samples/landlock: Document best-effort approach for LANDLOCK_ACCESS_FS_REFER

[linux-2.6-microblaze.git] / samples / landlock / sandboxer.c

diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c
index fd4237c..e2056c8 100644 (file)
--- a/samples/landlock/sandboxer.c
+++ b/samples/landlock/sandboxer.c
@@ -234,7 +234,22 @@ int main(const int argc, char *const argv[], char *const *const envp)
        /* Best-effort security. */
        switch (abi) {
        case 1:
-               /* Removes LANDLOCK_ACCESS_FS_REFER for ABI < 2 */
+               /*
+                * Removes LANDLOCK_ACCESS_FS_REFER for ABI < 2
+                *
+                * Note: The "refer" operations (file renaming and linking
+                * across different directories) are always forbidden when using
+                * Landlock with ABI 1.
+                *
+                * If only ABI 1 is available, this sandboxer knowingly forbids
+                * refer operations.
+                *
+                * If a program *needs* to do refer operations after enabling
+                * Landlock, it can not use Landlock at ABI level 1.  To be
+                * compatible with different kernel versions, such programs
+                * should then fall back to not restrict themselves at all if
+                * the running kernel only supports ABI 1.
+                */
                ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_REFER;
                __attribute__((fallthrough));
        case 2: