mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-28 21:33:52 +00:00
docs: userspace-api: landlock.rst: avoid using ReST :doc:foo markup
The :doc:`foo` tag is auto-generated via automarkup.py. So, use the filename at the sources, instead of :doc:`foo`. Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org> Link: https://lore.kernel.org/r/24888a9c5da3c505b2bc274fcd83be348dbaf972.1623824363.git.mchehab+huawei@kernel.org Signed-off-by: Jonathan Corbet <corbet@lwn.net>
This commit is contained in:
Mauro Carvalho Chehab
Jonathan Corbet
parent
81a2d57873
commit
69fe554015
1 changed files with 6 additions and 5 deletions
|
|
@ -145,7 +145,8 @@ Bind mounts and OverlayFS
|
||||||
|
|
||||||
Landlock enables to restrict access to file hierarchies, which means that these
|
Landlock enables to restrict access to file hierarchies, which means that these
|
||||||
access rights can be propagated with bind mounts (cf.
|
access rights can be propagated with bind mounts (cf.
|
||||||
:doc:`/filesystems/sharedsubtree`) but not with :doc:`/filesystems/overlayfs`.
|
Documentation/filesystems/sharedsubtree.rst) but not with
|
||||||
|
Documentation/filesystems/overlayfs.rst.
|
||||||
|
|
||||||
A bind mount mirrors a source file hierarchy to a destination. The destination
|
A bind mount mirrors a source file hierarchy to a destination. The destination
|
||||||
hierarchy is then composed of the exact same files, on which Landlock rules can
|
hierarchy is then composed of the exact same files, on which Landlock rules can
|
||||||
|
|
@ -170,8 +171,8 @@ Inheritance
|
||||||
|
|
||||||
Every new thread resulting from a :manpage:`clone(2)` inherits Landlock domain
|
Every new thread resulting from a :manpage:`clone(2)` inherits Landlock domain
|
||||||
restrictions from its parent. This is similar to the seccomp inheritance (cf.
|
restrictions from its parent. This is similar to the seccomp inheritance (cf.
|
||||||
:doc:`/userspace-api/seccomp_filter`) or any other LSM dealing with task's
|
Documentation/userspace-api/seccomp_filter.rst) or any other LSM dealing with
|
||||||
:manpage:`credentials(7)`. For instance, one process's thread may apply
|
task's :manpage:`credentials(7)`. For instance, one process's thread may apply
|
||||||
Landlock rules to itself, but they will not be automatically applied to other
|
Landlock rules to itself, but they will not be automatically applied to other
|
||||||
sibling threads (unlike POSIX thread credential changes, cf.
|
sibling threads (unlike POSIX thread credential changes, cf.
|
||||||
:manpage:`nptl(7)`).
|
:manpage:`nptl(7)`).
|
||||||
|
|
@ -278,7 +279,7 @@ Memory usage
|
||||||
------------
|
------------
|
||||||
|
|
||||||
Kernel memory allocated to create rulesets is accounted and can be restricted
|
Kernel memory allocated to create rulesets is accounted and can be restricted
|
||||||
by the :doc:`/admin-guide/cgroup-v1/memory`.
|
by the Documentation/admin-guide/cgroup-v1/memory.rst.
|
||||||
|
|
||||||
Questions and answers
|
Questions and answers
|
||||||
=====================
|
=====================
|
||||||
|
|
@ -303,7 +304,7 @@ issues, especially when untrusted processes can manipulate them (cf.
|
||||||
Additional documentation
|
Additional documentation
|
||||||
========================
|
========================
|
||||||
|
|
||||||
* :doc:`/security/landlock`
|
* Documentation/security/landlock.rst
|
||||||
* https://landlock.io
|
* https://landlock.io
|
||||||
|
|
||||||
.. Links
|
.. Links
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue