask_t allowed_access;
#ifdef CONFIG_AUDIT;
    deny_masks_t deny_masks;
    u8 fown_layer;
#endif ;
    struct landlock_cred_security fown_subject;
};”…””}”hj]  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K2hj<  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hjn  h]”hŒMembers”…””}”(hjp  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjl  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K;hj<  ubj¦  )”}”(hhh]”(j«  )”}”(hŒü``allowed_access``
Access rights that were available at the time of
opening the file. This is not necessarily the full set of access
rights available at that time, but it's the necessary subset as
needed to authorize later operations on the open file.
”h]”(j±  )”}”(hŒ``allowed_access``”h]”j  )”}”(hj  h]”hŒallowed_access”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj‹  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K9hj‡  ubjË  )”}”(hhh]”j  )”}”(hŒèAccess rights that were available at the time of
opening the file. This is not necessarily the full set of access
rights available at that time, but it's the necessary subset as
needed to authorize later operations on the open file.”h]”hŒêAccess rights that were available at the time of
opening the file. This is not necessarily the full set of access
rights available at that time, but itâ€™s the necessary subset as
needed to authorize later operations on the open file.”…””}”(hj¦  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K6hj£  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj‡  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j¢  h´K9hj„  ubj«  )”}”(hŒd``deny_masks``
Domain layer levels that deny an optional access (see
_LANDLOCK_ACCESS_FS_OPTIONAL).
”h]”(j±  )”}”(hŒ``deny_masks``”h]”j  )”}”(hjÇ  h]”hŒ
deny_masks”…””}”(hjÉ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjÅ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K@hjÁ  ubjË  )”}”(hhh]”j  )”}”(hŒTDomain layer levels that deny an optional access (see
_LANDLOCK_ACCESS_FS_OPTIONAL).”h]”hŒTDomain layer levels that deny an optional access (see
_LANDLOCK_ACCESS_FS_OPTIONAL).”…””}”(hjà  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K?hjÝ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjÁ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jÜ  h´K@hj„  ubj«  )”}”(hŒS``fown_layer``
Layer level of **fown_subject->domain** with
LANDLOCK_SCOPE_SIGNAL.
”h]”(j±  )”}”(hŒ``fown_layer``”h]”j  )”}”(hj  h]”hŒ
fown_layer”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjÿ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´KEhjû  ubjË  )”}”(hhh]”j  )”}”(hŒCLayer level of **fown_subject->domain** with
LANDLOCK_SCOPE_SIGNAL.”h]”(hŒLayer level of ”…””}”(hj  h²hh³Nh´Nubjb  )”}”(hŒ**fown_subject->domain**”h]”hŒfown_subject->domain”…””}”(hj"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ with
LANDLOCK_SCOPE_SIGNAL.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´KDhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjû  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j  h´KEhj„  ubj«  )”}”(hX  ``fown_subject``
Landlock credential of the task that set the PID that
may receive a signal e.g., SIGURG when writing MSG_OOB to the
related socket.  This pointer is protected by the related
file->f_owner->lock, as for fown_struct's members: pid, uid, and
euid.”h]”(j±  )”}”(hŒ``fown_subject``”h]”j  )”}”(hjM  h]”hŒfown_subject”…””}”(hjO  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjK  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´KNhjG  ubjË  )”}”(hhh]”j  )”}”(hŒôLandlock credential of the task that set the PID that
may receive a signal e.g., SIGURG when writing MSG_OOB to the
related socket.  This pointer is protected by the related
file->f_owner->lock, as for fown_struct's members: pid, uid, and
euid.”h]”hŒöLandlock credential of the task that set the PID that
may receive a signal e.g., SIGURG when writing MSG_OOB to the
related socket.  This pointer is protected by the related
file->f_owner->lock, as for fown_structâ€™s members: pid, uid, and
euid.”…””}”(hjf  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´KKhjc  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjG  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jb  h´KNhj„  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hj<  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj*
  h²hh³jI
  h´Nubj  )”}”(hŒ**Description**”h]”jb  )”}”(hj  h]”hŒDescription”…””}”(hj’  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjŽ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´KRhj*
  h²hubj  )”}”(hX  This information is populated when opening a file in hook_file_open, and
tracks the relevant Landlock access rights that were available at the time
of opening the file. Other LSM hooks use these rights in order to authorize
operations on already opened files.”h]”hX  This information is populated when opening a file in hook_file_open, and
tracks the relevant Landlock access rights that were available at the time
of opening the file. Other LSM hooks use these rights in order to authorize
operations on already opened files.”…””}”(hj¦  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K-hj*
  h²hubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œ'landlock_superblock_security (C struct)”Œc.landlock_superblock_security”hNt”auh1j·  hj*
  h²hh³jI
  h´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_superblock_security”h]”jÕ  )”}”(hŒ#struct landlock_superblock_security”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hjÎ  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjÊ  h²hh³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K5ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjÜ  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjÊ  h²hh³jÛ  h´K5ubjþ  )”}”(hŒlandlock_superblock_security”h]”j  )”}”(hjÈ  h]”hŒlandlock_superblock_security”…””}”(hjî  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjê  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hjÊ  h²hh³jÛ  h´K5ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hjÆ  h²hh³jÛ  h´K5ubah}”(h]”jÁ  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³jÛ  h´K5hjÃ  h²hubj0  )”}”(hhh]”j  )”}”(hŒSuperblock security blob”h]”hŒSuperblock security blob”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K^hj  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hjÃ  h²hh³jÛ  h´K5ubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  j(  jS  j(  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj*
  h³jI
  h´NubjX  )”}”(hX  **Definition**::

  struct landlock_superblock_security {
      atomic_long_t inode_refs;
  };

**Members**

``inode_refs``
  Number of pending inodes (from this superblock) that
  are being released by release_inode().
  Cf. struct super_block->s_fsnotify_inode_refs .”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj4  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj0  ubhŒ:”…””}”(hj0  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Kbhj,  ubj}  )”}”(hŒFstruct landlock_superblock_security {
    atomic_long_t inode_refs;
};”h]”hŒFstruct landlock_superblock_security {
    atomic_long_t inode_refs;
};”…””}”hjM  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Kdhj,  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hj^  h]”hŒMembers”…””}”(hj`  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj\  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Khhj,  ubj¦  )”}”(hhh]”j«  )”}”(hŒš``inode_refs``
Number of pending inodes (from this superblock) that
are being released by release_inode().
Cf. struct super_block->s_fsnotify_inode_refs .”h]”(j±  )”}”(hŒ``inode_refs``”h]”j  )”}”(hj}  h]”hŒ
inode_refs”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj{  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Kfhjw  ubjË  )”}”(hhh]”j  )”}”(hŒ‹Number of pending inodes (from this superblock) that
are being released by release_inode().
Cf. struct super_block->s_fsnotify_inode_refs .”h]”hŒ‹Number of pending inodes (from this superblock) that
are being released by release_inode().
Cf. struct super_block->s_fsnotify_inode_refs .”…””}”(hj–  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Kehj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjw  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j’  h´Kfhjt  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hj,  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj*
  h²hh³jI
  h´Nubj  )”}”(hŒ**Description**”h]”jb  )”}”(hjÀ  h]”hŒDescription”…””}”(hjÂ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj¾  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´Kjhj*
  h²hubj  )”}”(hŒHEnable hook_sb_delete() to wait for concurrent calls to release_inode().”h]”hŒHEnable hook_sb_delete() to wait for concurrent calls to release_inode().”…””}”(hjÖ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³ŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:150: ./security/landlock/fs.h”h´K_hj*
  h²hubeh}”(h]”Œ
filesystem”ah ]”h"]”Œ
filesystem”ah$]”h&]”uh1hähj•  h²hh³hÇh´K”ubhå)”}”(hhh]”(hê)”}”(hŒProcess credential”h]”hŒProcess credential”…””}”(hjð  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhjí  h²hh³hÇh´Kšubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œ!landlock_cred_security (C struct)”Œc.landlock_cred_security”hNt”auh1j·  hjí  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_cred_security”h]”jÕ  )”}”(hŒstruct landlock_cred_security”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”jç  a•      h"]”h$]”h&]”uh1jÚ  hj  h²hh³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´Kubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj%  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj  h²hh³j$  h´Kubjþ  )”}”(hŒlandlock_cred_security”h]”j  )”}”(hj  h]”hŒlandlock_cred_security”…””}”(hj7  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj3  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hj  h²hh³j$  h´Kubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hj  h²hh³j$  h´Kubah}”(h]”j
  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³j$  h´Khj  h²hubj0  )”}”(hhh]”j  )”}”(hŒCredential security blob”h]”hŒCredential security blob”…””}”(hjY  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´KhjV  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hj  h²hh³j$  h´Kubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  jq  jS  jq  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhjí  h³Nh´NubjX  )”}”(hX¨  **Definition**::

  struct landlock_cred_security {
      struct landlock_ruleset *domain;
  #ifdef CONFIG_AUDIT;
      u16 domain_exec;
      u8 log_subdomains_off : 1;
  #endif ;
  };

**Members**

``domain``
  Immutable ruleset enforced on a task.

``domain_exec``
  Bitmask identifying the domain layers that were enforced by
  the current task's executed file (i.e. no new execve(2) since
  landlock_restrict_self(2)).

``log_subdomains_off``
  Set if the domain descendants's log_status should be
  set to ``LANDLOCK_LOG_DISABLED``.  This is not a landlock_hierarchy
  configuration because it applies to future descendant domains and it does
  not require a current domain.”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj}  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjy  ubhŒ:”…””}”(hjy  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´Khju  ubj}  )”}”(hŒ™struct landlock_cred_security {
    struct landlock_ruleset *domain;
#ifdef CONFIG_AUDIT;
    u16 domain_exec;
    u8 log_subdomains_off : 1;
#endif ;
};”h]”hŒ™struct landlock_cred_security {
    struct landlock_ruleset *domain;
#ifdef CONFIG_AUDIT;
    u16 domain_exec;
    u8 log_subdomains_off : 1;
#endif ;
};”…””}”hj–  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´Khju  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hj§  h]”hŒMembers”…””}”(hj©  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj¥  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´K&hju  ubj¦  )”}”(hhh]”(j«  )”}”(hŒ1``domain``
Immutable ruleset enforced on a task.
”h]”(j±  )”}”(hŒ
``domain``”h]”j  )”}”(hjÆ  h]”hŒdomain”…””}”(hjÈ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjÄ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´K#hjÀ  ubjË  )”}”(hhh]”j  )”}”(hŒ%Immutable ruleset enforced on a task.”h]”hŒ%Immutable ruleset enforced on a task.”…””}”(hjß  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jÛ  h´K#hjÜ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjÀ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jÛ  h´K#hj½  ubj«  )”}”(hŒ¦``domain_exec``
Bitmask identifying the domain layers that were enforced by
the current task's executed file (i.e. no new execve(2) since
landlock_restrict_self(2)).
”h]”(j±  )”}”(hŒ``domain_exec``”h]”j  )”}”(hjÿ  h]”hŒdomain_exec”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjý  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´K+hjù  ubjË  )”}”(hhh]”j  )”}”(hŒ•Bitmask identifying the domain layers that were enforced by
the current task's executed file (i.e. no new execve(2) since
landlock_restrict_self(2)).”h]”hŒ—Bitmask identifying the domain layers that were enforced by
the current taskâ€™s executed file (i.e. no new execve(2) since
landlock_restrict_self(2)).”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´K)hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjù  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j  h´K+hj½  ubj«  )”}”(hŒ÷``log_subdomains_off``
Set if the domain descendants's log_status should be
set to ``LANDLOCK_LOG_DISABLED``.  This is not a landlock_hierarchy
configuration because it applies to future descendant domains and it does
not require a current domain.”h]”(j±  )”}”(hŒ``log_subdomains_off``”h]”j  )”}”(hj9  h]”hŒlog_subdomains_off”…””}”(hj;  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj7  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´K1hj3  ubjË  )”}”(hhh]”j  )”}”(hŒàSet if the domain descendants's log_status should be
set to ``LANDLOCK_LOG_DISABLED``.  This is not a landlock_hierarchy
configuration because it applies to future descendant domains and it does
not require a current domain.”h]”(hŒ>Set if the domain descendantsâ€™s log_status should be
set to ”…””}”(hjR  h²hh³Nh´Nubj  )”}”(hŒ``LANDLOCK_LOG_DISABLED``”h]”hŒLANDLOCK_LOG_DISABLED”…””}”(hjZ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjR  ubhŒ‹.  This is not a landlock_hierarchy
configuration because it applies to future descendant domains and it does
not require a current domain.”…””}”(hjR  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´K/hjO  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj3  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jN  h´K1hj½  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hju  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hjí  h²hh³Nh´Nubj  )”}”(hŒ**Description**”h]”jb  )”}”(hjŽ  h]”hŒDescription”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjŒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´K5hjí  h²hubj  )”}”(hŒThis structure is packed to minimize the size of struct
landlock_file_security.  However, it is always aligned in the LSM cred blob,
see lsm_set_blob_size().”h]”hŒThis structure is packed to minimize the size of struct
landlock_file_security.  However, it is always aligned in the LSM cred blob,
see lsm_set_blob_size().”…””}”(hj¤  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´Khjí  h²hubj  )”}”(hŒ?When updating this, also update landlock_cred_copy() if needed.”h]”hŒ?When updating this, also update landlock_cred_copy() if needed.”…””}”(hj³  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´Khjí  h²hubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œ,landlock_get_applicable_subject (C function)”Œ!c.landlock_get_applicable_subject”hNt”auh1j·  hjí  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒ¢const struct landlock_cred_security * landlock_get_applicable_subject (const struct cred *const cred, const struct access_masks masks, size_t *const handle_layer)”h]”jÕ  )”}”(hŒ const struct landlock_cred_security *landlock_get_applicable_subject(const struct cred *const cred, const struct access_masks masks, size_t *const handle_layer)”h]”(jÛ  )”}”(hŒconst”h]”hŒconst”…””}”(hjÛ  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj×  h²hh³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´Klubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjê  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj×  h²hh³jé  h´KlubjÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hjø  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj×  h²hh³jé  h´Klubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj×  h²hh³jé  h´Klubh)”}”(hhh]”j  )”}”(hŒlandlock_cred_security”h]”hŒlandlock_cred_security”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”jL  Œreftype”Œ
identifier”Œ	reftarget”j  Œmodname”NŒ	classname”Nj
  j
  )”}”j
  ]”j
  ŒASTIdentifier”“”)”}”j,  Œlandlock_get_applicable_subject”sbŒ!c.landlock_get_applicable_subject”†”asbuh1hhj×  h²hh³jé  h´Klubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj:  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj×  h²hh³jé  h´Klubh Œdesc_sig_punctuation”“”)”}”(hji  h]”hŒ*”…””}”(hjJ  h²hh³Nh´Nubah}”(h]”h ]”Œp”ah"]”h$]”h&]”uh1jH  hj×  h²hh³jé  h´Klubjþ  )”}”(hŒlandlock_get_applicable_subject”h]”j  )”}”(hj7  h]”hŒlandlock_get_applicable_subject”…””}”(hj\  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjX  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hj×  h²hh³jé  h´Klubh Œdesc_parameterlist”“”)”}”(hŒ\(const struct cred *const cred, const struct access_masks masks, size_t *const handle_layer)”h]”(h Œdesc_parameter”“”)”}”(hŒconst struct cred *const cred”h]”(jÛ  )”}”(hjÝ  h]”hŒconst”…””}”(hj{  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjw  ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjˆ  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjw  ubjÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hj–  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjw  ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj£  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjw  ubh)”}”(hhh]”j  )”}”(hŒcred”h]”hŒcred”…””}”(hj´  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj±  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”jL  Œreftype”j,  Œ	reftarget”j¶  Œmodname”NŒ	classname”Nj
  j
  )”}”j
  ]”j5  Œ!c.landlock_get_applicable_subject”†”asbuh1hhjw  ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjÒ  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjw  ubjI  )”}”(hji  h]”hŒ*”…””}”(hjà  h²hh³Nh´Nubah}”(h]”h ]”jT  ah"]”h$]”h&]”uh1jH  hjw  ubjÛ  )”}”(hjÝ  h]”hŒconst”…””}”(hjí  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjw  ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjú  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjw  ubj  )”}”(hŒcred”h]”hŒcred”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjw  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1ju  hjq  ubjv  )”}”(hŒconst struct access_masks masks”h]”(jÛ  )”}”(hjÝ  h]”hŒconst”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj  ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj.  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj  ubjÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hj<  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj  ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj  ubh)”}”(hhh]”j  )”}”(hŒaccess_masks”h]”hŒaccess_masks”…””}”(hjZ  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjW  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”jL  Œreftype”j,  Œ	reftarget”j\  Œmodname”NŒ	classname”Nj
  j
  )”}”j
  ]”j5  Œ!c.landlock_get_applicable_subject”†”asbuh1hhj  ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjx  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj  ubj  )”}”(hŒmasks”h]”hŒmasks”…””}”(hj†  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1ju  hjq  ubjv  )”}”(hŒsize_t *const handle_layer”h]”(h)”}”(hhh]”j  )”}”(hŒsize_t”h]”hŒsize_t”…””}”(hj¢  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjŸ  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”jL  Œreftype”j,  Œ	reftarget”j¤  Œmodname”NŒ	classname”Nj
  j
  )”}”j
  ]”j5  Œ!c.landlock_get_applicable_subject”†”asbuh1hhj›  ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjÀ  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj›  ubjI  )”}”(hji  h]”hŒ*”…””}”(hjÎ  h²hh³Nh´Nubah}”(h]”h ]”jT  ah"]”h$]”h&]”uh1jH  hj›  ubjÛ  )”}”(hjÝ  h]”hŒconst”…””}”(hjÛ  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj›  ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjè  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj›  ubj  )”}”(hŒhandle_layer”h]”hŒhandle_layer”…””}”(hjö  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj›  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1ju  hjq  ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jo  hj×  h²hh³jé  h´Klubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hjÓ  h²hh³jé  h´Klubah}”(h]”jÎ  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³jé  h´KlhjÐ  h²hubj0  )”}”(hhh]”j  )”}”(hŒ’Return the subject's Landlock credential if its enforced domain applies to (i.e. handles) at least one of the access rights specified in **masks**”h]”(hŒ‹Return the subjectâ€™s Landlock credential if its enforced domain applies to (i.e. handles) at least one of the access rights specified in ”…””}”(hj   h²hh³Nh´Nubjb  )”}”(hŒ	**masks**”h]”hŒmasks”…””}”(hj(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj   ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´Klhj  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hjÐ  h²hh³jé  h´Klubeh}”(h]”h ]”(jL  Œfunction”eh"]”h$]”h&]”jQ  jL  jR  jF  jS  jF  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhjí  h³Nh´NubjX  )”}”(hXe  **Parameters**

``const struct cred *const cred``
  credential

``const struct access_masks masks``
  access masks

``size_t *const handle_layer``
  returned youngest layer handling a subset of **masks**.  Not set
  if the function returns NULL.

**Return**

landlock_cred(**cred**) if any access rights specified in **masks** is
handled, or NULL otherwise.”h]”(j  )”}”(hŒ**Parameters**”h]”jb  )”}”(hjP  h]”hŒ
Parameters”…””}”(hjR  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjN  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´KphjJ  ubj¦  )”}”(hhh]”(j«  )”}”(hŒ-``const struct cred *const cred``
credential
”h]”(j±  )”}”(hŒ!``const struct cred *const cred``”h]”j  )”}”(hjo  h]”hŒconst struct cred *const cred”…””}”(hjq  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjm  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´Kqhji  ubjË  )”}”(hhh]”j  )”}”(hŒ
credential”h]”hŒ
credential”…””}”(hjˆ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j„  h´Kqhj…  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hji  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j„  h´Kqhjf  ubj«  )”}”(hŒ1``const struct access_masks masks``
access masks
”h]”(j±  )”}”(hŒ#``const struct access_masks masks``”h]”j  )”}”(hj¨  h]”hŒconst struct access_masks masks”…””}”(hjª  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj¦  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´Krhj¢  ubjË  )”}”(hhh]”j  )”}”(hŒaccess masks”h]”hŒaccess masks”…””}”(hjÁ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j½  h´Krhj¾  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj¢  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j½  h´Krhjf  ubj«  )”}”(hŒ~``size_t *const handle_layer``
returned youngest layer handling a subset of **masks**.  Not set
if the function returns NULL.
”h]”(j±  )”}”(hŒ``size_t *const handle_layer``”h]”j  )”}”(hjá  h]”hŒsize_t *const handle_layer”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjß  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´KthjÛ  ubjË  )”}”(hhh]”j  )”}”(hŒ^returned youngest layer handling a subset of **masks**.  Not set
if the function returns NULL.”h]”(hŒ-returned youngest layer handling a subset of ”…””}”(hjú  h²hh³Nh´Nubjb  )”}”(hŒ	**masks**”h]”hŒmasks”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjú  ubhŒ(.  Not set
if the function returns NULL.”…””}”(hjú  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´Kshj÷  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjÛ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jö  h´Kthjf  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hjJ  ubj  )”}”(hŒ
**Return**”h]”jb  )”}”(hj/  h]”hŒReturn”…””}”(hj1  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj-  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´KvhjJ  ubj  )”}”(hŒblandlock_cred(**cred**) if any access rights specified in **masks** is
handled, or NULL otherwise.”h]”(hŒlandlock_cred(”…””}”(hjE  h²hh³Nh´Nubjb  )”}”(hŒ**cred**”h]”hŒcred”…””}”(hjM  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjE  ubhŒ$) if any access rights specified in ”…””}”(hjE  h²hh³Nh´Nubjb  )”}”(hŒ	**masks**”h]”hŒmasks”…””}”(hj_  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjE  ubhŒ is
handled, or NULL otherwise.”…””}”(hjE  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ[/var/lib/git/docbuild/linux/Documentation/security/landlock:156: ./security/landlock/cred.h”h´KvhjJ  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hjí  h²hh³Nh´Nubeh}”(h]”Œprocess-credential”ah ]”h"]”Œprocess credential”ah$]”h&]”uh1hähj•  h²hh³hÇh´Kšubhå)”}”(hhh]”(hê)”}”(hŒRuleset and domain”h]”hŒRuleset and domain”…””}”(hjŠ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhj‡  h²hh³hÇh´K ubj  )”}”(hX4  A domain is a read-only ruleset tied to a set of subjects (i.e. tasks'
credentials).  Each time a ruleset is enforced on a task, the current domain is
duplicated and the ruleset is imported as a new layer of rules in the new
domain.  Indeed, once in a domain, each rule is tied to a layer level.  To
grant access to an object, at least one rule of each layer must allow the
requested action on the object.  A task can then only transit to a new domain
that is the intersection of the constraints from the current domain and those
of a ruleset provided by the task.”h]”hX6  A domain is a read-only ruleset tied to a set of subjects (i.e. tasksâ€™
credentials).  Each time a ruleset is enforced on a task, the current domain is
duplicated and the ruleset is imported as a new layer of rules in the new
domain.  Indeed, once in a domain, each rule is tied to a layer level.  To
grant access to an object, at least one rule of each layer must allow the
requested action on the object.  A task can then only transit to a new domain
that is the intersection of the constraints from the current domain and those
of a ruleset provided by the task.”…””}”(hj˜  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K¢hj‡  h²hubj  )”}”(hŒ…The definition of a subject is implicit for a task sandboxing itself, which
makes the reasoning much easier and helps avoid pitfalls.”h]”hŒ…The definition of a subject is implicit for a task sandboxing itself, which
makes the reasoning much easier and helps avoid pitfalls.”…””}”(hj¦  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K«hj‡  h²hubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œlandlock_layer (C struct)”Œc.landlock_layer”hNt”auh1j·  hj‡  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_layer”h]”jÕ  )”}”(hŒstruct landlock_layer”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hjÍ  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjÉ  h²hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Kubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjÛ  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjÉ  h²hh³jÚ  h´Kubjþ  )”}”(hŒlandlock_layer”h]”j  )”}”(hjÇ  h]”hŒlandlock_layer”…””}”(hjí  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjé  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hjÉ  h²hh³jÚ  h´Kubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hjÅ  h²hh³jÚ  h´Kubah}”(h]”jÀ  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³jÚ  h´KhjÂ  h²hubj0  )”}”(hhh]”j  )”}”(hŒAccess rights for a given layer”h]”hŒAccess rights for a given layer”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Khj  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hjÂ  h²hh³jÚ  h´Kubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  j'  jS  j'  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj‡  h³Nh´NubjX  )”}”(hX>  **Definition**::

  struct landlock_layer {
      u16 level;
      access_mask_t access;
  };

**Members**

``level``
  Position of this layer in the layer stack.  Starts from 1.

``access``
  Bitfield of allowed actions on the kernel object.  They are
  relative to the object type (e.g. ``LANDLOCK_ACTION_FS_READ``).”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj3  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj/  ubhŒ:”…””}”(hj/  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Khj+  ubj}  )”}”(hŒCstruct landlock_layer {
    u16 level;
    access_mask_t access;
};”h]”hŒCstruct landlock_layer {
    u16 level;
    access_mask_t access;
};”…””}”hjL  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K hj+  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hj]  h]”hŒMembers”…””}”(hj_  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj[  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K%hj+  ubj¦  )”}”(hhh]”(j«  )”}”(hŒE``level``
Position of this layer in the layer stack.  Starts from 1.
”h]”(j±  )”}”(hŒ	``level``”h]”j  )”}”(hj|  h]”hŒlevel”…””}”(hj~  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjz  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Khjv  ubjË  )”}”(hhh]”j  )”}”(hŒ:Position of this layer in the layer stack.  Starts from 1.”h]”hŒ:Position of this layer in the layer stack.  Starts from 1.”…””}”(hj•  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j‘  h´Khj’  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjv  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j‘  h´Khjs  ubj«  )”}”(hŒ†``access``
Bitfield of allowed actions on the kernel object.  They are
relative to the object type (e.g. ``LANDLOCK_ACTION_FS_READ``).”h]”(j±  )”}”(hŒ
``access``”h]”j  )”}”(hjµ  h]”hŒaccess”…””}”(hj·  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj³  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K#hj¯  ubjË  )”}”(hhh]”j  )”}”(hŒ{Bitfield of allowed actions on the kernel object.  They are
relative to the object type (e.g. ``LANDLOCK_ACTION_FS_READ``).”h]”(hŒ^Bitfield of allowed actions on the kernel object.  They are
relative to the object type (e.g. ”…””}”(hjÎ  h²hh³Nh´Nubj  )”}”(hŒ``LANDLOCK_ACTION_FS_READ``”h]”hŒLANDLOCK_ACTION_FS_READ”…””}”(hjÖ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjÎ  ubhŒ).”…””}”(hjÎ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jÊ  h´K#hjË  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj¯  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jÊ  h´K#hjs  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hj+  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj‡  h²hh³Nh´Nubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œlandlock_key (C union)”Œc.landlock_key”hNt”auh1j·  hj‡  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_key”h]”jÕ  )”}”(hŒunion landlock_key”h]”(jÛ  )”}”(hŒunion”h]”hŒunion”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj  h²hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K*ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj/  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj  h²hh³j.  h´K*ubjþ  )”}”(hŒlandlock_key”h]”j  )”}”(hj  h]”hŒlandlock_key”…””}”(hjA  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj=  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hj  h²hh³j.  h´K*ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hj  h²hh³j.  h´K*ubah}”(h]”j  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³j.  h´K*hj  h²hubj0  )”}”(hhh]”j  )”}”(hŒ!Key of a ruleset's red-black tree”h]”hŒ#Key of a rulesetâ€™s red-black tree”…””}”(hjc  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K)hj`  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hj  h²hh³j.  h´K*ubeh}”(h]”h ]”(jL  Œunion”eh"]”h$]”h&]”jQ  jL  jR  j{  jS  j{  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj‡  h³Nh´NubjX  )”}”(hX	  **Definition**::

  union landlock_key {
      struct landlock_object *object;
      uintptr_t data;
  };

**Members**

``object``
  Pointer to identify a kernel object (e.g. an inode).

``data``
  Raw data to identify an arbitrary 32-bit value
  (e.g. a TCP port).”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj‡  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjƒ  ubhŒ:”…””}”(hjƒ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K-hj  ubj}  )”}”(hŒOunion landlock_key {
    struct landlock_object *object;
    uintptr_t data;
};”h]”hŒOunion landlock_key {
    struct landlock_object *object;
    uintptr_t data;
};”…””}”hj   sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K/hj  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hj±  h]”hŒMembers”…””}”(hj³  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj¯  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K4hj  ubj¦  )”}”(hhh]”(j«  )”}”(hŒ@``object``
Pointer to identify a kernel object (e.g. an inode).
”h]”(j±  )”}”(hŒ
``object``”h]”j  )”}”(hjÐ  h]”hŒobject”…””}”(hjÒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjÎ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K.hjÊ  ubjË  )”}”(hhh]”j  )”}”(hŒ4Pointer to identify a kernel object (e.g. an inode).”h]”hŒ4Pointer to identify a kernel object (e.g. an inode).”…””}”(hjé  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jå  h´K.hjæ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjÊ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jå  h´K.hjÇ  ubj«  )”}”(hŒJ``data``
Raw data to identify an arbitrary 32-bit value
(e.g. a TCP port).”h]”(j±  )”}”(hŒ``data``”h]”j  )”}”(hj	  h]”hŒdata”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K2hj  ubjË  )”}”(hhh]”j  )”}”(hŒARaw data to identify an arbitrary 32-bit value
(e.g. a TCP port).”h]”hŒARaw data to identify an arbitrary 32-bit value
(e.g. a TCP port).”…””}”(hj"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j  h´K2hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j  h´K2hjÇ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hj  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj‡  h²hh³Nh´Nubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œlandlock_key_type (C enum)”Œc.landlock_key_type”hNt”auh1j·  hj‡  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_key_type”h]”jÕ  )”}”(hŒenum landlock_key_type”h]”(jÛ  )”}”(hŒenum”h]”hŒenum”…””}”(hjb  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj^  h²hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K9ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjq  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj^  h²hh³jp  h´K9ubjþ  )”}”(hŒlandlock_key_type”h]”j  )”}”(hj\  h]”hŒlandlock_key_type”…””}”(hjƒ  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hj^  h²hh³jp  h´K9ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hjZ  h²hh³jp  h´K9ubah}”(h]”jU  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³jp  h´K9hjW  h²hubj0  )”}”(hhh]”j  )”}”(hŒ3Type of :c:type:`union landlock_key <landlock_key>`”h]”(hŒType of ”…””}”(hj¥  h²hh³Nh´Nubh)”}”(hŒ+:c:type:`union landlock_key <landlock_key>`”h]”j  )”}”(hj¯  h]”hŒunion landlock_key”…””}”(hj±  h²hh³Nh´Nubah}”(h]”h ]”(jû	  jL  Œc-type”eh"]”h$]”h&]”uh1jœ  hj­  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j
  Œ	refdomain”jL  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j
  j
  )”}”j
  ]”j4  )”}”j,  j\  sbŒc.landlock_key_type”†”asbj
  Œlandlock_key”uh1hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Khj¥  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K8hj¢  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hjW  h²hh³jp  h´K9ubeh}”(h]”h ]”(jL  Œenum”eh"]”h$]”h&]”jQ  jL  jR  jä  jS  jä  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj‡  h³Nh´NubjX  )”}”(hŒç**Constants**

``LANDLOCK_KEY_INODE``
  Type of :c:type:`landlock_ruleset.root_inode <landlock_ruleset>`'s node
  keys.

``LANDLOCK_KEY_NET_PORT``
  Type of :c:type:`landlock_ruleset.root_net_port <landlock_ruleset>`'s
  node keys.”h]”(j  )”}”(hŒ**Constants**”h]”jb  )”}”(hjî  h]”hŒ	Constants”…””}”(hjð  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjì  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K<hjè  ubj¦  )”}”(hhh]”(j«  )”}”(hŒe``LANDLOCK_KEY_INODE``
Type of :c:type:`landlock_ruleset.root_inode <landlock_ruleset>`'s node
keys.
”h]”(j±  )”}”(hŒ``LANDLOCK_KEY_INODE``”h]”j  )”}”(hj  h]”hŒLANDLOCK_KEY_INODE”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K@hj  ubjË  )”}”(hhh]”j  )”}”(hŒMType of :c:type:`landlock_ruleset.root_inode <landlock_ruleset>`'s node
keys.”h]”(hŒType of ”…””}”(hj&  h²hh³Nh´Nubh)”}”(hŒ8:c:type:`landlock_ruleset.root_inode <landlock_ruleset>`”h]”j  )”}”(hj0  h]”hŒlandlock_ruleset.root_inode”…””}”(hj2  h²hh³Nh´Nubah}”(h]”h ]”(jû	  jL  Œc-type”eh"]”h$]”h&]”uh1jœ  hj.  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j
  Œ	refdomain”jL  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j
  j
  j
  Œlandlock_ruleset”uh1hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K?hj&  ubhŒâ€™s node
keys.”…””}”(hj&  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jM  h´K?hj#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j"  h´K@hj  ubj«  )”}”(hŒj``LANDLOCK_KEY_NET_PORT``
Type of :c:type:`landlock_ruleset.root_net_port <landlock_ruleset>`'s
node keys.”h]”(j±  )”}”(hŒ``LANDLOCK_KEY_NET_PORT``”h]”j  )”}”(hjj  h]”hŒLANDLOCK_KEY_NET_PORT”…””}”(hjl  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjh  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KChjd  ubjË  )”}”(hhh]”j  )”}”(hŒPType of :c:type:`landlock_ruleset.root_net_port <landlock_ruleset>`'s
node keys.”h]”(hŒType of ”…””}”(hjƒ  h²hh³Nh´Nubh)”}”(hŒ;:c:type:`landlock_ruleset.root_net_port <landlock_ruleset>`”h]”j  )”}”(hj  h]”hŒlandlock_ruleset.root_net_port”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”(jû	  jL  Œc-type”eh"]”h$]”h&]”uh1jœ  hj‹  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j
  Œ	refdomain”jL  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j
  j
  j
  Œlandlock_ruleset”uh1hh³j  h´KChjƒ  ubhŒâ€™s
node keys.”…””}”(hjƒ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j  h´KChj€  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjd  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j  h´KChj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hjè  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj‡  h²hh³Nh´Nubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œlandlock_id (C struct)”Œc.landlock_id”hNt”auh1j·  hj‡  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_id”h]”jÕ  )”}”(hŒstruct landlock_id”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hjæ  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjâ  h²hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KIubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjô  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjâ  h²hh³jó  h´KIubjþ  )”}”(hŒlandlock_id”h]”j  )”}”(hjà  h]”hŒlandlock_id”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hjâ  h²hh³jó  h´KIubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hjÞ  h²hh³jó  h´KIubah}”(h]”jÙ  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³jó  h´KIhjÛ  h²hubj0  )”}”(hhh]”j  )”}”(hŒ$Unique rule identifier for a ruleset”h]”hŒ$Unique rule identifier for a ruleset”…””}”(hj(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KHhj%  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hjÛ  h²hh³jó  h´KIubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  j@  jS  j@  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj‡  h³Nh´NubjX  )”}”(hX  **Definition**::

  struct landlock_id {
      union landlock_key key;
      const enum landlock_key_type type;
  };

**Members**

``key``
  Identifies either a kernel object (e.g. an inode) or
  a raw value (e.g. a TCP port).

``type``
  Type of a landlock_ruleset's root tree.”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjL  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjH  ubhŒ:”…””}”(hjH  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KLhjD  ubj}  )”}”(hŒZstruct landlock_id {
    union landlock_key key;
    const enum landlock_key_type type;
};”h]”hŒZstruct landlock_id {
    union landlock_key key;
    const enum landlock_key_type type;
};”…””}”hje  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KNhjD  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hjv  h]”hŒMembers”…””}”(hjx  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjt  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KShjD  ubj¦  )”}”(hhh]”(j«  )”}”(hŒ\``key``
Identifies either a kernel object (e.g. an inode) or
a raw value (e.g. a TCP port).
”h]”(j±  )”}”(hŒ``key``”h]”j  )”}”(hj•  h]”hŒkey”…””}”(hj—  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KNhj  ubjË  )”}”(hhh]”j  )”}”(hŒSIdentifies either a kernel object (e.g. an inode) or
a raw value (e.g. a TCP port).”h]”hŒSIdentifies either a kernel object (e.g. an inode) or
a raw value (e.g. a TCP port).”…””}”(hj®  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KMhj«  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jª  h´KNhjŒ  ubj«  )”}”(hŒ0``type``
Type of a landlock_ruleset's root tree.”h]”(j±  )”}”(hŒ``type``”h]”j  )”}”(hjÏ  h]”hŒtype”…””}”(hjÑ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjÍ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KQhjÉ  ubjË  )”}”(hhh]”j  )”}”(hŒ'Type of a landlock_ruleset's root tree.”h]”hŒ)Type of a landlock_rulesetâ€™s root tree.”…””}”(hjè  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KRhjå  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjÉ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jä  h´KQhjŒ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hjD  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj‡  h²hh³Nh´Nubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œlandlock_rule (C struct)”Œc.landlock_rule”hNt”auh1j·  hj‡  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_rule”h]”jÕ  )”}”(hŒstruct landlock_rule”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hj)  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj%  h²hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KXubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj7  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj%  h²hh³j6  h´KXubjþ  )”}”(hŒlandlock_rule”h]”j  )”}”(hj#  h]”hŒlandlock_rule”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjE  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hj%  h²hh³j6  h´KXubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hj!  h²hh³j6  h´KXubah}”(h]”j  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³j6  h´KXhj  h²hubj0  )”}”(hhh]”j  )”}”(hŒAccess rights tied to an object”h]”hŒAccess rights tied to an object”…””}”(hjk  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KWhjh  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hj  h²hh³j6  h´KXubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  jƒ  jS  jƒ  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj‡  h³Nh´NubjX  )”}”(hXÃ  **Definition**::

  struct landlock_rule {
      struct rb_node node;
      union landlock_key key;
      u32 num_layers;
      struct landlock_layer layers[];
  };

**Members**

``node``
  Node in the ruleset's red-black tree.

``key``
  A union to identify either a kernel object (e.g. an inode) or
  a raw data value (e.g. a network socket port). This is used as a key
  for this ruleset element.  The pointer is set once and never
  modified.  It always points to an allocated object because each rule
  increments the refcount of its object.

``num_layers``
  Number of entries in **layers**.

``layers``
  Stack of layers, from the latest to the newest, implemented
  as a flexible array member (FAM).”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj‹  ubhŒ:”…””}”(hj‹  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K[hj‡  ubj}  )”}”(hŒ†struct landlock_rule {
    struct rb_node node;
    union landlock_key key;
    u32 num_layers;
    struct landlock_layer layers[];
};”h]”hŒ†struct landlock_rule {
    struct rb_node node;
    union landlock_key key;
    u32 num_layers;
    struct landlock_layer layers[];
};”…””}”hj¨  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K]hj‡  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hj¹  h]”hŒMembers”…””}”(hj»  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj·  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Kdhj‡  ubj¦  )”}”(hhh]”(j«  )”}”(hŒ/``node``
Node in the ruleset's red-black tree.
”h]”(j±  )”}”(hŒ``node``”h]”j  )”}”(hjØ  h]”hŒnode”…””}”(hjÚ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjÖ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K\hjÒ  ubjË  )”}”(hhh]”j  )”}”(hŒ%Node in the ruleset's red-black tree.”h]”hŒ'Node in the rulesetâ€™s red-black tree.”…””}”(hjñ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jí  h´K\hjî  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjÒ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jí  h´K\hjÏ  ubj«  )”}”(hX4  ``key``
A union to identify either a kernel object (e.g. an inode) or
a raw data value (e.g. a network socket port). This is used as a key
for this ruleset element.  The pointer is set once and never
modified.  It always points to an allocated object because each rule
increments the refcount of its object.
”h]”(j±  )”}”(hŒ``key``”h]”j  )”}”(hj  h]”hŒkey”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Kdhj  ubjË  )”}”(hhh]”j  )”}”(hX+  A union to identify either a kernel object (e.g. an inode) or
a raw data value (e.g. a network socket port). This is used as a key
for this ruleset element.  The pointer is set once and never
modified.  It always points to an allocated object because each rule
increments the refcount of its object.”h]”hX+  A union to identify either a kernel object (e.g. an inode) or
a raw data value (e.g. a network socket port). This is used as a key
for this ruleset element.  The pointer is set once and never
modified.  It always points to an allocated object because each rule
increments the refcount of its object.”…””}”(hj*  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K`hj'  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j&  h´KdhjÏ  ubj«  )”}”(hŒ0``num_layers``
Number of entries in **layers**.
”h]”(j±  )”}”(hŒ``num_layers``”h]”j  )”}”(hjK  h]”hŒ
num_layers”…””}”(hjM  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjI  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KhhjE  ubjË  )”}”(hhh]”j  )”}”(hŒ Number of entries in **layers**.”h]”(hŒNumber of entries in ”…””}”(hjd  h²hh³Nh´Nubjb  )”}”(hŒ
**layers**”h]”hŒlayers”…””}”(hjl  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjd  ubhŒ.”…””}”(hjd  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j`  h´Khhja  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjE  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j`  h´KhhjÏ  ubj«  )”}”(hŒh``layers``
Stack of layers, from the latest to the newest, implemented
as a flexible array member (FAM).”h]”(j±  )”}”(hŒ
``layers``”h]”j  )”}”(hj–  h]”hŒlayers”…””}”(hj˜  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj”  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Klhj  ubjË  )”}”(hhh]”j  )”}”(hŒ]Stack of layers, from the latest to the newest, implemented
as a flexible array member (FAM).”h]”hŒ]Stack of layers, from the latest to the newest, implemented
as a flexible array member (FAM).”…””}”(hj¯  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j«  h´Klhj¬  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j«  h´KlhjÏ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hj‡  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj‡  h²hh³Nh´Nubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œlandlock_ruleset (C struct)”Œc.landlock_ruleset”hNt”auh1j·  hj‡  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_ruleset”h]”jÕ  )”}”(hŒstruct landlock_ruleset”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hjï  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjë  h²hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Ksubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjý  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjë  h²hh³jü  h´Ksubjþ  )”}”(hŒlandlock_ruleset”h]”j  )”}”(hjé  h]”hŒlandlock_ruleset”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hjë  h²hh³jü  h´Ksubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hjç  h²hh³jü  h´Ksubah}”(h]”jâ  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³jü  h´Kshjä  h²hubj0  )”}”(hhh]”j  )”}”(hŒLandlock ruleset”h]”hŒLandlock ruleset”…””}”(hj1  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Krhj.  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hjä  h²hh³jü  h´Ksubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  jI  jS  jI  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj‡  h³Nh´NubjX  )”}”(hX	  **Definition**::

  struct landlock_ruleset {
      struct rb_root root_inode;
  #if IS_ENABLED(CONFIG_INET);
      struct rb_root root_net_port;
  #endif ;
      struct landlock_hierarchy *hierarchy;
      union {
          struct work_struct work_free;
          struct {
              struct mutex lock;
              refcount_t usage;
              u32 num_rules;
              u32 num_layers;
              struct access_masks access_masks[];
          };
      };
  };

**Members**

``root_inode``
  Root of a red-black tree containing :c:type:`struct
  landlock_rule <landlock_rule>` nodes with inode object.  Once a ruleset is tied to a
  process (i.e. as a domain), this tree is immutable until **usage**
  reaches zero.

``root_net_port``
  Root of a red-black tree containing :c:type:`struct
  landlock_rule <landlock_rule>` nodes with network port. Once a ruleset is tied to a
  process (i.e. as a domain), this tree is immutable until **usage**
  reaches zero.

``hierarchy``
  Enables hierarchy identification even when a parent
  domain vanishes.  This is needed for the ptrace protection.

``{unnamed_union}``
  anonymous

``work_free``
  Enables to free a ruleset within a lockless
  section.  This is only used by
  landlock_put_ruleset_deferred() when **usage** reaches zero.
  The fields **lock**, **usage**, **num_rules**, **num_layers** and
  **access_masks** are then unused.

``{unnamed_struct}``
  anonymous

``lock``
  Protects against concurrent modifications of
  **root**, if **usage** is greater than zero.

``usage``
  Number of processes (i.e. domains) or file
  descriptors referencing this ruleset.

``num_rules``
  Number of non-overlapping (i.e. not for
  the same object) rules in this ruleset.

``num_layers``
  Number of layers that are used in this
  ruleset.  This enables to check that all the layers
  allow an access request.  A value of 0 identifies a
  non-merged ruleset (i.e. not a domain).

``access_masks``
  Contains the subset of filesystem and
  network actions that are restricted by a ruleset.
  A domain saves all layers of merged rulesets in a
  stack (FAM), starting from the first layer to the
  last one.  These layers are used when merging
  rulesets, for user space backward compatibility
  (i.e. future-proof), and to properly handle merged
  rulesets without overlapping access rights.  These
  layers are set once and never changed for the
  lifetime of the ruleset.”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjU  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjQ  ubhŒ:”…””}”(hjQ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KvhjM  ubj}  )”}”(hX¦  struct landlock_ruleset {
    struct rb_root root_inode;
#if IS_ENABLED(CONFIG_INET);
    struct rb_root root_net_port;
#endif ;
    struct landlock_hierarchy *hierarchy;
    union {
        struct work_struct work_free;
        struct {
            struct mutex lock;
            refcount_t usage;
            u32 num_rules;
            u32 num_layers;
            struct access_masks access_masks[];
        };
    };
};”h]”hX¦  struct landlock_ruleset {
    struct rb_root root_inode;
#if IS_ENABLED(CONFIG_INET);
    struct rb_root root_net_port;
#endif ;
    struct landlock_hierarchy *hierarchy;
    union {
        struct work_struct work_free;
        struct {
            struct mutex lock;
            refcount_t usage;
            u32 num_rules;
            u32 num_layers;
            struct access_masks access_masks[];
        };
    };
};”…””}”hjn  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KxhjM  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hj  h]”hŒMembers”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj}  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KŠhjM  ubj¦  )”}”(hhh]”(j«  )”}”(hŒé``root_inode``
Root of a red-black tree containing :c:type:`struct
landlock_rule <landlock_rule>` nodes with inode object.  Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until **usage**
reaches zero.
”h]”(j±  )”}”(hŒ``root_inode``”h]”j  )”}”(hjž  h]”hŒ
root_inode”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjœ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K}hj˜  ubjË  )”}”(hhh]”j  )”}”(hŒÙRoot of a red-black tree containing :c:type:`struct
landlock_rule <landlock_rule>` nodes with inode object.  Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until **usage**
reaches zero.”h]”(hŒ$Root of a red-black tree containing ”…””}”(hj·  h²hh³Nh´Nubh)”}”(hŒ.:c:type:`struct
landlock_rule <landlock_rule>`”h]”j  )”}”(hjÁ  h]”hŒstruct
landlock_rule”…””}”(hjÃ  h²hh³Nh´Nubah}”(h]”h ]”(jû	  jL  Œc-type”eh"]”h$]”h&]”uh1jœ  hj¿  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j
  Œ	refdomain”jL  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j
  j
  j
  Œlandlock_rule”uh1hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Kzhj·  ubhŒp nodes with inode object.  Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until ”…””}”(hj·  h²hh³Nh´Nubjb  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj·  ubhŒ
reaches zero.”…””}”(hj·  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jÞ  h´Kzhj´  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj˜  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j³  h´K}hj•  ubj«  )”}”(hŒë``root_net_port``
Root of a red-black tree containing :c:type:`struct
landlock_rule <landlock_rule>` nodes with network port. Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until **usage**
reaches zero.
”h]”(j±  )”}”(hŒ``root_net_port``”h]”j  )”}”(hj  h]”hŒroot_net_port”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K†hj  ubjË  )”}”(hhh]”j  )”}”(hŒØRoot of a red-black tree containing :c:type:`struct
landlock_rule <landlock_rule>` nodes with network port. Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until **usage**
reaches zero.”h]”(hŒ$Root of a red-black tree containing ”…””}”(hj&  h²hh³Nh´Nubh)”}”(hŒ.:c:type:`struct
landlock_rule <landlock_rule>`”h]”j  )”}”(hj0  h]”hŒstruct
landlock_rule”…””}”(hj2  h²hh³Nh´Nubah}”(h]”h ]”(jû	  jL  Œc-type”eh"]”h$]”h&]”uh1jœ  hj.  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j
  Œ	refdomain”jL  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j
  j
  j
  Œlandlock_rule”uh1hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Kƒhj&  ubhŒo nodes with network port. Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until ”…””}”(hj&  h²hh³Nh´Nubjb  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hjR  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj&  ubhŒ
reaches zero.”…””}”(hj&  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jM  h´Kƒhj#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j"  h´K†hj•  ubj«  )”}”(hŒ~``hierarchy``
Enables hierarchy identification even when a parent
domain vanishes.  This is needed for the ptrace protection.
”h]”(j±  )”}”(hŒ``hierarchy``”h]”j  )”}”(hj|  h]”hŒ	hierarchy”…””}”(hj~  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjz  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Khjv  ubjË  )”}”(hhh]”j  )”}”(hŒoEnables hierarchy identification even when a parent
domain vanishes.  This is needed for the ptrace protection.”h]”hŒoEnables hierarchy identification even when a parent
domain vanishes.  This is needed for the ptrace protection.”…””}”(hj•  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KŒhj’  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjv  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j‘  h´Khj•  ubj«  )”}”(hŒ``{unnamed_union}``
anonymous
”h]”(j±  )”}”(hŒ``{unnamed_union}``”h]”j  )”}”(hj¶  h]”hŒ{unnamed_union}”…””}”(hj¸  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj´  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Khj°  ubjË  )”}”(hhh]”j  )”}”(hŒ	anonymous”h]”hŒ	anonymous”…””}”(hjÏ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jË  h´KhjÌ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj°  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jË  h´Khj•  ubj«  )”}”(hŒú``work_free``
Enables to free a ruleset within a lockless
section.  This is only used by
landlock_put_ruleset_deferred() when **usage** reaches zero.
The fields **lock**, **usage**, **num_rules**, **num_layers** and
**access_masks** are then unused.
”h]”(j±  )”}”(hŒ``work_free``”h]”j  )”}”(hjï  h]”hŒ	work_free”…””}”(hjñ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjí  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K–hjé  ubjË  )”}”(hhh]”j  )”}”(hŒëEnables to free a ruleset within a lockless
section.  This is only used by
landlock_put_ruleset_deferred() when **usage** reaches zero.
The fields **lock**, **usage**, **num_rules**, **num_layers** and
**access_masks** are then unused.”h]”(hŒpEnables to free a ruleset within a lockless
section.  This is only used by
landlock_put_ruleset_deferred() when ”…””}”(hj  h²hh³Nh´Nubjb  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ reaches zero.
The fields ”…””}”(hj  h²hh³Nh´Nubjb  )”}”(hŒ**lock**”h]”hŒlock”…””}”(hj"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ, ”…””}”(hj  h²hh³Nh´Nubjb  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hj4  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ, ”…””}”hj  sbjb  )”}”(hŒ**num_rules**”h]”hŒ	num_rules”…””}”(hjF  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ, ”…””}”hj  sbjb  )”}”(hŒ**num_layers**”h]”hŒ
num_layers”…””}”(hjX  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ and
”…””}”(hj  h²hh³Nh´Nubjb  )”}”(hŒ**access_masks**”h]”hŒaccess_masks”…””}”(hjj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj  ubhŒ are then unused.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K’hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjé  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j  h´K–hj•  ubj«  )”}”(hŒ``{unnamed_struct}``
anonymous
”h]”(j±  )”}”(hŒ``{unnamed_struct}``”h]”j  )”}”(hj•  h]”hŒ{unnamed_struct}”…””}”(hj—  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Khj  ubjË  )”}”(hhh]”j  )”}”(hŒ	anonymous”h]”hŒ	anonymous”…””}”(hj®  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jª  h´Khj«  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jª  h´Khj•  ubj«  )”}”(hŒc``lock``
Protects against concurrent modifications of
**root**, if **usage** is greater than zero.
”h]”(j±  )”}”(hŒ``lock``”h]”j  )”}”(hjÎ  h]”hŒlock”…””}”(hjÐ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjÌ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KœhjÈ  ubjË  )”}”(hhh]”j  )”}”(hŒYProtects against concurrent modifications of
**root**, if **usage** is greater than zero.”h]”(hŒ-Protects against concurrent modifications of
”…””}”(hjç  h²hh³Nh´Nubjb  )”}”(hŒ**root**”h]”hŒroot”…””}”(hjï  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjç  ubhŒ, if ”…””}”(hjç  h²hh³Nh´Nubjb  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjç  ubhŒ is greater than zero.”…””}”(hjç  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K›hjä  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjÈ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jã  h´Kœhj•  ubj«  )”}”(hŒ[``usage``
Number of processes (i.e. domains) or file
descriptors referencing this ruleset.
”h]”(j±  )”}”(hŒ	``usage``”h]”j  )”}”(hj,  h]”hŒusage”…””}”(hj.  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj*  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K¡hj&  ubjË  )”}”(hhh]”j  )”}”(hŒPNumber of processes (i.e. domains) or file
descriptors referencing this ruleset.”h]”hŒPNumber of processes (i.e. domains) or file
descriptors referencing this ruleset.”…””}”(hjE  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K hjB  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj&  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jA  h´K¡hj•  ubj«  )”}”(hŒ^``num_rules``
Number of non-overlapping (i.e. not for
the same object) rules in this ruleset.
”h]”(j±  )”}”(hŒ``num_rules``”h]”j  )”}”(hjf  h]”hŒ	num_rules”…””}”(hjh  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjd  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K¦hj`  ubjË  )”}”(hhh]”j  )”}”(hŒONumber of non-overlapping (i.e. not for
the same object) rules in this ruleset.”h]”hŒONumber of non-overlapping (i.e. not for
the same object) rules in this ruleset.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K¥hj|  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj`  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j{  h´K¦hj•  ubj«  )”}”(hŒÆ``num_layers``
Number of layers that are used in this
ruleset.  This enables to check that all the layers
allow an access request.  A value of 0 identifies a
non-merged ruleset (i.e. not a domain).
”h]”(j±  )”}”(hŒ``num_layers``”h]”j  )”}”(hj   h]”hŒ
num_layers”…””}”(hj¢  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjž  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K­hjš  ubjË  )”}”(hhh]”j  )”}”(hŒ¶Number of layers that are used in this
ruleset.  This enables to check that all the layers
allow an access request.  A value of 0 identifies a
non-merged ruleset (i.e. not a domain).”h]”hŒ¶Number of layers that are used in this
ruleset.  This enables to check that all the layers
allow an access request.  A value of 0 identifies a
non-merged ruleset (i.e. not a domain).”…””}”(hj¹  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Kªhj¶  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjš  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jµ  h´K­hj•  ubj«  )”}”(hX×  ``access_masks``
Contains the subset of filesystem and
network actions that are restricted by a ruleset.
A domain saves all layers of merged rulesets in a
stack (FAM), starting from the first layer to the
last one.  These layers are used when merging
rulesets, for user space backward compatibility
(i.e. future-proof), and to properly handle merged
rulesets without overlapping access rights.  These
layers are set once and never changed for the
lifetime of the ruleset.”h]”(j±  )”}”(hŒ``access_masks``”h]”j  )”}”(hjÚ  h]”hŒaccess_masks”…””}”(hjÜ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjØ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K¹hjÔ  ubjË  )”}”(hhh]”j  )”}”(hXÆ  Contains the subset of filesystem and
network actions that are restricted by a ruleset.
A domain saves all layers of merged rulesets in a
stack (FAM), starting from the first layer to the
last one.  These layers are used when merging
rulesets, for user space backward compatibility
(i.e. future-proof), and to properly handle merged
rulesets without overlapping access rights.  These
layers are set once and never changed for the
lifetime of the ruleset.”h]”hXÆ  Contains the subset of filesystem and
network actions that are restricted by a ruleset.
A domain saves all layers of merged rulesets in a
stack (FAM), starting from the first layer to the
last one.  These layers are used when merging
rulesets, for user space backward compatibility
(i.e. future-proof), and to properly handle merged
rulesets without overlapping access rights.  These
layers are set once and never changed for the
lifetime of the ruleset.”…””}”(hjó  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K±hjð  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjÔ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jï  h´K¹hj•  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hjM  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj‡  h²hh³Nh´Nubj  )”}”(hŒ**Description**”h]”jb  )”}”(hj   h]”hŒDescription”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj   ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´K½hj‡  h²hubj  )”}”(hŒ\This data structure must contain unique entries, be updatable, and quick to
match an object.”h]”hŒ\This data structure must contain unique entries, be updatable, and quick to
match an object.”…””}”(hj3   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Kshj‡  h²hubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œ(landlock_union_access_masks (C function)”Œc.landlock_union_access_masks”•öv      hNt”auh1j·  hj‡  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒ]struct access_masks landlock_union_access_masks (const struct landlock_ruleset *const domain)”h]”jÕ  )”}”(hŒ\struct access_masks landlock_union_access_masks(const struct landlock_ruleset *const domain)”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hj[   h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjW   h²hh³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KÞubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hji   h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjW   h²hh³jh   h´KÞubh)”}”(hhh]”j  )”}”(hŒaccess_masks”h]”hŒaccess_masks”…””}”(hjz   h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjw   ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”jL  Œreftype”j,  Œ	reftarget”j|   Œmodname”NŒ	classname”Nj
  j
  )”}”j
  ]”j4  )”}”j,  Œlandlock_union_access_masks”sbŒc.landlock_union_access_masks”†”asbuh1hhjW   h²hh³jh   h´KÞubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj›   h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjW   h²hh³jh   h´KÞubjþ  )”}”(hŒlandlock_union_access_masks”h]”j  )”}”(hj˜   h]”hŒlandlock_union_access_masks”…””}”(hj­   h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj©   ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hjW   h²hh³jh   h´KÞubjp  )”}”(hŒ-(const struct landlock_ruleset *const domain)”h]”jv  )”}”(hŒ+const struct landlock_ruleset *const domain”h]”(jÛ  )”}”(hjÝ  h]”hŒconst”…””}”(hjÈ   h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjÄ   ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjÕ   h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjÄ   ubjÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hjã   h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjÄ   ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjð   h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjÄ   ubh)”}”(hhh]”j  )”}”(hŒlandlock_ruleset”h]”hŒlandlock_ruleset”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjþ   ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”jL  Œreftype”j,  Œ	reftarget”j!  Œmodname”NŒ	classname”Nj
  j
  )”}”j
  ]”j–   Œc.landlock_union_access_masks”†”asbuh1hhjÄ   ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjÄ   ubjI  )”}”(hji  h]”hŒ*”…””}”(hj-!  h²hh³Nh´Nubah}”(h]”h ]”jT  ah"]”h$]”h&]”uh1jH  hjÄ   ubjÛ  )”}”(hjÝ  h]”hŒconst”…””}”(hj:!  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hjÄ   ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjG!  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hjÄ   ubj  )”}”(hŒdomain”h]”hŒdomain”…””}”(hjU!  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjÄ   ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆhÅhÆuh1ju  hjÀ   ubah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1jo  hjW   h²hh³jh   h´KÞubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hjS   h²hh³jh   h´KÞubah}”(h]”jN   ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³jh   h´KÞhjP   h²hubj0  )”}”(hhh]”j  )”}”(hŒ.Return all access rights handled in the domain”h]”hŒ.Return all access rights handled in the domain”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´KÞhj|!  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hjP   h²hh³jh   h´KÞubeh}”(h]”h ]”(jL  Œfunction”eh"]”h$]”h&]”jQ  jL  jR  j—!  jS  j—!  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj‡  h³Nh´NubjX  )”}”(hŒµ**Parameters**

``const struct landlock_ruleset *const domain``
  Landlock ruleset (used as a domain)

