€•      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ%/translations/zh_CN/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/zh_TW/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/it_IT/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/ja_JP/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/ko_KR/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ%/translations/sp_SP/security/landlock”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1h¡hhhžhhŸŒ?/var/lib/git/docbuild/linux/Documentation/security/landlock.rst”h Kubh¢)”}”(hŒ9Copyright Â© 2017-2020 MickaÃ«l SalaÃ¼n <mic@digikod.net>”h]”hŒ9Copyright Â© 2017-2020 MickaÃ«l SalaÃ¼n <mic@digikod.net>”…””}”hh´sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1h¡hhhžhhŸh³h Kubh¢)”}”(hŒCopyright Â© 2019-2020 ANSSI”h]”hŒCopyright Â© 2019-2020 ANSSI”…””}”hhÂsbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1h¡hhhžhhŸh³h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ"Landlock LSM: kernel documentation”h]”hŒ"Landlock LSM: kernel documentation”…””}”(hh×hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhhÒhžhhŸh³h KubhŒ
field_list”“”)”}”(hhh]”(hŒfield”“”)”}”(hhh]”(hŒ
field_name”“”)”}”(hŒAuthor”h]”hŒAuthor”…””}”(hhñhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hïhhìhŸh³h K ubhŒ
field_body”“”)”}”(hŒMickaÃ«l SalaÃ¼n”h]”hŒ	paragraph”“”)”}”(hj  h]”hŒMickaÃ«l SalaÃ¼n”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K	hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhhìubeh}”(h]”h ]”h"]”h$]”h&]”uh1hêhŸh³h K	hhçhžhubhë)”}”(hhh]”(hð)”}”(hŒDate”h]”hŒDate”…””}”(hj#  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hïhj   hŸh³h K ubj   )”}”(hŒMarch 2025
”h]”j  )”}”(hŒ
March 2025”h]”hŒ
March 2025”…””}”(hj5  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K
hj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hÿhj   ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hêhŸh³h K
hhçhžhubeh}”(h]”h ]”h"]”h$]”h&]”uh1håhhÒhžhhŸh³h K	ubj  )”}”(hXš  Landlock's goal is to create scoped access-control (i.e. sandboxing).  To
harden a whole system, this feature should be available to any process,
including unprivileged ones.  Because such a process may be compromised or
backdoored (i.e. untrusted), Landlock's features must be safe to use from the
kernel and other processes point of view.  Landlock's interface must therefore
expose a minimal attack surface.”h]”hX   Landlockâ€™s goal is to create scoped access-control (i.e. sandboxing).  To
harden a whole system, this feature should be available to any process,
including unprivileged ones.  Because such a process may be compromised or
backdoored (i.e. untrusted), Landlockâ€™s features must be safe to use from the
kernel and other processes point of view.  Landlockâ€™s interface must therefore
expose a minimal attack surface.”…””}”(hjU  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KhhÒhžhubj  )”}”(hX  Landlock is designed to be usable by unprivileged processes while following the
system security policy enforced by other access control mechanisms (e.g. DAC,
LSM).  A Landlock rule shall not interfere with other access-controls enforced
on the system, only add more restrictions.”h]”hX  Landlock is designed to be usable by unprivileged processes while following the
system security policy enforced by other access control mechanisms (e.g. DAC,
LSM).  A Landlock rule shall not interfere with other access-controls enforced
on the system, only add more restrictions.”…””}”(hjc  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KhhÒhžhubj  )”}”(hŒ³Any user can enforce Landlock rulesets on their processes.  They are merged and
evaluated against inherited rulesets in a way that ensures that only more
constraints can be added.”h]”hŒ³Any user can enforce Landlock rulesets on their processes.  They are merged and
evaluated against inherited rulesets in a way that ensures that only more
constraints can be added.”…””}”(hjq  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KhhÒhžhubj  )”}”(hŒUUser space documentation can be found here:
Documentation/userspace-api/landlock.rst.”h]”hŒUUser space documentation can be found here:
Documentation/userspace-api/landlock.rst.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KhhÒhžhubhÑ)”}”(hhh]”(hÖ)”}”(hŒ+Guiding principles for safe access controls”h]”hŒ+Guiding principles for safe access controls”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj  hžhhŸh³h K ubhŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ A Landlock rule shall be focused on access control on kernel objects instead
of syscall filtering (i.e. syscall arguments), which is the purpose of
seccomp-bpf.”h]”j  )”}”(hŒ A Landlock rule shall be focused on access control on kernel objects instead
of syscall filtering (i.e. syscall arguments), which is the purpose of
seccomp-bpf.”h]”hŒ A Landlock rule shall be focused on access control on kernel objects instead
of syscall filtering (i.e. syscall arguments), which is the purpose of
seccomp-bpf.”…””}”(hj©  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K"hj¥  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hj   hžhhŸh³h Nubj¤  )”}”(hŒ¶To avoid multiple kinds of side-channel attacks (e.g. leak of security
policies, CPU-based attacks), Landlock rules shall not be able to
programmatically communicate with user space.”h]”j  )”}”(hŒ¶To avoid multiple kinds of side-channel attacks (e.g. leak of security
policies, CPU-based attacks), Landlock rules shall not be able to
programmatically communicate with user space.”h]”hŒ¶To avoid multiple kinds of side-channel attacks (e.g. leak of security
policies, CPU-based attacks), Landlock rules shall not be able to
programmatically communicate with user space.”…””}”(hjÁ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K%hj½  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hj   hžhhŸh³h Nubj¤  )”}”(hŒRKernel access check shall not slow down access request from unsandboxed
processes.”h]”j  )”}”(hŒRKernel access check shall not slow down access request from unsandboxed
processes.”h]”hŒRKernel access check shall not slow down access request from unsandboxed
processes.”…””}”(hjÙ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K(hjÕ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hj   hžhhŸh³h Nubj¤  )”}”(hŒvComputation related to Landlock operations (e.g. enforcing a ruleset) shall
only impact the processes requesting them.”h]”j  )”}”(hŒvComputation related to Landlock operations (e.g. enforcing a ruleset) shall
only impact the processes requesting them.”h]”hŒvComputation related to Landlock operations (e.g. enforcing a ruleset) shall
only impact the processes requesting them.”…””}”(hjñ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K*hjí  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hj   hžhhŸh³h Nubj¤  )”}”(hŒåResources (e.g. file descriptors) directly obtained from the kernel by a
sandboxed process shall retain their scoped accesses (at the time of resource
acquisition) whatever process uses them.
Cf. `File descriptor access rights`_.”h]”j  )”}”(hŒåResources (e.g. file descriptors) directly obtained from the kernel by a
sandboxed process shall retain their scoped accesses (at the time of resource
acquisition) whatever process uses them.
Cf. `File descriptor access rights`_.”h]”(hŒÄResources (e.g. file descriptors) directly obtained from the kernel by a
sandboxed process shall retain their scoped accesses (at the time of resource
acquisition) whatever process uses them.
Cf. ”…””}”(hj	  hžhhŸNh NubhŒ	reference”“”)”}”(hŒ `File descriptor access rights`_”h]”hŒFile descriptor access rights”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”ŒFile descriptor access rights”Œrefid”Œfile-descriptor-access-rights”uh1j  hj	  Œresolved”KubhŒ.”…””}”(hj	  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K,hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hj   hžhhŸh³h Nubj¤  )”}”(hX*  Access denials shall be logged according to system and Landlock domain
configurations.  Log entries must contain information about the cause of the
denial and the owner of the related security policy.  Such log generation
should have a negligible performance and memory impact on allowed requests.
”h]”j  )”}”(hX)  Access denials shall be logged according to system and Landlock domain
configurations.  Log entries must contain information about the cause of the
denial and the owner of the related security policy.  Such log generation
should have a negligible performance and memory impact on allowed requests.”h]”hX)  Access denials shall be logged according to system and Landlock domain
configurations.  Log entries must contain information about the cause of the
denial and the owner of the related security policy.  Such log generation
should have a negligible performance and memory impact on allowed requests.”…””}”(hj:  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K0hj6  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hj   hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1jž  hŸh³h K"hj  hžhubeh}”(h]”Œ+guiding-principles-for-safe-access-controls”ah ]”h"]”Œ+guiding principles for safe access controls”ah$]”h&]”uh1hÐhhÒhžhhŸh³h K ubhÑ)”}”(hhh]”(hÖ)”}”(hŒDesign choices”h]”hŒDesign choices”…””}”(hja  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj^  hžhhŸh³h K6ubhÑ)”}”(hhh]”(hÖ)”}”(hŒInode access rights”h]”hŒInode access rights”…””}”(hjr  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhjo  hžhhŸh³h K9ubj  )”}”(hX/  All access rights are tied to an inode and what can be accessed through it.
Reading the content of a directory does not imply to be allowed to read the
content of a listed inode.  Indeed, a file name is local to its parent
directory, and an inode can be referenced by multiple file names thanks to
(hard) links.  Being able to unlink a file only has a direct impact on the
directory, not the unlinked inode.  This is the reason why
``LANDLOCK_ACCESS_FS_REMOVE_FILE`` or ``LANDLOCK_ACCESS_FS_REFER`` are not
allowed to be tied to files but only to directories.”h]”(hX°  All access rights are tied to an inode and what can be accessed through it.
Reading the content of a directory does not imply to be allowed to read the
content of a listed inode.  Indeed, a file name is local to its parent
directory, and an inode can be referenced by multiple file names thanks to
(hard) links.  Being able to unlink a file only has a direct impact on the
directory, not the unlinked inode.  This is the reason why
”…””}”(hj€  hžhhŸNh NubhŒliteral”“”)”}”(hŒ"``LANDLOCK_ACCESS_FS_REMOVE_FILE``”h]”hŒLANDLOCK_ACCESS_FS_REMOVE_FILE”…””}”(hjŠ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj€  ubhŒ or ”…””}”(hj€  hžhhŸNh Nubj‰  )”}”(hŒ``LANDLOCK_ACCESS_FS_REFER``”h]”hŒLANDLOCK_ACCESS_FS_REFER”…””}”(hjœ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj€  ubhŒ= are not
allowed to be tied to files but only to directories.”…””}”(hj€  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K;hjo  hžhubeh}”(h]”Œinode-access-rights”ah ]”h"]”Œinode access rights”ah$]”h&]”uh1hÐhj^  hžhhŸh³h K9ubhÑ)”}”(hhh]”(hÖ)”}”(hŒFile descriptor access rights”h]”hŒFile descriptor access rights”…””}”(hj¿  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj¼  hžhhŸh³h KEubj  )”}”(hŒáAccess rights are checked and tied to file descriptors at open time.  The
underlying principle is that equivalent sequences of operations should lead to
the same results, when they are executed under the same Landlock domain.”h]”hŒáAccess rights are checked and tied to file descriptors at open time.  The
underlying principle is that equivalent sequences of operations should lead to
the same results, when they are executed under the same Landlock domain.”…””}”(hjÍ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KGhj¼  hžhubj  )”}”(hX[  Taking the ``LANDLOCK_ACCESS_FS_TRUNCATE`` right as an example, it may be
allowed to open a file for writing without being allowed to
:manpage:`ftruncate` the resulting file descriptor if the related file
hierarchy doesn't grant that access right.  The following sequences of
operations have the same semantic and should then have the same result:”h]”(hŒTaking the ”…””}”(hjÛ  hžhhŸNh Nubj‰  )”}”(hŒ``LANDLOCK_ACCESS_FS_TRUNCATE``”h]”hŒLANDLOCK_ACCESS_FS_TRUNCATE”…””}”(hjã  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjÛ  ubhŒ\ right as an example, it may be
allowed to open a file for writing without being allowed to
”…””}”(hjÛ  hžhhŸNh Nubh Œmanpage”“”)”}”(hŒ:manpage:`ftruncate`”h]”hŒ	ftruncate”…””}”(hj÷  hžhhŸNh Nubah}”(h]”h ]”jõ  ah"]”h$]”h&]”h±h²Œpath”Œ	ftruncate”Œpage”j  hÐhuh1jõ  hjÛ  ubhŒÃ the resulting file descriptor if the related file
hierarchy doesnâ€™t grant that access right.  The following sequences of
operations have the same semantic and should then have the same result:”…””}”(hjÛ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KKhj¼  hžhubjŸ  )”}”(hhh]”(j¤  )”}”(hŒ``truncate(path);``”h]”j  )”}”(hj  h]”j‰  )”}”(hj  h]”hŒtruncate(path);”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KQhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hj  hžhhŸh³h Nubj¤  )”}”(hŒ=``int fd = open(path, O_WRONLY); ftruncate(fd); close(fd);``
”h]”j  )”}”(hŒ<``int fd = open(path, O_WRONLY); ftruncate(fd); close(fd);``”h]”j‰  )”}”(hj;  h]”hŒ8int fd = open(path, O_WRONLY); ftruncate(fd); close(fd);”…””}”(hj=  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj9  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KRhj5  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hj  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”jT  jU  uh1jž  hŸh³h KQhj¼  hžhubj  )”}”(hXÞ  Similarly to file access modes (e.g. ``O_RDWR``), Landlock access rights
attached to file descriptors are retained even if they are passed between
processes (e.g. through a Unix domain socket).  Such access rights will then be
enforced even if the receiving process is not sandboxed by Landlock.  Indeed,
this is required to keep access controls consistent over the whole system, and
this avoids unattended bypasses through file descriptor passing (i.e. confused
deputy attack).”h]”(hŒ%Similarly to file access modes (e.g. ”…””}”(hj\  hžhhŸNh Nubj‰  )”}”(hŒ
``O_RDWR``”h]”hŒO_RDWR”…””}”(hjd  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj\  ubhX¯  ), Landlock access rights
attached to file descriptors are retained even if they are passed between
processes (e.g. through a Unix domain socket).  Such access rights will then be
enforced even if the receiving process is not sandboxed by Landlock.  Indeed,
this is required to keep access controls consistent over the whole system, and
this avoids unattended bypasses through file descriptor passing (i.e. confused
deputy attack).”…””}”(hj\  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h KThj¼  hžhubeh}”(h]”j$  ah ]”h"]”Œfile descriptor access rights”ah$]”h&]”uh1hÐhj^  hžhhŸh³h KEŒ
referenced”Kubeh}”(h]”Œdesign-choices”ah ]”h"]”Œdesign choices”ah$]”h&]”uh1hÐhhÒhžhhŸh³h K6ubhÑ)”}”(hhh]”(hÖ)”}”(hŒTests”h]”hŒTests”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhjŒ  hžhhŸh³h K]ubj  )”}”(hŒUserspace tests for backward compatibility, ptrace restrictions and filesystem
support can be found here: `tools/testing/selftests/landlock/`_.”h]”(hŒjUserspace tests for backward compatibility, ptrace restrictions and filesystem
support can be found here: ”…””}”(hj  hžhhŸNh Nubj  )”}”(hŒ$`tools/testing/selftests/landlock/`_”h]”hŒ!tools/testing/selftests/landlock/”…””}”(hj¥  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œ!tools/testing/selftests/landlock/”Œrefuri”Œghttps://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/tools/testing/selftests/landlock/”uh1j  hj  j%  KubhŒ.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K_hjŒ  hžhubeh}”(h]”Œtests”ah ]”h"]”Œtests”ah$]”h&]”uh1hÐhhÒhžhhŸh³h K]ubhÑ)”}”(hhh]”(hÖ)”}”(hŒKernel structures”h]”hŒKernel structures”…””}”(hjÌ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhjÉ  hžhhŸh³h KcubhÑ)”}”(hhh]”(hÖ)”}”(hŒObject”h]”hŒObject”…””}”(hjÝ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhjÚ  hžhhŸh³h Kfubh Œindex”“”)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(Œsingle”Œ#landlock_object_underops (C struct)”Œc.landlock_object_underops”hNt”auh1jë  hjÚ  hžhhŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h Nubh Œdesc”“”)”}”(hhh]”(h Œdesc_signature”“”)”}”(hŒlandlock_object_underops”h]”h Œdesc_signature_line”“”)”}”(hŒstruct landlock_object_underops”h]”(h Œdesc_sig_keyword”“”)”}”(hŒstruct”h]”hŒstruct”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”Œk”ah"]”h$]”h&]”uh1j  hj
  hžhhŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h Kubh Œdesc_sig_space”“”)”}”(hŒ ”h]”hŒ ”…””}”(hj"  hžhhŸNh Nubah}”(h]”h ]”Œw”ah"]”h$]”h&]”uh1j   hj
  hžhhŸj  h Kubh Œ	desc_name”“”)”}”(hŒlandlock_object_underops”h]”h Œdesc_sig_name”“”)”}”(hj  h]”hŒlandlock_object_underops”…””}”(hj9  hžhhŸNh Nubah}”(h]”h ]”Œn”ah"]”h$]”h&]”uh1j7  hj3  ubah}”(h]”h ]”(Œsig-name”Œdescname”eh"]”h$]”h&]”h±h²uh1j1  hj
  hžhhŸj  h Kubeh}”(h]”h ]”h"]”h$]”h&]”h±h²Œadd_permalink”ˆuh1j  Œsphinx_line_type”Œ
declarator”hj  hžhhŸj  h Kubah}”(h]”jú  ah ]”(Œsig”Œ
sig-object”eh"]”h$]”h&]”Œis_multiline”ˆŒ
_toc_parts”)Œ	_toc_name”huh1j  hŸj  h Khjÿ  hžhubh Œdesc_content”“”)”}”(hhh]”j  )”}”(hŒ"Operations on an underlying object”h]”hŒ"Operations on an underlying object”…””}”(hjh  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h Khje  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hjÿ  hžhhŸj  h Kubeh}”(h]”h ]”(Œc”Œstruct”eh"]”h$]”h&]”Œdomain”j€  Œobjtype”j  Œdesctype”j  Œnoindex”‰Œnoindexentry”‰Œnocontentsentry”‰uh1jý  hžhhjÚ  hŸjü  h NubhŒ	container”“”)”}”(hŒç**Definition**::

  struct landlock_object_underops {
      void (*release)(struct landlock_object *const object) __releases(object->lock);
  };

**Members**

``release``
  Releases the underlying object (e.g. iput() for an inode).”h]”(j  )”}”(hŒ**Definition**::”h]”(hŒstrong”“”)”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj—  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj‘  ubhŒ:”…””}”(hj‘  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h Khj  ubhŒliteral_block”“”)”}”(hŒxstruct landlock_object_underops {
    void (*release)(struct landlock_object *const object) __releases(object->lock);
};”h]”hŒxstruct landlock_object_underops {
    void (*release)(struct landlock_object *const object) __releases(object->lock);
};”…””}”hj²  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j°  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h Khj  ubj  )”}”(hŒ**Members**”h]”j–  )”}”(hjÃ  h]”hŒMembers”…””}”(hjÅ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjÁ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h Khj  ubhŒdefinition_list”“”)”}”(hhh]”hŒdefinition_list_item”“”)”}”(hŒF``release``
Releases the underlying object (e.g. iput() for an inode).”h]”(hŒterm”“”)”}”(hŒ``release``”h]”j‰  )”}”(hjè  h]”hŒrelease”…””}”(hjê  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjæ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h Khjà  ubhŒ
definition”“”)”}”(hhh]”j  )”}”(hŒ:Releases the underlying object (e.g. iput() for an inode).”h]”hŒ:Releases the underlying object (e.g. iput() for an inode).”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h Khj   ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjà  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjý  h KhjÛ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hj  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hjÚ  hžhhŸjü  h Nubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œlandlock_object (C struct)”Œc.landlock_object”hNt”auh1jë  hjÚ  hžhhŸjü  h Nubjþ  )”}”(hhh]”(j  )”}”(hŒlandlock_object”h]”j	  )”}”(hŒstruct landlock_object”h]”(j  )”}”(hj  h]”hŒstruct”…””}”(hjD  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj@  hžhhŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h Kubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hjR  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hj@  hžhhŸjQ  h Kubj2  )”}”(hŒlandlock_object”h]”j8  )”}”(hj>  h]”hŒlandlock_object”…””}”(hjd  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hj`  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hj@  hžhhŸjQ  h Kubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hj<  hžhhŸjQ  h Kubah}”(h]”j7  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸjQ  h Khj9  hžhubjd  )”}”(hhh]”j  )”}”(hŒ%Security blob tied to a kernel object”h]”hŒ%Security blob tied to a kernel object”…””}”(hj†  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h Khjƒ  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hj9  hžhhŸjQ  h Kubeh}”(h]”h ]”(j€  Œstruct”eh"]”h$]”h&]”j…  j€  j†  jž  j‡  jž  jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhjÚ  hŸjü  h NubjŒ  )”}”(hXµ  **Definition**::

  struct landlock_object {
      refcount_t usage;
      spinlock_t lock;
      void *underobj;
      union {
          struct rcu_head rcu_free;
          const struct landlock_object_underops *underops;
      };
  };

**Members**

``usage``
  This counter is used to tie an object to the rules matching
  it or to keep it alive while adding a new rule.  If this counter
  reaches zero, this struct must not be modified, but this counter can
  still be read from within an RCU read-side critical section.  When
  adding a new rule to an object with a usage counter of zero, we must
  wait until the pointer to this object is set to NULL (or recycled).

``lock``
  Protects against concurrent modifications.  This lock must be
  held from the time **usage** drops to zero until any weak references
  from **underobj** to this object have been cleaned up.

  Lock ordering: inode->i_lock nests inside this.

``underobj``
  Used when cleaning up an object and to mark an object as
  tied to its underlying kernel structure.  This pointer is protected
  by **lock**.  Cf. landlock_release_inodes() and release_inode().

``{unnamed_union}``
  anonymous

``rcu_free``
  Enables lockless use of **usage**, **lock** and
  **underobj** from within an RCU read-side critical section.
  **rcu_free** and **underops** are only used by
  landlock_put_object().

``underops``
  Enables landlock_put_object() to release the
  underlying object (e.g. inode).”h]”(j  )”}”(hŒ**Definition**::”h]”(j–  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjª  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj¦  ubhŒ:”…””}”(hj¦  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K"hj¢  ubj±  )”}”(hŒÈstruct landlock_object {
    refcount_t usage;
    spinlock_t lock;
    void *underobj;
    union {
        struct rcu_head rcu_free;
        const struct landlock_object_underops *underops;
    };
};”h]”hŒÈstruct landlock_object {
    refcount_t usage;
    spinlock_t lock;
    void *underobj;
    union {
        struct rcu_head rcu_free;
        const struct landlock_object_underops *underops;
    };
};”…””}”hjÃ  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j°  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K$hj¢  ubj  )”}”(hŒ**Members**”h]”j–  )”}”(hjÔ  h]”hŒMembers”…””}”(hjÖ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjÒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K.hj¢  ubjÚ  )”}”(hhh]”(jß  )”}”(hX˜  ``usage``
This counter is used to tie an object to the rules matching
it or to keep it alive while adding a new rule.  If this counter
reaches zero, this struct must not be modified, but this counter can
still be read from within an RCU read-side critical section.  When
adding a new rule to an object with a usage counter of zero, we must
wait until the pointer to this object is set to NULL (or recycled).
”h]”(jå  )”}”(hŒ	``usage``”h]”j‰  )”}”(hjó  h]”hŒusage”…””}”(hjõ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjñ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K/hjí  ubjÿ  )”}”(hhh]”j  )”}”(hX  This counter is used to tie an object to the rules matching
it or to keep it alive while adding a new rule.  If this counter
reaches zero, this struct must not be modified, but this counter can
still be read from within an RCU read-side critical section.  When
adding a new rule to an object with a usage counter of zero, we must
wait until the pointer to this object is set to NULL (or recycled).”h]”hX  This counter is used to tie an object to the rules matching
it or to keep it alive while adding a new rule.  If this counter
reaches zero, this struct must not be modified, but this counter can
still be read from within an RCU read-side critical section.  When
adding a new rule to an object with a usage counter of zero, we must
wait until the pointer to this object is set to NULL (or recycled).”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K*hj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjí  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj  h K/hjê  ubjß  )”}”(hŒô``lock``
Protects against concurrent modifications.  This lock must be
held from the time **usage** drops to zero until any weak references
from **underobj** to this object have been cleaned up.

Lock ordering: inode->i_lock nests inside this.
”h]”(jå  )”}”(hŒ``lock``”h]”j‰  )”}”(hj-  h]”hŒlock”…””}”(hj/  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj+  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K7hj'  ubjÿ  )”}”(hhh]”(j  )”}”(hŒ¹Protects against concurrent modifications.  This lock must be
held from the time **usage** drops to zero until any weak references
from **underobj** to this object have been cleaned up.”h]”(hŒQProtects against concurrent modifications.  This lock must be
held from the time ”…””}”(hjF  hžhhŸNh Nubj–  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hjN  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjF  ubhŒ. drops to zero until any weak references
from ”…””}”(hjF  hžhhŸNh Nubj–  )”}”(hŒ**underobj**”h]”hŒunderobj”…””}”(hj`  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjF  ubhŒ% to this object have been cleaned up.”…””}”(hjF  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K3hjC  ubj  )”}”(hŒ/Lock ordering: inode->i_lock nests inside this.”h]”hŒ/Lock ordering: inode->i_lock nests inside this.”…””}”(hjy  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjB  h K7hjC  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj'  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjB  h K7hjê  ubjß  )”}”(hŒË``underobj``
Used when cleaning up an object and to mark an object as
tied to its underlying kernel structure.  This pointer is protected
by **lock**.  Cf. landlock_release_inodes() and release_inode().
”h]”(jå  )”}”(hŒ``underobj``”h]”j‰  )”}”(hj™  h]”hŒunderobj”…””}”(hj›  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj—  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K=hj“  ubjÿ  )”}”(hhh]”j  )”}”(hŒ½Used when cleaning up an object and to mark an object as
tied to its underlying kernel structure.  This pointer is protected
by **lock**.  Cf. landlock_release_inodes() and release_inode().”h]”(hŒ€Used when cleaning up an object and to mark an object as
tied to its underlying kernel structure.  This pointer is protected
by ”…””}”(hj²  hžhhŸNh Nubj–  )”}”(hŒ**lock**”h]”hŒlock”…””}”(hjº  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj²  ubhŒ5.  Cf. landlock_release_inodes() and release_inode().”…””}”(hj²  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K;hj¯  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj“  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj®  h K=hjê  ubjß  )”}”(hŒ``{unnamed_union}``
anonymous
”h]”(jå  )”}”(hŒ``{unnamed_union}``”h]”j‰  )”}”(hjå  h]”hŒ{unnamed_union}”…””}”(hjç  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjã  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K@hjß  ubjÿ  )”}”(hhh]”j  )”}”(hŒ	anonymous”h]”hŒ	anonymous”…””}”(hjþ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjú  h K@hjû  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjß  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjú  h K@hjê  ubjß  )”}”(hŒ¿``rcu_free``
Enables lockless use of **usage**, **lock** and
**underobj** from within an RCU read-side critical section.
**rcu_free** and **underops** are only used by
landlock_put_object().
”h]”(jå  )”}”(hŒ``rcu_free``”h]”j‰  )”}”(hj  h]”hŒrcu_free”…””}”(hj   hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h KEhj  ubjÿ  )”}”(hhh]”j  )”}”(hŒ±Enables lockless use of **usage**, **lock** and
**underobj** from within an RCU read-side critical section.
**rcu_free** and **underops** are only used by
landlock_put_object().”h]”(hŒEnables lockless use of ”…””}”(hj7  hžhhŸNh Nubj–  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hj?  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj7  ubhŒ, ”…””}”(hj7  hžhhŸNh Nubj–  )”}”(hŒ**lock**”h]”hŒlock”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj7  ubhŒ and
”…””}”(hj7  hžhhŸNh Nubj–  )”}”(hŒ**underobj**”h]”hŒunderobj”…””}”(hjc  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj7  ubhŒ0 from within an RCU read-side critical section.
”…””}”(hj7  hžhhŸNh Nubj–  )”}”(hŒ**rcu_free**”h]”hŒrcu_free”…””}”(hju  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj7  ubhŒ and ”…””}”(hj7  hžhhŸNh Nubj–  )”}”(hŒ**underops**”h]”hŒunderops”…””}”(hj‡  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj7  ubhŒ( are only used by
landlock_put_object().”…””}”(hj7  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h KBhj4  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj3  h KEhjê  ubjß  )”}”(hŒY``underops``
Enables landlock_put_object() to release the
underlying object (e.g. inode).”h]”(jå  )”}”(hŒ``underops``”h]”j‰  )”}”(hj²  h]”hŒunderops”…””}”(hj´  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj°  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h KIhj¬  ubjÿ  )”}”(hhh]”j  )”}”(hŒLEnables landlock_put_object() to release the
underlying object (e.g. inode).”h]”hŒLEnables landlock_put_object() to release the
underlying object (e.g. inode).”…””}”(hjË  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjÇ  h KIhjÈ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj¬  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjÇ  h KIhjê  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hj¢  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hjÚ  hžhhŸjü  h Nubj  )”}”(hŒ**Description**”h]”j–  )”}”(hjô  h]”hŒDescription”…””}”(hjö  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjò  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h KMhjÚ  hžhubj  )”}”(hŒÛThe goal of this structure is to enable to tie a set of ephemeral access
rights (pertaining to different domains) to a kernel object (e.g an inode)
in a safe way.  This implies to handle concurrent use and modification.”h]”hŒÛThe goal of this structure is to enable to tie a set of ephemeral access
rights (pertaining to different domains) to a kernel object (e.g an inode)
in a safe way.  This implies to handle concurrent use and modification.”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h KhjÚ  hžhubj  )”}”(hŒjThe lifetime of a :c:type:`struct landlock_object <landlock_object>` depends on the rules referring to
it.”h]”(hŒThe lifetime of a ”…””}”(hj  hžhhŸNh Nubh)”}”(hŒ2:c:type:`struct landlock_object <landlock_object>`”h]”j‰  )”}”(hj#  h]”hŒstruct landlock_object”…””}”(hj%  hžhhŸNh Nubah}”(h]”h ]”(Œxref”j€  Œc-type”eh"]”h$]”h&]”uh1jˆ  hj!  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”Œsecurity/landlock”Œ	refdomain”j€  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰Œc:parent_key”Œsphinx.domains.c”Œ	LookupKey”“”)”}”Œdata”]”sbŒ	reftarget”Œlandlock_object”uh1hhŸŒ]/var/lib/git/docbuild/linux/Documentation/security/landlock:104: ./security/landlock/object.h”h K#hj  ubhŒ& depends on the rules referring to
it.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjK  h K#hjÚ  hžhubeh}”(h]”Œobject”ah ]”h"]”Œobject”ah$]”h&]”uh1hÐhjÉ  hžhhŸh³h KfubhÑ)”}”(hhh]”(hÖ)”}”(hŒ
Filesystem”h]”hŒ
Filesystem”…””}”(hja  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj^  hžhhŸh³h Klubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œ"landlock_inode_security (C struct)”Œc.landlock_inode_security”hNt”auh1jë  hj^  hžhhŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h Nubjþ  )”}”(hhh]”(j  )”}”(hŒlandlock_inode_security”h]”j	  )”}”(hŒstruct landlock_inode_security”h]”(j  )”}”(hj  h]”hŒstruct”…””}”(hj‰  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj…  hžhhŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h Kubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hj—  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hj…  hžhhŸj–  h Kubj2  )”}”(hŒlandlock_inode_security”h]”j8  )”}”(hjƒ  h]”hŒlandlock_inode_security”…””}”(hj©  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hj¥  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hj…  hžhhŸj–  h Kubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hj  hžhhŸj–  h Kubah}”(h]”j{  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸj–  h Khj~  hžhubjd  )”}”(hhh]”j  )”}”(hŒInode security blob”h]”hŒInode security blob”…””}”(hjË  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h KhjÈ  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hj~  hžhhŸj–  h Kubeh}”(h]”h ]”(j€  Œstruct”eh"]”h$]”h&]”j…  j€  j†  jã  j‡  jã  jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhj^  hŸj}  h NubjŒ  )”}”(hX€  **Definition**::

  struct landlock_inode_security {
      struct landlock_object __rcu *object;
  };

**Members**

``object``
  Weak pointer to an allocated object.  All assignments of a
  new object are protected by the underlying inode->i_lock.  However,
  atomically disassociating **object** from the inode is only protected
  by **object->lock**, from the time **object**'s usage refcount drops to
  zero to the time this pointer is nulled out (cf. release_inode() and
  hook_sb_delete()).  Indeed, such disassociation doesn't require
  inode->i_lock thanks to the careful rcu_access_pointer() check
  performed by get_inode_object().”h]”(j  )”}”(hŒ**Definition**::”h]”(j–  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjë  ubhŒ:”…””}”(hjë  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h Khjç  ubj±  )”}”(hŒMstruct landlock_inode_security {
    struct landlock_object __rcu *object;
};”h]”hŒMstruct landlock_inode_security {
    struct landlock_object __rcu *object;
};”…””}”hj	  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j°  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h Khjç  ubj  )”}”(hŒ**Members**”h]”j–  )”}”(hj	  h]”hŒMembers”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K"hjç  ubjÚ  )”}”(hhh]”jß  )”}”(hXü  ``object``
Weak pointer to an allocated object.  All assignments of a
new object are protected by the underlying inode->i_lock.  However,
atomically disassociating **object** from the inode is only protected
by **object->lock**, from the time **object**'s usage refcount drops to
zero to the time this pointer is nulled out (cf. release_inode() and
hook_sb_delete()).  Indeed, such disassociation doesn't require
inode->i_lock thanks to the careful rcu_access_pointer() check
performed by get_inode_object().”h]”(jå  )”}”(hŒ
``object``”h]”j‰  )”}”(hj8	  h]”hŒobject”…””}”(hj:	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj6	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K&hj2	  ubjÿ  )”}”(hhh]”j  )”}”(hXñ  Weak pointer to an allocated object.  All assignments of a
new object are protected by the underlying inode->i_lock.  However,
atomically disassociating **object** from the inode is only protected
by **object->lock**, from the time **object**'s usage refcount drops to
zero to the time this pointer is nulled out (cf. release_inode() and
hook_sb_delete()).  Indeed, such disassociation doesn't require
inode->i_lock thanks to the careful rcu_access_pointer() check
performed by get_inode_object().”h]”(hŒ™Weak pointer to an allocated object.  All assignments of a
new object are protected by the underlying inode->i_lock.  However,
atomically disassociating ”…””}”(hjQ	  hžhhŸNh Nubj–  )”}”(hŒ
**object**”h]”hŒobject”…””}”(hjY	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjQ	  ubhŒ% from the inode is only protected
by ”…””}”(hjQ	  hžhhŸNh Nubj–  )”}”(hŒ**object->lock**”h]”hŒobject->lock”…””}”(hjk	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjQ	  ubhŒ, from the time ”…””}”(hjQ	  hžhhŸNh Nubj–  )”}”(hŒ
**object**”h]”hŒobject”…””}”(hj}	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjQ	  ubhX  â€™s usage refcount drops to
zero to the time this pointer is nulled out (cf. release_inode() and
hook_sb_delete()).  Indeed, such disassociation doesnâ€™t require
inode->i_lock thanks to the careful rcu_access_pointer() check
performed by get_inode_object().”…””}”(hjQ	  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K hjN	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj2	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjM	  h K&hj/	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hjç  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hj^  hžhhŸj}  h Nubj  )”}”(hŒ**Description**”h]”j–  )”}”(hj±	  h]”hŒDescription”…””}”(hj³	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj¯	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K*hj^  hžhubj  )”}”(hŒsEnable to reference a :c:type:`struct landlock_object <landlock_object>` tied to an inode (i.e.
underlying object).”h]”(hŒEnable to reference a ”…””}”(hjÇ	  hžhhŸNh Nubh)”}”(hŒ2:c:type:`struct landlock_object <landlock_object>`”h]”j‰  )”}”(hjÑ	  h]”hŒstruct landlock_object”…””}”(hjÓ	  hžhhŸNh Nubah}”(h]”h ]”(j/  j€  Œc-type”eh"]”h$]”h&]”uh1jˆ  hjÏ	  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j;  Œ	refdomain”j€  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰jA  jE  jI  Œlandlock_object”uh1hhŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h KhjÇ	  ubhŒ+ tied to an inode (i.e.
underlying object).”…””}”(hjÇ	  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjî	  h Khj^  hžhubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œ!landlock_file_security (C struct)”Œc.landlock_file_security”hNt”auh1jë  hj^  hžhhŸj}  h Nubjþ  )”}”(hhh]”(j  )”}”(hŒlandlock_file_security”h]”j	  )”}”(hŒstruct landlock_file_security”h]”(j  )”}”(hj  h]”hŒstruct”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj
  hžhhŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h Kubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hj 
  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hj
  hžhhŸj
  h Kubj2  )”}”(hŒlandlock_file_security”h]”j8  )”}”(hj
  h]”hŒlandlock_file_security”…””}”(hj2
  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hj.
  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hj
  hžhhŸj
  h Kubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hj

  hžhhŸj
  h Kubah}”(h]”j
  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸj
  h Khj
  hžhubjd  )”}”(hhh]”j  )”}”(hŒFile security blob”h]”hŒFile security blob”…””}”(hjT
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K,hjQ
  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hj
  hžhhŸj
  h Kubeh}”(h]”h ]”(j€  Œstruct”eh"]”h$]”h&]”j…  j€  j†  jl
  j‡  jl
  jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhj^  hŸj}  h NubjŒ  )”}”(hXÈ  **Definition**::

  struct landlock_file_security {
      access_mask_t allowed_access;
  #ifdef CONFIG_AUDIT;
      deny_masks_t deny_masks;
      u8 fown_layer;
  #endif ;
      struct landlock_cred_security fown_subject;
  };

**Members**

``allowed_access``
  Access rights that were available at the time of
  opening the file. This is not necessarily the full set of access
  rights available at that time, but it's the necessary subset as
  needed to authorize later operations on the open file.

``deny_masks``
  Domain layer levels that deny an optional access (see
  _LANDLOCK_ACCESS_FS_OPTIONAL).

``fown_layer``
  Layer level of **fown_subject->domain** with
  LANDLOCK_SCOPE_SIGNAL.

``fown_subject``
  Landlock credential of the task that set the PID that
  may receive a signal e.g., SIGURG when writing MSG_OOB to the
  related socket.  This pointer is protected by the related
  file->f_owner->lock, as for fown_struct's members: pid, uid, and
  euid.”h]”(j  )”}”(hŒ**Definition**::”h]”(j–  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjx
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjt
  ubhŒ:”…””}”(hjt
  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K0hjp
  ubj±  )”}”(hŒÂstruct landlock_file_security {
    access_mask_t allowed_access;
#ifdef CONFIG_AUDIT;
    deny_masks_t deny_masks;
    u8 fown_layer;
#endif ;
    struct landlock_cred_security fown_subject;
};”h]”hŒÂstruct landlock_file_security {
    access_mask_t allowed_access;
#ifdef CONFIG_AUDIT;
    deny_masks_t deny_masks;
    u8 fown_layer;
#endif ;
    struct landlock_cred_security fown_subject;
};”…””}”hj‘
  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j°  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K2hjp
  ubj  )”}”(hŒ**Members**”h]”j–  )”}”(hj¢
  h]”hŒMembers”…””}”(hj¤
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj 
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K;hjp
  ubjÚ  )”}”(hhh]”(jß  )”}”(hŒü``allowed_access``
Access rights that were available at the time of
opening the file. This is not necessarily the full set of access
rights available at that time, but it's the necessary subset as
needed to authorize later operations on the open file.
”h]”(jå  )”}”(hŒ``allowed_access``”h]”j‰  )”}”(hjÁ
  h]”hŒallowed_access”…””}”(hjÃ
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj¿
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K9hj»
  ubjÿ  )”}”(hhh]”j  )”}”(hŒèAccess rights that were available at the time of
opening the file. This is not necessarily the full set of access
rights available at that time, but it's the necessary subset as
needed to authorize later operations on the open file.”h]”hŒêAccess rights that were available at the time of
opening the file. This is not necessarily the full set of access
rights available at that time, but itâ€™s the necessary subset as
needed to authorize later operations on the open file.”…””}”(hjÚ
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K6hj×
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj»
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjÖ
  h K9hj¸
  ubjß  )”}”(hŒd``deny_masks``
Domain layer levels that deny an optional access (see
_LANDLOCK_ACCESS_FS_OPTIONAL).
”h]”(jå  )”}”(hŒ``deny_masks``”h]”j‰  )”}”(hjû
  h]”hŒ
deny_masks”…””}”(hjý
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjù
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K@hjõ
  ubjÿ  )”}”(hhh]”j  )”}”(hŒTDomain layer levels that deny an optional access (see
_LANDLOCK_ACCESS_FS_OPTIONAL).”h]”hŒTDomain layer levels that deny an optional access (see
_LANDLOCK_ACCESS_FS_OPTIONAL).”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K?hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjõ
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj  h K@hj¸
  ubjß  )”}”(hŒS``fown_layer``
Layer level of **fown_subject->domain** with
LANDLOCK_SCOPE_SIGNAL.
”h]”(jå  )”}”(hŒ``fown_layer``”h]”j‰  )”}”(hj5  h]”hŒ
fown_layer”…””}”(hj7  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj3  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h KEhj/  ubjÿ  )”}”(hhh]”j  )”}”(hŒCLayer level of **fown_subject->domain** with
LANDLOCK_SCOPE_SIGNAL.”h]”(hŒLayer level of ”…””}”(hjN  hžhhŸNh Nubj–  )”}”(hŒ**fown_subject->domain**”h]”hŒfown_subject->domain”…””}”(hjV  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjN  ubhŒ with
LANDLOCK_SCOPE_SIGNAL.”…””}”(hjN  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h KDhjK  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj/  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjJ  h KEhj¸
  ubjß  )”}”(hX  ``fown_subject``
Landlock credential of the task that set the PID that
may receive a signal e.g., SIGURG when writing MSG_OOB to the
related socket.  This pointer is protected by the related
file->f_owner->lock, as for fown_struct's members: pid, uid, and
euid.”h]”(jå  )”}”(hŒ``fown_subject``”h]”j‰  )”}”(hj  h]”hŒfown_subject”…””}”(hjƒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h KNhj{  ubjÿ  )”}”(hhh]”j  )”}”(hŒôLandlock credential of the task that set the PID that
may receive a signal e.g., SIGURG when writing MSG_OOB to the
related socket.  This pointer is protected by the related
file->f_owner->lock, as for fown_struct's members: pid, uid, and
euid.”h]”hŒöLandlock credential of the task that set the PID that
may receive a signal e.g., SIGURG when writing MSG_OOB to the
related socket.  This pointer is protected by the related
file->f_owner->lock, as for fown_structâ€™s members: pid, uid, and
euid.”…””}”(hjš  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h KKhj—  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj{  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj–  h KNhj¸
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hjp
  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hj^  hžhhŸj}  h Nubj  )”}”(hŒ**Description**”h]”j–  )”}”(hjÄ  h]”hŒDescription”…””}”(hjÆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjÂ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h KRhj^  hžhubj  )”}”(hX  This information is populated when opening a file in hook_file_open, and
tracks the relevant Landlock access rights that were available at the time
of opening the file. Other LSM hooks use these rights in order to authorize
operations on already opened files.”h]”hX  This information is populated when opening a file in hook_file_open, and
tracks the relevant Landlock access rights that were available at the time
of opening the file. Other LSM hooks use these rights in order to authorize
operations on already opened files.”…””}”(hjÚ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K-hj^  hžhubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œ'landlock_superblock_security (C struct)”Œc.landlock_superblock_security”hNt”auh1jë  hj^  hžhhŸj}  h Nubjþ  )”}”(hhh]”(j  )”}”(hŒlandlock_superblock_security”h]”j	  )”}”(hŒ#struct landlock_superblock_security”h]”(j  )”}”(hj  h]”hŒstruct”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjþ  hžhhŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K5ubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hjþ  hžhhŸj  h K5ubj2  )”}”(hŒlandlock_superblock_security”h]”j8  )”}”(hjü  h]”hŒlandlock_superblock_security”…””}”(hj"  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hj  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hjþ  hžhhŸj  h K5ubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hjú  hžhhŸj  h K5ubah}”(h]”jõ  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸj  h K5hj÷  hžhubjd  )”}”(hhh]”j  )”}”(hŒSuperblock security blob”h]”hŒSuperblock security blob”…””}”(hjD  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K^hjA  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hj÷  hžhhŸj  h K5ubeh}”(h]”h ]”(j€  Œstruct”eh"]”h$]”h&]”j…  j€  j†  j\  j‡  j\  jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhj^  hŸj}  h NubjŒ  )”}”(hX  **Definition**::

  struct landlock_superblock_security {
      atomic_long_t inode_refs;
  };

**Members**

``inode_refs``
  Number of pending inodes (from this superblock) that
  are being released by release_inode().
  Cf. struct super_block->s_fsnotify_inode_refs .”h]”(j  )”}”(hŒ**Definition**::”h]”(j–  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjh  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjd  ubhŒ:”…””}”(hjd  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h Kbhj`  ubj±  )”}”(hŒFstruct landlock_superblock_security {
    atomic_long_t inode_refs;
};”h]”hŒFstruct landlock_superblock_security {
    atomic_long_t inode_refs;
};”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j°  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h Kdhj`  ubj  )”}”(hŒ**Members**”h]”j–  )”}”(hj’  h]”hŒMembers”…””}”(hj”  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h Khhj`  ubjÚ  )”}”(hhh]”jß  )”}”(hŒš``inode_refs``
Number of pending inodes (from this superblock) that
are being released by release_inode().
Cf. struct super_block->s_fsnotify_inode_refs .”h]”(jå  )”}”(hŒ``inode_refs``”h]”j‰  )”}”(hj±  h]”hŒ
inode_refs”…””}”(hj³  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj¯  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h Kfhj«  ubjÿ  )”}”(hhh]”j  )”}”(hŒ‹Number of pending inodes (from this superblock) that
are being released by release_inode().
Cf. struct super_block->s_fsnotify_inode_refs .”h]”hŒ‹Number of pending inodes (from this superblock) that
are being released by release_inode().
Cf. struct super_block->s_fsnotify_inode_refs .”…””}”(hjÊ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h KehjÇ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj«  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjÆ  h Kfhj¨  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hj`  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hj^  hžhhŸj}  h Nubj  )”}”(hŒ**Description**”h]”j–  )”}”(hjô  h]”hŒDescription”…””}”(hjö  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjò  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h Kjhj^  hžhubj  )”}”(hŒHEnable hook_sb_delete() to wait for concurrent calls to release_inode().”h]”hŒHEnable hook_sb_delete() to wait for concurrent calls to release_inode().”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒY/var/lib/git/docbuild/linux/Documentation/security/landlock:110: ./security/landlock/fs.h”h K_hj^  hžhubeh}”(h]”Œ
filesystem”ah ]”h"]”Œ
filesystem”ah$]”h&]”uh1hÐhjÉ  hžhhŸh³h KlubhÑ)”}”(hhh]”(hÖ)”}”(hŒRuleset and domain”h]”hŒRuleset and domain”…””}”(hj$  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhj!  hžhhŸh³h Krubj  )”}”(hX4  A domain is a read-only ruleset tied to a set of subjects (i.e. tasks'
credentials).  Each time a ruleset is enforced on a task, the current domain is
duplicated and the ruleset is imported as a new layer of rules in the new
domain.  Indeed, once in a domain, each rule is tied to a layer level.  To
grant access to an object, at least one rule of each layer must allow the
requested action on the object.  A task can then only transit to a new domain
that is the intersection of the constraints from the current domain and those
of a ruleset provided by the task.”h]”hX6  A domain is a read-only ruleset tied to a set of subjects (i.e. tasksâ€™
credentials).  Each time a ruleset is enforced on a task, the current domain is
duplicated and the ruleset is imported as a new layer of rules in the new
domain.  Indeed, once in a domain, each rule is tied to a layer level.  To
grant access to an object, at least one rule of each layer must allow the
requested action on the object.  A task can then only transit to a new domain
that is the intersection of the constraints from the current domain and those
of a ruleset provided by the task.”…””}”(hj2  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kthj!  hžhubj  )”}”(hŒ…The definition of a subject is implicit for a task sandboxing itself, which
makes the reasoning much easier and helps avoid pitfalls.”h]”hŒ…The definition of a subject is implicit for a task sandboxing itself, which
makes the reasoning much easier and helps avoid pitfalls.”…””}”(hj@  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K}hj!  hžhubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œlandlock_layer (C struct)”Œc.landlock_layer”hNt”auh1jë  hj!  hžhhŸNh Nubjþ  )”}”(hhh]”(j  )”}”(hŒlandlock_layer”h]”j	  )”}”(hŒstruct landlock_layer”h]”(j  )”}”(hj  h]”hŒstruct”…””}”(hjg  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjc  hžhhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hju  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hjc  hžhhŸjt  h Kubj2  )”}”(hŒlandlock_layer”h]”j8  )”}”(hja  h]”hŒlandlock_layer”…””}”(hj‡  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hjƒ  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hjc  hžhhŸjt  h Kubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hj_  hžhhŸjt  h Kubah}”(h]”jZ  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸjt  h Khj\  hžhubjd  )”}”(hhh]”j  )”}”(hŒAccess rights for a given layer”h]”hŒAccess rights for a given layer”…””}”(hj©  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Khj¦  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hj\  hžhhŸjt  h Kubeh}”(h]”h ]”(j€  Œstruct”eh"]”h$]”h&]”j…  j€  j†  jÁ  j‡  jÁ  jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhj!  hŸNh NubjŒ  )”}”(hX.  **Definition**::

  struct landlock_layer {
      u16 level;
      access_mask_t access;
  };

**Members**

``level``
  Position of this layer in the layer stack.

``access``
  Bitfield of allowed actions on the kernel object.  They are
  relative to the object type (e.g. ``LANDLOCK_ACTION_FS_READ``).”h]”(j  )”}”(hŒ**Definition**::”h]”(j–  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjÍ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjÉ  ubhŒ:”…””}”(hjÉ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KhjÅ  ubj±  )”}”(hŒCstruct landlock_layer {
    u16 level;
    access_mask_t access;
};”h]”hŒCstruct landlock_layer {
    u16 level;
    access_mask_t access;
};”…””}”hjæ  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j°  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K hjÅ  ubj  )”}”(hŒ**Members**”h]”j–  )”}”(hj÷  h]”hŒMembers”…””}”(hjù  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjõ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K%hjÅ  ubjÚ  )”}”(hhh]”(jß  )”}”(hŒ5``level``
Position of this layer in the layer stack.
”h]”(jå  )”}”(hŒ	``level``”h]”j‰  )”}”(hj  h]”hŒlevel”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Khj  ubjÿ  )”}”(hhh]”j  )”}”(hŒ*Position of this layer in the layer stack.”h]”hŒ*Position of this layer in the layer stack.”…””}”(hj/  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸj+  h Khj,  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj+  h Khj  ubjß  )”}”(hŒ†``access``
Bitfield of allowed actions on the kernel object.  They are
relative to the object type (e.g. ``LANDLOCK_ACTION_FS_READ``).”h]”(jå  )”}”(hŒ
``access``”h]”j‰  )”}”(hjO  h]”hŒaccess”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjM  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K#hjI  ubjÿ  )”}”(hhh]”j  )”}”(hŒ{Bitfield of allowed actions on the kernel object.  They are
relative to the object type (e.g. ``LANDLOCK_ACTION_FS_READ``).”h]”(hŒ^Bitfield of allowed actions on the kernel object.  They are
relative to the object type (e.g. ”…””}”(hjh  hžhhŸNh Nubj‰  )”}”(hŒ``LANDLOCK_ACTION_FS_READ``”h]”hŒLANDLOCK_ACTION_FS_READ”…””}”(hjp  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjh  ubhŒ).”…””}”(hjh  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjd  h K#hje  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjI  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjd  h K#hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hjÅ  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hj!  hžhhŸNh Nubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œlandlock_key (C union)”Œc.landlock_key”hNt”auh1jë  hj!  hžhhŸNh Nubjþ  )”}”(hhh]”(j  )”}”(hŒlandlock_key”h]”j	  )”}”(hŒunion landlock_key”h]”(j  )”}”(hŒunion”h]”hŒunion”…””}”(hjº  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj¶  hžhhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K*ubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hjÉ  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hj¶  hžhhŸjÈ  h K*ubj2  )”}”(hŒlandlock_key”h]”j8  )”}”(hj´  h]”hŒlandlock_key”…””}”(hjÛ  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hj×  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hj¶  hžhhŸjÈ  h K*ubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hj²  hžhhŸjÈ  h K*ubah}”(h]”j­  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸjÈ  h K*hj¯  hžhubjd  )”}”(hhh]”j  )”}”(hŒ!Key of a ruleset's red-black tree”h]”hŒ#Key of a rulesetâ€™s red-black tree”…””}”(hjý  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K)hjú  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hj¯  hžhhŸjÈ  h K*ubeh}”(h]”h ]”(j€  Œunion”eh"]”h$]”h&]”j…  j€  j†  j  j‡  j  jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhj!  hŸNh NubjŒ  )”}”(hX	  **Definition**::

  union landlock_key {
      struct landlock_object *object;
      uintptr_t data;
  };

**Members**

``object``
  Pointer to identify a kernel object (e.g. an inode).

``data``
  Raw data to identify an arbitrary 32-bit value
  (e.g. a TCP port).”h]”(j  )”}”(hŒ**Definition**::”h]”(j–  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj!  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj  ubhŒ:”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K-hj  ubj±  )”}”(hŒOunion landlock_key {
    struct landlock_object *object;
    uintptr_t data;
};”h]”hŒOunion landlock_key {
    struct landlock_object *object;
    uintptr_t data;
};”…””}”hj:  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j°  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K/hj  ubj  )”}”(hŒ**Members**”h]”j–  )”}”(hjK  •â½      h]”hŒMembers”…””}”(hjM  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjI  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K4hj  ubjÚ  )”}”(hhh]”(jß  )”}”(hŒ@``object``
Pointer to identify a kernel object (e.g. an inode).
”h]”(jå  )”}”(hŒ
``object``”h]”j‰  )”}”(hjj  h]”hŒobject”…””}”(hjl  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjh  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K.hjd  ubjÿ  )”}”(hhh]”j  )”}”(hŒ4Pointer to identify a kernel object (e.g. an inode).”h]”hŒ4Pointer to identify a kernel object (e.g. an inode).”…””}”(hjƒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸj  h K.hj€  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjd  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj  h K.hja  ubjß  )”}”(hŒJ``data``
Raw data to identify an arbitrary 32-bit value
(e.g. a TCP port).”h]”(jå  )”}”(hŒ``data``”h]”j‰  )”}”(hj£  h]”hŒdata”…””}”(hj¥  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj¡  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K2hj  ubjÿ  )”}”(hhh]”j  )”}”(hŒARaw data to identify an arbitrary 32-bit value
(e.g. a TCP port).”h]”hŒARaw data to identify an arbitrary 32-bit value
(e.g. a TCP port).”…””}”(hj¼  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸj¸  h K2hj¹  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj¸  h K2hja  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hj  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hj!  hžhhŸNh Nubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œlandlock_key_type (C enum)”Œc.landlock_key_type”hNt”auh1jë  hj!  hžhhŸNh Nubjþ  )”}”(hhh]”(j  )”}”(hŒlandlock_key_type”h]”j	  )”}”(hŒenum landlock_key_type”h]”(j  )”}”(hŒenum”h]”hŒenum”…””}”(hjü  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjø  hžhhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K9ubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hjø  hžhhŸj
  h K9ubj2  )”}”(hŒlandlock_key_type”h]”j8  )”}”(hjö  h]”hŒlandlock_key_type”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hj  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hjø  hžhhŸj
  h K9ubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hjô  hžhhŸj
  h K9ubah}”(h]”jï  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸj
  h K9hjñ  hžhubjd  )”}”(hhh]”j  )”}”(hŒ3Type of :c:type:`union landlock_key <landlock_key>`”h]”(hŒType of ”…””}”(hj?  hžhhŸNh Nubh)”}”(hŒ+:c:type:`union landlock_key <landlock_key>`”h]”j‰  )”}”(hjI  h]”hŒunion landlock_key”…””}”(hjK  hžhhŸNh Nubah}”(h]”h ]”(j/  j€  Œc-type”eh"]”h$]”h&]”uh1jˆ  hjG  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j;  Œ	refdomain”j€  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰jA  jD  )”}”jG  ]”jB  ŒASTIdentifier”“”)”}”Œ
identifier”jö  sbŒc.landlock_key_type”†”asbjI  Œlandlock_key”uh1hhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Khj?  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K8hj<  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hjñ  hžhhŸj
  h K9ubeh}”(h]”h ]”(j€  Œenum”eh"]”h$]”h&]”j…  j€  j†  j  j‡  j  jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhj!  hŸNh NubjŒ  )”}”(hŒç**Constants**

``LANDLOCK_KEY_INODE``
  Type of :c:type:`landlock_ruleset.root_inode <landlock_ruleset>`'s node
  keys.

``LANDLOCK_KEY_NET_PORT``
  Type of :c:type:`landlock_ruleset.root_net_port <landlock_ruleset>`'s
  node keys.”h]”(j  )”}”(hŒ**Constants**”h]”j–  )”}”(hj‹  h]”hŒ	Constants”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj‰  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K<hj…  ubjÚ  )”}”(hhh]”(jß  )”}”(hŒe``LANDLOCK_KEY_INODE``
Type of :c:type:`landlock_ruleset.root_inode <landlock_ruleset>`'s node
keys.
”h]”(jå  )”}”(hŒ``LANDLOCK_KEY_INODE``”h]”j‰  )”}”(hjª  h]”hŒLANDLOCK_KEY_INODE”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj¨  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K@hj¤  ubjÿ  )”}”(hhh]”j  )”}”(hŒMType of :c:type:`landlock_ruleset.root_inode <landlock_ruleset>`'s node
keys.”h]”(hŒType of ”…””}”(hjÃ  hžhhŸNh Nubh)”}”(hŒ8:c:type:`landlock_ruleset.root_inode <landlock_ruleset>`”h]”j‰  )”}”(hjÍ  h]”hŒlandlock_ruleset.root_inode”…””}”(hjÏ  hžhhŸNh Nubah}”(h]”h ]”(j/  j€  Œc-type”eh"]”h$]”h&]”uh1jˆ  hjË  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j;  Œ	refdomain”j€  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰jA  jE  jI  Œlandlock_ruleset”uh1hhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K?hjÃ  ubhŒâ€™s node
keys.”…””}”(hjÃ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjê  h K?hjÀ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj¤  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj¿  h K@hj¡  ubjß  )”}”(hŒj``LANDLOCK_KEY_NET_PORT``
Type of :c:type:`landlock_ruleset.root_net_port <landlock_ruleset>`'s
node keys.”h]”(jå  )”}”(hŒ``LANDLOCK_KEY_NET_PORT``”h]”j‰  )”}”(hj  h]”hŒLANDLOCK_KEY_NET_PORT”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KChj  ubjÿ  )”}”(hhh]”j  )”}”(hŒPType of :c:type:`landlock_ruleset.root_net_port <landlock_ruleset>`'s
node keys.”h]”(hŒType of ”…””}”(hj   hžhhŸNh Nubh)”}”(hŒ;:c:type:`landlock_ruleset.root_net_port <landlock_ruleset>`”h]”j‰  )”}”(hj*  h]”hŒlandlock_ruleset.root_net_port”…””}”(hj,  hžhhŸNh Nubah}”(h]”h ]”(j/  j€  Œc-type”eh"]”h$]”h&]”uh1jˆ  hj(  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j;  Œ	refdomain”j€  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰jA  jE  jI  Œlandlock_ruleset”uh1hhŸj  h KChj   ubhŒâ€™s
node keys.”…””}”(hj   hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸj  h KChj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj  h KChj¡  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hj…  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hj!  hžhhŸNh Nubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œlandlock_id (C struct)”Œc.landlock_id”hNt”auh1jë  hj!  hžhhŸNh Nubjþ  )”}”(hhh]”(j  )”}”(hŒlandlock_id”h]”j	  )”}”(hŒstruct landlock_id”h]”(j  )”}”(hj  h]”hŒstruct”…””}”(hjƒ  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hj  hžhhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KJubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hj‘  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hj  hžhhŸj  h KJubj2  )”}”(hŒlandlock_id”h]”j8  )”}”(hj}  h]”hŒlandlock_id”…””}”(hj£  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hjŸ  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hj  hžhhŸj  h KJubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hj{  hžhhŸj  h KJubah}”(h]”jv  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸj  h KJhjx  hžhubjd  )”}”(hhh]”j  )”}”(hŒ$Unique rule identifier for a ruleset”h]”hŒ$Unique rule identifier for a ruleset”…””}”(hjÅ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KHhjÂ  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hjx  hžhhŸj  h KJubeh}”(h]”h ]”(j€  Œstruct”eh"]”h$]”h&]”j…  j€  j†  jÝ  j‡  jÝ  jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhj!  hŸNh NubjŒ  )”}”(hX  **Definition**::

  struct landlock_id {
      union landlock_key key;
      const enum landlock_key_type type;
  };

**Members**

``key``
  Identifies either a kernel object (e.g. an inode) or
  a raw value (e.g. a TCP port).

``type``
  Type of a landlock_ruleset's root tree.”h]”(j  )”}”(hŒ**Definition**::”h]”(j–  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjé  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjå  ubhŒ:”…””}”(hjå  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KLhjá  ubj±  )”}”(hŒZstruct landlock_id {
    union landlock_key key;
    const enum landlock_key_type type;
};”h]”hŒZstruct landlock_id {
    union landlock_key key;
    const enum landlock_key_type type;
};”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j°  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KNhjá  ubj  )”}”(hŒ**Members**”h]”j–  )”}”(hj  h]”hŒMembers”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KShjá  ubjÚ  )”}”(hhh]”(jß  )”}”(hŒ\``key``
Identifies either a kernel object (e.g. an inode) or
a raw value (e.g. a TCP port).
”h]”(jå  )”}”(hŒ``key``”h]”j‰  )”}”(hj2  h]”hŒkey”…””}”(hj4  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj0  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KNhj,  ubjÿ  )”}”(hhh]”j  )”}”(hŒSIdentifies either a kernel object (e.g. an inode) or
a raw value (e.g. a TCP port).”h]”hŒSIdentifies either a kernel object (e.g. an inode) or
a raw value (e.g. a TCP port).”…””}”(hjK  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KMhjH  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj,  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjG  h KNhj)  ubjß  )”}”(hŒ0``type``
Type of a landlock_ruleset's root tree.”h]”(jå  )”}”(hŒ``type``”h]”j‰  )”}”(hjl  h]”hŒtype”…””}”(hjn  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KQhjf  ubjÿ  )”}”(hhh]”j  )”}”(hŒ'Type of a landlock_ruleset's root tree.”h]”hŒ)Type of a landlock_rulesetâ€™s root tree.”…””}”(hj…  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KRhj‚  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjf  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj  h KQhj)  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hjá  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hj!  hžhhŸNh Nubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œlandlock_rule (C struct)”Œc.landlock_rule”hNt”auh1jë  hj!  hžhhŸNh Nubjþ  )”}”(hhh]”(j  )”}”(hŒlandlock_rule”h]”j	  )”}”(hŒstruct landlock_rule”h]”(j  )”}”(hj  h]”hŒstruct”…””}”(hjÆ  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjÂ  hžhhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KXubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hjÔ  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hjÂ  hžhhŸjÓ  h KXubj2  )”}”(hŒlandlock_rule”h]”j8  )”}”(hjÀ  h]”hŒlandlock_rule”…””}”(hjæ  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hjâ  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hjÂ  hžhhŸjÓ  h KXubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hj¾  hžhhŸjÓ  h KXubah}”(h]”j¹  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸjÓ  h KXhj»  hžhubjd  )”}”(hhh]”j  )”}”(hŒAccess rights tied to an object”h]”hŒAccess rights tied to an object”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KWhj  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hj»  hžhhŸjÓ  h KXubeh}”(h]”h ]”(j€  Œstruct”eh"]”h$]”h&]”j…  j€  j†  j   j‡  j   jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhj!  hŸNh NubjŒ  )”}”(hXÄ  **Definition**::

  struct landlock_rule {
      struct rb_node node;
      union landlock_key key;
      u32 num_layers;
      struct landlock_layer layers[] ;
  };

**Members**

``node``
  Node in the ruleset's red-black tree.

``key``
  A union to identify either a kernel object (e.g. an inode) or
  a raw data value (e.g. a network socket port). This is used as a key
  for this ruleset element.  The pointer is set once and never
  modified.  It always points to an allocated object because each rule
  increments the refcount of its object.

``num_layers``
  Number of entries in **layers**.

``layers``
  Stack of layers, from the latest to the newest, implemented
  as a flexible array member (FAM).”h]”(j  )”}”(hŒ**Definition**::”h]”(j–  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hj,  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj(  ubhŒ:”…””}”(hj(  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K[hj$  ubj±  )”}”(hŒ‡struct landlock_rule {
    struct rb_node node;
    union landlock_key key;
    u32 num_layers;
    struct landlock_layer layers[] ;
};”h]”hŒ‡struct landlock_rule {
    struct rb_node node;
    union landlock_key key;
    u32 num_layers;
    struct landlock_layer layers[] ;
};”…””}”hjE  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j°  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K]hj$  ubj  )”}”(hŒ**Members**”h]”j–  )”}”(hjV  h]”hŒMembers”…””}”(hjX  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjT  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kdhj$  ubjÚ  )”}”(hhh]”(jß  )”}”(hŒ/``node``
Node in the ruleset's red-black tree.
”h]”(jå  )”}”(hŒ``node``”h]”j‰  )”}”(hju  h]”hŒnode”…””}”(hjw  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjs  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K\hjo  ubjÿ  )”}”(hhh]”j  )”}”(hŒ%Node in the ruleset's red-black tree.”h]”hŒ'Node in the rulesetâ€™s red-black tree.”…””}”(hjŽ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjŠ  h K\hj‹  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjo  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjŠ  h K\hjl  ubjß  )”}”(hX4  ``key``
A union to identify either a kernel object (e.g. an inode) or
a raw data value (e.g. a network socket port). This is used as a key
for this ruleset element.  The pointer is set once and never
modified.  It always points to an allocated object because each rule
increments the refcount of its object.
”h]”(jå  )”}”(hŒ``key``”h]”j‰  )”}”(hj®  h]”hŒkey”…””}”(hj°  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj¬  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kdhj¨  ubjÿ  )”}”(hhh]”j  )”}”(hX+  A union to identify either a kernel object (e.g. an inode) or
a raw data value (e.g. a network socket port). This is used as a key
for this ruleset element.  The pointer is set once and never
modified.  It always points to an allocated object because each rule
increments the refcount of its object.”h]”hX+  A union to identify either a kernel object (e.g. an inode) or
a raw data value (e.g. a network socket port). This is used as a key
for this ruleset element.  The pointer is set once and never
modified.  It always points to an allocated object because each rule
increments the refcount of its object.”…””}”(hjÇ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K`hjÄ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj¨  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjÃ  h Kdhjl  ubjß  )”}”(hŒ0``num_layers``
Number of entries in **layers**.
”h]”(jå  )”}”(hŒ``num_layers``”h]”j‰  )”}”(hjè  h]”hŒ
num_layers”…””}”(hjê  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjæ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Khhjâ  ubjÿ  )”}”(hhh]”j  )”}”(hŒ Number of entries in **layers**.”h]”(hŒNumber of entries in ”…””}”(hj  hžhhŸNh Nubj–  )”}”(hŒ
**layers**”h]”hŒlayers”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj  ubhŒ.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjý  h Khhjþ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjâ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjý  h Khhjl  ubjß  )”}”(hŒh``layers``
Stack of layers, from the latest to the newest, implemented
as a flexible array member (FAM).”h]”(jå  )”}”(hŒ
``layers``”h]”j‰  )”}”(hj3  h]”hŒlayers”…””}”(hj5  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Klhj-  ubjÿ  )”}”(hhh]”j  )”}”(hŒ]Stack of layers, from the latest to the newest, implemented
as a flexible array member (FAM).”h]”hŒ]Stack of layers, from the latest to the newest, implemented
as a flexible array member (FAM).”…””}”(hjL  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjH  h KlhjI  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj-  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjH  h Klhjl  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hj$  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hj!  hžhhŸNh Nubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œlandlock_ruleset (C struct)”Œc.landlock_ruleset”hNt”auh1jë  hj!  hžhhŸNh Nubjþ  )”}”(hhh]”(j  )”}”(hŒlandlock_ruleset”h]”j	  )”}”(hŒstruct landlock_ruleset”h]”(j  )”}”(hj  h]”hŒstruct”…””}”(hjŒ  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjˆ  hžhhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Ksubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hjš  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hjˆ  hžhhŸj™  h Ksubj2  )”}”(hŒlandlock_ruleset”h]”j8  )”}”(hj†  h]”hŒlandlock_ruleset”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hj¨  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hjˆ  hžhhŸj™  h Ksubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hj„  hžhhŸj™  h Ksubah}”(h]”j  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸj™  h Kshj  hžhubjd  )”}”(hhh]”j  )”}”(hŒLandlock ruleset”h]”hŒLandlock ruleset”…””}”(hjÎ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KrhjË  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hj  hžhhŸj™  h Ksubeh}”(h]”h ]”(j€  Œstruct”eh"]”h$]”h&]”j…  j€  j†  jæ  j‡  jæ  jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhj!  hŸNh NubjŒ  )”}”(hX	  **Definition**::

  struct landlock_ruleset {
      struct rb_root root_inode;
  #if IS_ENABLED(CONFIG_INET);
      struct rb_root root_net_port;
  #endif ;
      struct landlock_hierarchy *hierarchy;
      union {
          struct work_struct work_free;
          struct {
              struct mutex lock;
              refcount_t usage;
              u32 num_rules;
              u32 num_layers;
              struct access_masks access_masks[];
          };
      };
  };

**Members**

``root_inode``
  Root of a red-black tree containing :c:type:`struct
  landlock_rule <landlock_rule>` nodes with inode object.  Once a ruleset is tied to a
  process (i.e. as a domain), this tree is immutable until **usage**
  reaches zero.

``root_net_port``
  Root of a red-black tree containing :c:type:`struct
  landlock_rule <landlock_rule>` nodes with network port. Once a ruleset is tied to a
  process (i.e. as a domain), this tree is immutable until **usage**
  reaches zero.

``hierarchy``
  Enables hierarchy identification even when a parent
  domain vanishes.  This is needed for the ptrace protection.

``{unnamed_union}``
  anonymous

``work_free``
  Enables to free a ruleset within a lockless
  section.  This is only used by
  landlock_put_ruleset_deferred() when **usage** reaches zero.
  The fields **lock**, **usage**, **num_rules**, **num_layers** and
  **access_masks** are then unused.

``{unnamed_struct}``
  anonymous

``lock``
  Protects against concurrent modifications of
  **root**, if **usage** is greater than zero.

``usage``
  Number of processes (i.e. domains) or file
  descriptors referencing this ruleset.

``num_rules``
  Number of non-overlapping (i.e. not for
  the same object) rules in this ruleset.

``num_layers``
  Number of layers that are used in this
  ruleset.  This enables to check that all the layers
  allow an access request.  A value of 0 identifies a
  non-merged ruleset (i.e. not a domain).

``access_masks``
  Contains the subset of filesystem and
  network actions that are restricted by a ruleset.
  A domain saves all layers of merged rulesets in a
  stack (FAM), starting from the first layer to the
  last one.  These layers are used when merging
  rulesets, for user space backward compatibility
  (i.e. future-proof), and to properly handle merged
  rulesets without overlapping access rights.  These
  layers are set once and never changed for the
  lifetime of the ruleset.”h]”(j  )”}”(hŒ**Definition**::”h]”(j–  )”}”(hŒ**Definition**”h]”hŒ
Definition”…””}”(hjò  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjî  ubhŒ:”…””}”(hjî  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kvhjê  ubj±  )”}”(hX¦  struct landlock_ruleset {
    struct rb_root root_inode;
#if IS_ENABLED(CONFIG_INET);
    struct rb_root root_net_port;
#endif ;
    struct landlock_hierarchy *hierarchy;
    union {
        struct work_struct work_free;
        struct {
            struct mutex lock;
            refcount_t usage;
            u32 num_rules;
            u32 num_layers;
            struct access_masks access_masks[];
        };
    };
};”h]”hX¦  struct landlock_ruleset {
    struct rb_root root_inode;
#if IS_ENABLED(CONFIG_INET);
    struct rb_root root_net_port;
#endif ;
    struct landlock_hierarchy *hierarchy;
    union {
        struct work_struct work_free;
        struct {
            struct mutex lock;
            refcount_t usage;
            u32 num_rules;
            u32 num_layers;
            struct access_masks access_masks[];
        };
    };
};”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j°  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kxhjê  ubj  )”}”(hŒ**Members**”h]”j–  )”}”(hj  h]”hŒMembers”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KŠhjê  ubjÚ  )”}”(hhh]”(jß  )”}”(hŒé``root_inode``
Root of a red-black tree containing :c:type:`struct
landlock_rule <landlock_rule>` nodes with inode object.  Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until **usage**
reaches zero.
”h]”(jå  )”}”(hŒ``root_inode``”h]”j‰  )”}”(hj;  h]”hŒ
root_inode”…””}”(hj=  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj9  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K}hj5  ubjÿ  )”}”(hhh]”j  )”}”(hŒÙRoot of a red-black tree containing :c:type:`struct
landlock_rule <landlock_rule>` nodes with inode object.  Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until **usage**
reaches zero.”h]”(hŒ$Root of a red-black tree containing ”…””}”(hjT  hžhhŸNh Nubh)”}”(hŒ.:c:type:`struct
landlock_rule <landlock_rule>`”h]”j‰  )”}”(hj^  h]”hŒstruct
landlock_rule”…””}”(hj`  hžhhŸNh Nubah}”(h]”h ]”(j/  j€  Œc-type”eh"]”h$]”h&]”uh1jˆ  hj\  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j;  Œ	refdomain”j€  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰jA  jE  jI  Œlandlock_rule”uh1hhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KzhjT  ubhŒp nodes with inode object.  Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until ”…””}”(hjT  hžhhŸNh Nubj–  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hj€  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjT  ubhŒ
reaches zero.”…””}”(hjT  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸj{  h KzhjQ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj5  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjP  h K}hj2  ubjß  )”}”(hŒë``root_net_port``
Root of a red-black tree containing :c:type:`struct
landlock_rule <landlock_rule>` nodes with network port. Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until **usage**
reaches zero.
”h]”(jå  )”}”(hŒ``root_net_port``”h]”j‰  )”}”(hjª  h]”hŒroot_net_port”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj¨  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K†hj¤  ubjÿ  )”}”(hhh]”j  )”}”(hŒØRoot of a red-black tree containing :c:type:`struct
landlock_rule <landlock_rule>` nodes with network port. Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until **usage**
reaches zero.”h]”(hŒ$Root of a red-black tree containing ”…””}”(hjÃ  hžhhŸNh Nubh)”}”(hŒ.:c:type:`struct
landlock_rule <landlock_rule>`”h]”j‰  )”}”(hjÍ  h]”hŒstruct
landlock_rule”…””}”(hjÏ  hžhhŸNh Nubah}”(h]”h ]”(j/  j€  Œc-type”eh"]”h$]”h&]”uh1jˆ  hjË  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j;  Œ	refdomain”j€  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰jA  jE  jI  Œlandlock_rule”uh1hhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KƒhjÃ  ubhŒo nodes with network port. Once a ruleset is tied to a
process (i.e. as a domain), this tree is immutable until ”…””}”(hjÃ  hžhhŸNh Nubj–  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjÃ  ubhŒ
reaches zero.”…””}”(hjÃ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjê  h KƒhjÀ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj¤  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj¿  h K†hj2  ubjß  )”}”(hŒ~``hierarchy``
Enables hierarchy identification even when a parent
domain vanishes.  This is needed for the ptrace protection.
”h]”(jå  )”}”(hŒ``hierarchy``”h]”j‰  )”}”(hj  h]”hŒ	hierarchy”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Khj  ubjÿ  )”}”(hhh]”j  )”}”(hŒoEnables hierarchy identification even when a parent
domain vanishes.  This is needed for the ptrace protection.”h]”hŒoEnables hierarchy identification even when a parent
domain vanishes.  This is needed for the ptrace protection.”…””}”(hj2  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KŒhj/  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj.  h Khj2  ubjß  )”}”(hŒ``{unnamed_union}``
anonymous
”h]”(jå  )”}”(hŒ``{unnamed_union}``”h]”j‰  )”}”(hjS  h]”hŒ{unnamed_union}”…””}”(hjU  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjQ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KhjM  ubjÿ  )”}”(hhh]”j  )”}”(hŒ	anonymous”h]”hŒ	anonymous”…””}”(hjl  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjh  h Khji  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjM  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjh  h Khj2  ubjß  )”}”(hŒú``work_free``
Enables to free a ruleset within a lockless
section.  This is only used by
landlock_put_ruleset_deferred() when **usage** reaches zero.
The fields **lock**, **usage**, **num_rules**, **num_layers** and
**access_masks** are then unused.
”h]”(jå  )”}”(hŒ``work_free``”h]”j‰  )”}”(hjŒ  h]”hŒ	work_free”…””}”(hjŽ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjŠ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K–hj†  ubjÿ  )”}”(hhh]”j  )”}”(hŒëEnables to free a ruleset within a lockless
section.  This is only used by
landlock_put_ruleset_deferred() when **usage** reaches zero.
The fields **lock**, **usage**, **num_rules**, **num_layers** and
**access_masks** are then unused.”h]”(hŒpEnables to free a ruleset within a lockless
section.  This is only used by
landlock_put_ruleset_deferred() when ”…””}”(hj¥  hžhhŸNh Nubj–  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hj­  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj¥  ubhŒ reaches zero.
The fields ”…””}”(hj¥  hžhhŸNh Nubj–  )”}”(hŒ**lock**”h]”hŒlock”…””}”(hj¿  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj¥  ubhŒ, ”…””}”(hj¥  hžhhŸNh Nubj–  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hjÑ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj¥  ubhŒ, ”…””}”hj¥  sbj–  )”}”(hŒ**num_rules**”h]”hŒ	num_rules”…””}”(hjã  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj¥  ubhŒ, ”…””}”hj¥  sbj–  )”}”(hŒ**num_layers**”h]”hŒ
num_layers”…””}”(hjõ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj¥  ubhŒ and
”…””}”(hj¥  hžhhŸNh Nubj–  )”}”(hŒ**access_masks**”h]”hŒaccess_masks”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj¥  ubhŒ are then unused.”…””}”(hj¥  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K’hj¢  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj†  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj¡  h K–hj2  ubjß  )”}”(hŒ``{unnamed_struct}``
anonymous
”h]”(jå  )”}”(hŒ``{unnamed_struct}``”h]”j‰  )”}”(hj2  h]”hŒ{unnamed_struct}”…””}”(hj4  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj0  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K™hj,  ubjÿ  )”}”(hhh]”j  )”}”(hŒ	anonymous”h]”hŒ	anonymous”…””}”(hjK  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjG  h K™hjH  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj,  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjG  h K™hj2  ubjß  )”}”(hŒc``lock``
Protects against concurrent modifications of
**root**, if **usage** is greater than zero.
”h]”(jå  )”}”(hŒ``lock``”h]”j‰  )”}”(hjk  h]”hŒlock”…””}”(hjm  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hji  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kœhje  ubjÿ  )”}”(hhh]”j  )”}”(hŒYProtects against concurrent modifications of
**root**, if **usage** is greater than zero.”h]”(hŒ-Protects against concurrent modifications of
”…””}”(hj„  hžhhŸNh Nubj–  )”}”(hŒ**root**”h]”hŒroot”…””}”(hjŒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj„  ubhŒ, if ”…””}”(hj„  hžhhŸNh Nubj–  )”}”(hŒ	**usage**”h]”hŒusage”…””}”(hjž  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj„  ubhŒ is greater than zero.”…””}”(hj„  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K›hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hje  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj€  h Kœhj2  ubjß  )”}”(hŒ[``usage``
Number of processes (i.e. domains) or file
descriptors referencing this ruleset.
”h]”(jå  )”}”(hŒ	``usage``”h]”j‰  )”}”(hjÉ  h]”hŒusage”…””}”(hjË  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjÇ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K¡hjÃ  ubjÿ  )”}”(hhh]”j  )”}”(hŒPNumber of processes (i.e. domains) or file
descriptors referencing this ruleset.”h]”hŒPNumber of processes (i.e. domains) or file
descriptors referencing this ruleset.”…””}”(hjâ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K hjß  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjÃ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjÞ  h K¡hj2  ubjß  )”}”(hŒ^``num_rules``
Number of non-overlapping (i.e. not for
the same object) rules in this ruleset.
”h]”(jå  )”}”(hŒ``num_rules``”h]”j‰  )”}”(hj  h]”hŒ	num_rules”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K¦hjý  ubjÿ  )”}”(hhh]”j  )”}”(hŒONumber of non-overlapping (i.e. not for
the same object) rules in this ruleset.”h]”hŒONumber of non-overlapping (i.e. not for
the same object) rules in this ruleset.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K¥hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjý  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸj  h K¦hj2  ubjß  )”}”(hŒÆ``num_layers``
Number of layers that are used in this
ruleset.  This enables to check that all the layers
allow an access request.  A value of 0 identifies a
non-merged ruleset (i.e. not a domain).
”h]”(jå  )”}”(hŒ``num_layers``”h]”j‰  )”}”(hj=  h]”hŒ
num_layers”…””}”(hj?  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hj;  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K­hj7  ubjÿ  )”}”(hhh]”j  )”}”(hŒ¶Number of layers that are used in this
ruleset.  This enables to check that all the layers
allow an access request.  A value of 0 identifies a
non-merged ruleset (i.e. not a domain).”h]”hŒ¶Number of layers that are used in this
ruleset.  This enables to check that all the layers
allow an access request.  A value of 0 identifies a
non-merged ruleset (i.e. not a domain).”…””}”(hjV  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KªhjS  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj7  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjR  h K­hj2  ubjß  )”}”(hX×  ``access_masks``
Contains the subset of filesystem and
network actions that are restricted by a ruleset.
A domain saves all layers of merged rulesets in a
stack (FAM), starting from the first layer to the
last one.  These layers are used when merging
rulesets, for user space backward compatibility
(i.e. future-proof), and to properly handle merged
rulesets without overlapping access rights.  These
layers are set once and never changed for the
lifetime of the ruleset.”h]”(jå  )”}”(hŒ``access_masks``”h]”j‰  )”}”(hjw  h]”hŒaccess_masks”…””}”(hjy  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hju  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K¹hjq  ubjÿ  )”}”(hhh]”j  )”}”(hXÆ  Contains the subset of filesystem and
network actions that are restricted by a ruleset.
A domain saves all layers of merged rulesets in a
stack (FAM), starting from the first layer to the
last one.  These layers are used when merging
rulesets, for user space backward compatibility
(i.e. future-proof), and to properly handle merged
rulesets without overlapping access rights.  These
layers are set once and never changed for the
lifetime of the ruleset.”h]”hXÆ  Contains the subset of filesystem and
network actions that are restricted by a ruleset.
A domain saves all layers of merged rulesets in a
stack (FAM), starting from the first layer to the
last one.  These layers are used when merging
rulesets, for user space backward compatibility
(i.e. future-proof), and to properly handle merged
rulesets without overlapping access rights.  These
layers are set once and never changed for the
lifetime of the ruleset.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K±hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hjq  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjŒ  h K¹hj2  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hjê  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hj!  hžhhŸNh Nubj  )”}”(hŒ**Description**”h]”j–  )”}”(hjº  h]”hŒDescription”…””}”(hj¼  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hj¸  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h K½hj!  hžhubj  )”}”(hŒ\This data structure must contain unique entries, be updatable, and quick to
match an object.”h]”hŒ\This data structure must contain unique entries, be updatable, and quick to
match an object.”…””}”(hjÐ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kshj!  hžhubjì  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œentries”]”(jø  Œ(landlock_union_access_masks (C function)”Œc.landlock_union_access_masks”hNt”auh1jë  hj!  hžhhŸNh Nubjþ  )”}”(hhh]”(j  )”}”(hŒ]struct access_masks landlock_union_access_masks (const struct landlock_ruleset *const domain)”h]”j	  )”}”(hŒ\struct access_masks landlock_union_access_masks(const struct landlock_ruleset *const domain)”h]”(j  )”}”(hj  h]”hŒstruct”…””}”(hjø  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hjô  hžhhŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kåubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hjô  hžhhŸj  h Kåubh)”}”(hhh]”j8  )”}”(hŒaccess_masks”h]”hŒaccess_masks”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hj  ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”j€  Œreftype”jl  Œ	reftarget”j  Œmodname”NŒ	classname”NjA  jD  )”}”jG  ]”ji  )”}”jl  Œlandlock_union_access_masks”sbŒc.landlock_union_access_masks”†”asbuh1hhjô  hžhhŸj  h Kåubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hj8  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hjô  hžhhŸj  h Kåubj2  )”}”(hŒlandlock_union_access_masks”h]”j8  )”}”(hj5  h]”hŒlandlock_union_access_masks”…””}”(hjJ  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hjF  ubah}”(h]”h ]”(jJ  jK  eh"]”h$]”h&]”h±h²uh1j1  hjô  hžhhŸj  h Kåubh Œdesc_parameterlist”“”)”}”(hŒ-(const struct landlock_ruleset *const domain)”h]”h Œdesc_parameter”“”)”}”(hŒ+const struct landlock_ruleset *const domain”h]”(j  )”}”(hŒconst”h]”hŒconst”…””}”(hji  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hje  ubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hjw  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hje  ubj  )”}”(hj  h]”hŒstruct”…””}”(hj…  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hje  ubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hj’  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hje  ubh)”}”(hhh]”j8  )”}”(hŒlandlock_ruleset”h]”hŒlandlock_ruleset”…””}”(hj£  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hj   ubah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”j€  Œreftype”jl  Œ	reftarget”j¥  Œmodname”NŒ	classname”NjA  jD  )”}”jG  ]”j3  Œc.landlock_union_access_masks”†”asbuh1hhje  ubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hjÁ  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hje  ubh Œdesc_sig_punctuation”“”)”}”(hjU  h]”hŒ*”…””}”(hjÑ  hžhhŸNh Nubah}”(h]”h ]”Œp”ah"]”h$]”h&]”uh1jÏ  hje  ubj  )”}”(hjk  h]”hŒconst”…””}”(hjß  hžhhŸNh Nubah}”(h]”h ]”j  ah"]”h$]”h&]”uh1j  hje  ubj!  )”}”(hŒ ”h]”hŒ ”…””}”(hjì  hžhhŸNh Nubah}”(h]”h ]”j-  ah"]”h$]”h&]”uh1j   hje  ubj8  )”}”(hŒdomain”h]”hŒdomain”…””}”(hjú  hžhhŸNh Nubah}”(h]”h ]”jC  ah"]”h$]”h&]”uh1j7  hje  ubeh}”(h]”h ]”h"]”h$]”h&]”Œnoemph”ˆh±h²uh1jc  hj_  ubah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1j]  hjô  hžhhŸj  h Kåubeh}”(h]”h ]”h"]”h$]”h&]”h±h²jU  ˆuh1j  jV  jW  hjð  hžhhŸj  h Kåubah}”(h]”jë  ah ]”(j[  j\  eh"]”h$]”h&]”j`  ˆja  )jb  huh1j  hŸj  h Kåhjí  hžhubjd  )”}”(hhh]”j  )”}”(hŒ.Return all access rights handled in the domain”h]”hŒ.Return all access rights handled in the domain”…””}”(hj$  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h KÞhj!  hžhubah}”(h]”h ]”h"]”h$]”h&]”uh1jc  hjí  hžhhŸj  h Kåubeh}”(h]”h ]”(j€  Œfunction”eh"]”h$]”h&]”j…  j€  j†  j<  j‡  j<  jˆ  ‰j‰  ‰jŠ  ‰uh1jý  hžhhj!  hŸNh NubjŒ  )”}”(hŒµ**Parameters**

``const struct landlock_ruleset *const domain``
  Landlock ruleset (used as a domain)

**Return**

an access_masks result of the OR of all the domain's access masks.”h]”(j  )”}”(hŒ**Parameters**”h]”j–  )”}”(hjF  h]”hŒ
Parameters”…””}”(hjH  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjD  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kâhj@  ubjÚ  )”}”(hhh]”jß  )”}”(hŒT``const struct landlock_ruleset *const domain``
Landlock ruleset (used as a domain)
”h]”(jå  )”}”(hŒ/``const struct landlock_ruleset *const domain``”h]”j‰  )”}”(hje  h]”hŒ+const struct landlock_ruleset *const domain”…””}”(hjg  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆ  hjc  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Káhj_  ubjÿ  )”}”(hhh]”j  )”}”(hŒ#Landlock ruleset (used as a domain)”h]”hŒ#Landlock ruleset (used as a domain)”…””}”(hj~  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸjz  h Káhj{  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jþ  hj_  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÞ  hŸjz  h Káhj\  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÙ  hj@  ubj  )”}”(hŒ
**Return**”h]”j–  )”}”(hj   h]”hŒReturn”…””}”(hj¢  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j•  hjž  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kãhj@  ubj  )”}”(hŒBan access_masks result of the OR of all the domain's access masks.”h]”hŒDan access_masks result of the OR of all the domainâ€™s access masks.”…””}”(hj¶  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸŒ^/var/lib/git/docbuild/linux/Documentation/security/landlock:128: ./security/landlock/ruleset.h”h Kãhj@  ubeh}”(h]”h ]”Œkernelindent”ah"]”h$]”h&]”uh1j‹  hj!  hžhhŸNh Nubeh}”(h]”Œruleset-and-domain”ah ]”h"]”Œruleset and domain”ah$]”h&]”uh1hÐhjÉ  hžhhŸh³h Krubeh}”(h]”Œkernel-structures”ah ]”h"]”Œkernel structures”ah$]”h&]”uh1hÐhhÒhžhhŸh³h KcubhÑ)”}”(hhh]”(hÖ)”}”(hŒAdditional documentation”h]”hŒAdditional documentation”…””}”(hjß  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÕhjÜ  hžhhŸh³h K„ubjŸ  )”}”(hhh]”(j¤  )”}”(hŒ(Documentation/userspace-api/landlock.rst”h]”j  )”}”(hjò  h]”hŒ(Documentation/userspace-api/landlock.rst”…””}”(hjô  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K†hjð  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hjí  hžhhŸh³h Nubj¤  )”}”(hŒ*Documentation/admin-guide/LSM/landlock.rst”h]”j  )”}”(hj	  h]”hŒ*Documentation/admin-guide/LSM/landlock.rst”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h K‡hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hjí  hžhhŸh³h Nubj¤  )”}”(hŒhttps://landlock.io
”h]”j  )”}”(hŒhttps://landlock.io”h]”j  )”}”(hj$  h]”hŒhttps://landlock.io”…””}”(hj&  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j$  uh1j  hj"  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh³h Kˆhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j£  hjí  hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”jT  jU  uh1jž  hŸh³h K†hjÜ  hžhubh¢)”}”(hŒLinks”h]”hŒLinks”…””}”hjF  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1h¡hjÜ  hžhhŸh³h KŠubhŒtarget”“”)”}”(hŒ‘.. _tools/testing/selftests/landlock/:
   https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/tools/testing/selftests/landlock/”h]”h}”(h]”Œ tools-testing-selftests-landlock”ah ]”h"]”Œ!tools/testing/selftests/landlock/”ah$]”h&]”jµ  j¶  uh1jT  h K‹hjÜ  hžhhŸh³jƒ  Kubeh}”(h]”Œadditional-documentation”ah ]”h"]”Œadditional documentation”ah$]”h&]”uh1hÐhhÒhžhhŸh³h K„ubeh}”(h]”Œ!landlock-lsm-kernel-documentation”ah ]”h"]”Œ"landlock lsm: kernel documentation”ah$]”h&]”uh1hÐhhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÕNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j•  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”(Œfile descriptor access rights”]”j  aŒ!tools/testing/selftests/landlock/”]”j¥  auŒrefids”}”Œnameids”}”(jo  jl  j[  jX  j‰  j†  j¹  j¶  j€  j$  jÆ  jÃ  jÙ  jÖ  j[  jX  j  j  jÑ  jÎ  jg  jd  j_  j\  uŒ	nametypes”}”(jo  ‰j[  ‰j‰  ‰j¹  ‰j€  ‰jÆ  ‰jÙ  ‰j[  ‰j  ‰jÑ  ‰jg  ‰j_  ˆuh}”(jl  hÒjX  j  j†  j^  j¶  jo  j$  j¼  jÃ  jŒ  jÖ  jÉ  jX  jÚ  jú  j  j7  j<  j  j^  j{  j  j
  j

  jõ  jú  jÎ  j!  jZ  j_  j­  j²  jï  jô  jv  j{  j¹  j¾  j  j„  jë  jð  jd  jÜ  j\  jV  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.