**Return**

An access_masks result of the OR of all the domain's access masks.”h]”(j  )”}”(hŒ**Parameters**”h]”jb  )”}”(hj¡!  h]”hŒ
Parameters”…””}”(hj£!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjŸ!  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Kâhj›!  ubj¦  )”}”(hhh]”j«  )”}”(hŒT``const struct landlock_ruleset *const domain``
Landlock ruleset (used as a domain)
”h]”(j±  )”}”(hŒ/``const struct landlock_ruleset *const domain``”h]”j  )”}”(hjÀ!  h]”hŒ+const struct landlock_ruleset *const domain”…””}”(hjÂ!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj¾!  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Káhjº!  ubjË  )”}”(hhh]”j  )”}”(hŒ#Landlock ruleset (used as a domain)”h]”hŒ#Landlock ruleset (used as a domain)”…””}”(hjÙ!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jÕ!  h´KáhjÖ!  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjº!  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jÕ!  h´Káhj·!  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hj›!  ubj  )”}”(hŒ
**Return**”h]”jb  )”}”(hjû!  h]”hŒReturn”…””}”(hjý!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjù!  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Kãhj›!  ubj  )”}”(hŒBAn access_masks result of the OR of all the domain's access masks.”h]”hŒDAn access_masks result of the OR of all the domainâ€™s access masks.”…””}”(hj"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ^/var/lib/git/docbuild/linux/Documentation/security/landlock:174: ./security/landlock/ruleset.h”h´Kãhj›!  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj‡  h²hh³Nh´Nubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œlandlock_details (C struct)”Œc.landlock_details”hNt”auh1j·  hj‡  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_details”h]”jÕ  )”}”(hŒstruct landlock_details”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hj@"  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj<"  h²hh³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´Kubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hjN"  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj<"  h²hh³jM"  h´Kubjþ  )”}”(hŒlandlock_details”h]”j  )”}”(hj:"  h]”hŒlandlock_details”…””}”(hj`"  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj\"  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hj<"  h²hh³jM"  h´Kubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hj8"  h²hh³jM"  h´Kubah}”(h]”j3"  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³jM"  h´Khj5"  h²hubj0  )”}”(hhh]”j  )”}”(hŒDomain's creation information”h]”hŒDomainâ€™s creation information”…””}”(hj‚"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´Khj"  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hj5"  h²hh³jM"  h´Kubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  jš"  jS  jš"  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj‡  h³Nh´NubjX  )”}”(hX¹  **Definition**::

  struct landlock_details {
      struct pid *pid;
      uid_t uid;
      char comm[TASK_COMM_LEN];
      char exe_path[];
  };

**Members**

``pid``
  PID of the task that initially restricted itself.  It still
  identifies the same task.  Keeping a reference to this PID ensures that
  it will not be recycled.

``uid``
  UID of the task that initially restricted itself, at creation time.

``comm``
  Command line of the task that initially restricted itself, at
  creation time.  Always NULL terminated.

``exe_path``
  Executable path of the task that initially restricted
  itself, at creation time.  Always NULL terminated, and never greater
  than LANDLOCK_PATH_MAX_SIZE.”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj¦"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hj¢"  ubhŒ:”…””}”(hj¢"  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K#hjž"  ubj}  )”}”(hŒsstruct landlock_details {
    struct pid *pid;
    uid_t uid;
    char comm[TASK_COMM_LEN];
    char exe_path[];
};”h]”hŒsstruct landlock_details {
    struct pid *pid;
    uid_t uid;
    char comm[TASK_COMM_LEN];
    char exe_path[];
};”…””}”hj¿"  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K%hjž"  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hjÐ"  h]”hŒMembers”…””}”(hjÒ"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjÎ"  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K,hjž"  ubj¦  )”}”(hhh]”(j«  )”}”(hŒ¥``pid``
PID of the task that initially restricted itself.  It still
identifies the same task.  Keeping a reference to this PID ensures that
it will not be recycled.
”h]”(j±  )”}”(hŒ``pid``”h]”j  )”}”(hjï"  h]”hŒpid”…””}”(hjñ"  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjí"  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K.hjé"  ubjË  )”}”(hhh]”j  )”}”(hŒœPID of the task that initially restricted itself.  It still
identifies the same task.  Keeping a reference to this PID ensures that
it will not be recycled.”h]”hŒœPID of the task that initially restricted itself.  It still
identifies the same task.  Keeping a reference to this PID ensures that
it will not be recycled.”…””}”(hj#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K,hj#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjé"  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j#  h´K.hjæ"  ubj«  )”}”(hŒL``uid``
UID of the task that initially restricted itself, at creation time.
”h]”(j±  )”}”(hŒ``uid``”h]”j  )”}”(hj)#  h]”hŒuid”…””}”(hj+#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj'#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K2hj##  ubjË  )”}”(hhh]”j  )”}”(hŒCUID of the task that initially restricted itself, at creation time.”h]”hŒCUID of the task that initially restricted itself, at creation time.”…””}”(hjB#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j>#  h´K2hj?#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj##  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j>#  h´K2hjæ"  ubj«  )”}”(hŒo``comm``
Command line of the task that initially restricted itself, at
creation time.  Always NULL terminated.
”h]”(j±  )”}”(hŒ``comm``”h]”j  )”}”(hjb#  h]”hŒcomm”…””}”(hjd#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj`#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K7hj\#  ubjË  )”}”(hhh]”j  )”}”(hŒeCommand line of the task that initially restricted itself, at
creation time.  Always NULL terminated.”h]”hŒeCommand line of the task that initially restricted itself, at
creation time.  Always NULL terminated.”…””}”(hj{#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K6hjx#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj\#  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jw#  h´K7hjæ"  ubj«  )”}”(hŒ¤``exe_path``
Executable path of the task that initially restricted
itself, at creation time.  Always NULL terminated, and never greater
than LANDLOCK_PATH_MAX_SIZE.”h]”(j±  )”}”(hŒ``exe_path``”h]”j  )”}”(hjœ#  h]”hŒexe_path”…””}”(hjž#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjš#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K<hj–#  ubjË  )”}”(hhh]”j  )”}”(hŒ—Executable path of the task that initially restricted
itself, at creation time.  Always NULL terminated, and never greater
than LANDLOCK_PATH_MAX_SIZE.”h]”hŒ—Executable path of the task that initially restricted
itself, at creation time.  Always NULL terminated, and never greater
than LANDLOCK_PATH_MAX_SIZE.”…””}”(hjµ#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K;hj²#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj–#  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j±#  h´K<hjæ"  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hjž"  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj‡  h²hh³Nh´Nubj  )”}”(hŒ**Description**”h]”jb  )”}”(hjß#  h]”hŒDescription”…””}”(hjá#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjÝ#  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K@hj‡  h²hubj  )”}”(hŒ?Rarely accessed, mainly when logging the first domain's denial.”h]”hŒARarely accessed, mainly when logging the first domainâ€™s denial.”…””}”(hjõ#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K hj‡  h²hubj  )”}”(hXG  The contained pointers are initialized at the domain creation time and never
changed again.  Contrary to most other Landlock object types, this one is
not allocated with GFP_KERNEL_ACCOUNT because its size may not be under the
caller's control (e.g. unknown exe_path) and the data is not explicitly
requested nor used by tasks.”h]”hXI  The contained pointers are initialized at the domain creation time and never
changed again.  Contrary to most other Landlock object types, this one is
not allocated with GFP_KERNEL_ACCOUNT because its size may not be under the
callerâ€™s control (e.g. unknown exe_path) and the data is not explicitly
requested nor used by tasks.”…””}”(hj$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K"hj‡  h²hubj¸  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jÄ  Œlandlock_hierarchy (C struct)”Œc.landlock_hierarchy”hNt”auh1j·  hj‡  h²hh³Nh´NubjÊ  )”}”(hhh]”(jÏ  )”}”(hŒlandlock_hierarchy”h]”jÕ  )”}”(hŒstruct landlock_hierarchy”h]”(jÛ  )”}”(hjÞ  h]”hŒstruct”…””}”(hj,$  h²hh³Nh´Nubah}”(h]”h ]”jç  ah"]”h$]”h&]”uh1jÚ  hj($  h²hh³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K+ubjí  )”}”(hŒ ”h]”hŒ ”…””}”(hj:$  h²hh³Nh´Nubah}”(h]”h ]”jù  ah"]”h$]”h&]”uh1jì  hj($  h²hh³j9$  h´K+ubjþ  )”}”(hŒlandlock_hierarchy”h]”j  )”}”(hj&$  h]”hŒlandlock_hierarchy”…””}”(hjL$  h²hh³Nh´Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjH$  ubah}”(h]”h ]”(j  j  eh"]”h$]”h&]”hÅhÆuh1jý  hj($  h²hh³j9$  h´K+ubeh}”(h]”h ]”h"]”h$]”h&]”hÅhÆj!  ˆuh1jÔ  j"  j#  hj$$  h²hh³j9$  h´K+ubah}”(h]”j$  ah ]”(j'  j(  eh"]”h$]”h&]”j,  ˆj-  )j.  huh1jÎ  h³j9$  h´K+hj!$  h²hubj0  )”}”(hhh]”j  )”}”(hŒNode in a domain hierarchy”h]”hŒNode in a domain hierarchy”…””}”(hjn$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´KIhjk$  h²hubah}”(h]”h ]”h"]”h$]”h&]”uh1j/  hj!$  h²hh³j9$  h´K+ubeh}”(h]”h ]”(jL  Œstruct”eh"]”h$]”h&]”jQ  jL  jR  j†$  jS  j†$  jT  ‰jU  ‰jV  ‰uh1jÉ  h²hhj‡  h³Nh´NubjX  )”}”(hXÂ  **Definition**::

  struct landlock_hierarchy {
      struct landlock_hierarchy *parent;
      refcount_t usage;
  #ifdef CONFIG_AUDIT;
      enum landlock_log_status log_status;
      atomic64_t num_denials;
      u64 id;
      const struct landlock_details *details;
      u32 log_same_exec : 1, log_new_exec : 1;
  #endif ;
  };

**Members**

``parent``
  Pointer to the parent node, or NULL if it is a root
  Landlock domain.

``usage``
  Number of potential children domains plus their parent
  domain.

``log_status``
  Whether this domain should be logged or not.  Because
  concurrent log entries may be created at the same time, it is still
  possible to have several domain records of the same domain.

``num_denials``
  Number of access requests denied by this domain.
  Masked (i.e. never logged) denials are still counted.

``id``
  Landlock domain ID, set once at domain creation time.

``details``
  Information about the related domain.

``log_same_exec``
  Set if the domain is *not* configured with
  ``LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF``.  Set to true by default.

``log_new_exec``
  Set if the domain is configured with
  ``LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON``.  Set to false by default.”h]”(j  )”}”(hŒ**Definition**::”h]”(jb  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj’$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjŽ$  ubhŒ:”…””}”(hjŽ$  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´KMhjŠ$  ubj}  )”}”(hX#  struct landlock_hierarchy {
    struct landlock_hierarchy *parent;
    refcount_t usage;
#ifdef CONFIG_AUDIT;
    enum landlock_log_status log_status;
    atomic64_t num_denials;
    u64 id;
    const struct landlock_details *details;
    u32 log_same_exec : 1, log_new_exec : 1;
#endif ;
};”h]”hX#  struct landlock_hierarchy {
    struct landlock_hierarchy *parent;
    refcount_t usage;
#ifdef CONFIG_AUDIT;
    enum landlock_log_status log_status;
    atomic64_t num_denials;
    u64 id;
    const struct landlock_details *details;
    u32 log_same_exec : 1, log_new_exec : 1;
#endif ;
};”…””}”hj«$  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j|  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´KOhjŠ$  ubj  )”}”(hŒ**Members**”h]”jb  )”}”(hj¼$  h]”hŒMembers”…””}”(hj¾$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1ja  hjº$  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K[hjŠ$  ubj¦  )”}”(hhh]”(j«  )”}”(hŒP``parent``
Pointer to the parent node, or NULL if it is a root
Landlock domain.
”h]”(j±  )”}”(hŒ
``parent``”h]”j  )”}”(hjÛ$  h]”hŒparent”…””}”(hjÝ$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjÙ$  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´KOhjÕ$  ubjË  )”}”(hhh]”j  )”}”(hŒDPointer to the parent node, or NULL if it is a root
Landlock domain.”h]”hŒDPointer to the parent node, or NULL if it is a root
Landlock domain.”…””}”(hjô$  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´KNhjñ$  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjÕ$  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jð$  h´KOhjÒ$  ubj«  )”}”(hŒI``usage``
Number of potential children domains plus their parent
domain.
”h]”(j±  )”}”(hŒ	``usage``”h]”j  )”}”(hj%  h]”hŒusage”…””}”(hj%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj%  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´KThj%  ubjË  )”}”(hhh]”j  )”}”(hŒ>Number of potential children domains plus their parent
domain.”h]”hŒ>Number of potential children domains plus their parent
domain.”…””}”(hj.%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´KShj+%  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj%  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j*%  h´KThjÒ$  ubj«  )”}”(hŒÅ``log_status``
Whether this domain should be logged or not.  Because
concurrent log entries may be created at the same time, it is still
possible to have several domain records of the same domain.
”h]”(j±  )”}”(hŒ``log_status``”h]”j  )”}”(hjO%  h]”hŒ
log_status”…””}”(hjQ%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjM%  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K\hjI%  ubjË  )”}”(hhh]”j  )”}”(hŒµWhether this domain should be logged or not.  Because
concurrent log entries may be created at the same time, it is still
possible to have several domain records of the same domain.”h]”hŒµWhether this domain should be logged or not.  Because
concurrent log entries may be created at the same time, it is still
possible to have several domain records of the same domain.”…””}”(hjh%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´KZhje%  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjI%  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jd%  h´K\hjÒ$  ubj«  )”}”(hŒw``num_denials``
Number of access requests denied by this domain.
Masked (i.e. never logged) denials are still counted.
”h]”(j±  )”}”(hŒ``num_denials``”h]”j  )”}”(hj‰%  h]”hŒnum_denials”…””}”(hj‹%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj‡%  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´Kahjƒ%  ubjË  )”}”(hhh]”j  )”}”(hŒfNumber of access requests denied by this domain.
Masked (i.e. never logged) denials are still counted.”h]”hŒfNumber of access requests denied by this domain.
Masked (i.e. never logged) denials are still counted.”…””}”(hj¢%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´K`hjŸ%  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjƒ%  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jž%  h´KahjÒ$  ubj«  )”}”(hŒ=``id``
Landlock domain ID, set once at domain creation time.
”h]”(j±  )”}”(hŒ``id``”h]”j  )”}”(hjÃ%  h]”hŒid”…””}”(hjÅ%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjÁ%  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´Kehj½%  ubjË  )”}”(hhh]”j  )”}”(hŒ5Landlock domain ID, set once at domain creation time.”h]”hŒ5Landlock domain ID, set once at domain creation time.”…””}”(hjÜ%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³jØ%  h´KehjÙ%  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj½%  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jØ%  h´KehjÒ$  ubj«  )”}”(hŒ2``details``
Information about the related domain.
”h]”(j±  )”}”(hŒ``details``”h]”j  )”}”(hjü%  h]”hŒdetails”…””}”(hjþ%  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjú%  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´Kihjö%  ubjË  )”}”(hhh]”j  )”}”(hŒ%Information about the related domain.”h]”hŒ%Information about the related domain.”…””}”(hj&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j&  h´Kihj&  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hjö%  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j&  h´KihjÒ$  ubj«  )”}”(hŒ„``log_same_exec``
Set if the domain is *not* configured with
``LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF``.  Set to true by default.
”h]”(j±  )”}”(hŒ``log_same_exec``”h]”j  )”}”(hj5&  h]”hŒlog_same_exec”…””}”(hj7&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj3&  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´Knhj/&  ubjË  )”}”(hhh]”j  )”}”(hŒqSet if the domain is *not* configured with
``LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF``.  Set to true by default.”h]”(hŒSet if the domain is ”…””}”(hjN&  h²hh³Nh´NubjÑ  )”}”(hŒ*not*”h]”hŒnot”…””}”(hjV&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjN&  ubhŒ configured with
”…””}”(hjN&  h²hh³Nh´Nubj  )”}”(hŒ,``LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF``”h]”hŒ(LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF”…””}”(hjh&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjN&  ubhŒ.  Set to true by default.”…””}”(hjN&  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´KmhjK&  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj/&  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³jJ&  h´KnhjÒ$  ubj«  )”}”(hŒ{``log_new_exec``
Set if the domain is configured with
``LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON``.  Set to false by default.”h]”(j±  )”}”(hŒ``log_new_exec``”h]”j  )”}”(hj“&  h]”hŒlog_new_exec”…””}”(hj•&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj‘&  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  h³Œ]/var/lib/git/docbuild/linux/Documentation/security/landlock:177: ./security/landlock/domain.h”h´Krhj&  ubjË  )”}”(hhh]”j  )”}”(hŒjSet if the domain is configured with
``LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON``.  Set to false by default.”h]”(hŒ%Set if the domain is configured with
”…””}”(hj¬&  h²hh³Nh´Nubj  )”}”(hŒ*``LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON``”h]”hŒ&LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON”…””}”(hj´&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj¬&  ubhŒ.  Set to false by default.”…””}”(hj¬&  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  h³j¨&  h´Krhj©&  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÊ  hj&  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jª  h³j¨&  h´KrhjÒ$  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¥  hjŠ$  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1jW  hj‡  h²hh³Nh´Nubeh}”(h]”Œruleset-and-domain”ah ]”h"]”Œruleset and domain”ah$]”h&]”uh1hähj•  h²hh³hÇh´K ubeh}”(h]”Œkernel-structures”ah ]”h"]”Œkernel structures”ah$]”h&]”uh1hähhæh²hh³hÇh´K‹ubhå)”}”(hhh]”(hê)”}”(hŒAdditional documentation”h]”hŒAdditional documentation”…””}”(hjø&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1héhjõ&  h²hh³hÇh´Kµubj³  )”}”(hhh]”(j¸  )”}”(hŒ(Documentation/userspace-api/landlock.rst”h]”j  )”}”(hj'  h]”hŒ(Documentation/userspace-api/landlock.rst”…””}”(hj'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K·hj	'  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj'  h²hh³hÇh´Nubj¸  )”}”(hŒ*Documentation/admin-guide/LSM/landlock.rst”h]”j  )”}”(hj"'  h]”hŒ*Documentation/admin-guide/LSM/landlock.rst”…””}”(hj$'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K¸hj '  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj'  h²hh³hÇh´Nubj¸  )”}”(hŒhttps://landlock.io
”h]”j  )”}”(hŒhttps://landlock.io”h]”j&  )”}”(hj='  h]”hŒhttps://landlock.io”…””}”(hj?'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j='  uh1j%  hj;'  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  h³hÇh´K¹hj7'  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j·  hj'  h²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”jh  ji  uh1j²  h³hÇh´K·hjõ&  h²hubh¶)”}”(hŒLinks”h]”hŒLinks”…””}”hj_'  sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1hµhjõ&  h²hh³hÇh´K»ubj‘  )”}”(hŒ‘.. _tools/testing/selftests/landlock/:
   https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/tools/testing/selftests/landlock/”h]”h}”(h]”Œ tools-testing-selftests-landlock”ah ]”h"]”Œ!tools/testing/selftests/landlock/”ah$]”h&]”j  j‚  uh1j  h´K¼hjõ&  h²hh³hÇj¤  Kubeh}”(h]”Œadditional-documentation”ah ]”h"]”Œadditional documentation”ah$]”h&]”uh1hähhæh²hh³hÇh´Kµubeh}”(h]”Œ!landlock-lsm-kernel-documentation”ah ]”h"]”Œ"landlock lsm: kernel documentation”ah$]”h&]”uh1hähhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(héNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j¬'  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”(Œfile descriptor access rights”]”j'  aŒ!tools/testing/selftests/landlock/”]”jq  auŒrefids”}”jœ  ]”j’  asŒnameids”}”(j†'  jƒ'  jo  jl  jU  jR  jÍ  jÊ  j¡  j8  jI  jœ  jH  jE  j’  j  jò&  jï&  j'
  j$
  jê  jç  j„  j  jê&  jç&  j~'  j{'  jv'  js'  uŒ	nametypes”}”(j†'  ‰jo  ‰jU  ‰jÍ  ‰j¡  ‰jI  ˆjH  ‰j’  ‰jò&  ‰j'
  ‰jê  ‰j„  ‰jê&  ‰j~'  ‰jv'  ˆuh}”(jƒ'  hæjl  j¡  jR  jr  jÊ  jƒ  j8  jÐ  jœ  j¥  jE  j¥  j  jX  jï&  j•  j$
  j¦  jÆ  jÐ  j  j  jç  j*
  jG
  jM
  jÑ  jÖ  jÁ  jÆ  j  jí  j
  j  jÎ  jÓ  jç&  j‡  jÀ  jÅ  j  j  jU  jZ  jÙ  jÞ  j  j!  jâ  jç  jN   jS   j3"  j8"  j$  j$$  j{'  jõ&  js'  jm'  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”hŒsystem_message”“”)”}”(hhh]”j  )”}”(hhh]”hŒ>Hyperlink target "scoped-flags-interaction" is not referenced.”…””}”hj(  sbah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj(  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”ŒINFO”Œsource”hÇŒline”K\uh1j(  ubaŒtransformer”NŒinclude_log”]”Œ
decoration”Nh²hub.