[PATCH v2 3/4] man/man[27]/{landlock_restrict_self.2,landlock.7}: Document... | linux-man

[PATCH v2 0/4] Update Landlock docs to Landlock ABI v8 · Günther Noack <hidden> · 2026-04-20
[PATCH v2 1/4] man/man2/landlock_create_ruleset.2: Document EINVAL scope case · Günther Noack <hidden> · 2026-04-20
Re: [PATCH v2 1/4] man/man2/landlock_create_ruleset.2: Document EINVAL scope case · Alejandro Colomar <alx@kernel.org> · 2026-04-21
[PATCH v2 2/4] man/man[27]/{landlock_create_ruleset.2,landlock.7}: Document LANDLOCK_CREATE_RULESET_ERRATA · Günther Noack <hidden> · 2026-04-20
Re: [PATCH v2 2/4] man/man[27]/{landlock_create_ruleset.2,landlock.7}: Document LANDLOCK_CREATE_RULESET_ERRATA · Alejandro Colomar <alx@kernel.org> · 2026-04-21
Re: [PATCH v2 2/4] man/man[27]/{landlock_create_ruleset.2,landlock.7}: Document LANDLOCK_CREATE_RULESET_ERRATA · Günther Noack <hidden> · 2026-04-21
[PATCH v2 3/4] man/man[27]/{landlock_restrict_self.2,landlock.7}: Document LANDLOCK_RESTRICT_SELF_TSYNC (ABI v8) · Günther Noack <hidden> · 2026-04-20
[PATCH v2 4/4] man/man2/landlock_restrict_self.2: Document ABI requirement for logging flags · Günther Noack <hidden> · 2026-04-20

[PATCH v2 3/4] man/man[27]/{landlock_restrict_self.2,landlock.7}: Document LANDLOCK_RESTRICT_SELF_TSYNC (ABI v8)

From: Günther Noack <hidden>
Date: 2026-04-20 22:35:32
Subsystem: the rest · Maintainer: Linus Torvalds

Document the new LANDLOCK_RESTRICT_SELF_TSYNC flag, which applies the
Landlock configuration atomically to all threads of the calling process.

Available since Linux 7.0 (Landlock ABI version 8).

Signed-off-by: Günther Noack <redacted>
---
 man/man2/landlock_restrict_self.2 | 18 ++++++++++++++++++
 man/man7/landlock.7               |  2 ++
 2 files changed, 20 insertions(+)

diff --git a/man/man2/landlock_restrict_self.2 b/man/man2/landlock_restrict_self.2
index 9e80a40ee4a4..1265ea2feb91 100644
--- a/man/man2/landlock_restrict_self.2
+++ b/man/man2/landlock_restrict_self.2

@@ -133,6 +133,24 @@ It can also be used with a
 .I ruleset_fd
 value of \-1 to mute subdomain logs
 without creating a domain.
+.P
+The following flag supports policy enforcement in multithreaded processes:
+.TP
+.B LANDLOCK_RESTRICT_SELF_TSYNC
+Applies the new Landlock configuration atomically
+to all threads of the current process,
+including the Landlock domain and logging configuration.
+This overrides the Landlock configuration of sibling threads,
+irrespective of previously established Landlock domains
+and logging configurations on those threads.
+.IP
+If the calling thread is running with
+.IR no_new_privs ,
+this operation enables
+.I no_new_privs
+on the sibling threads as well.
+.IP
+This flag is available since Landlock ABI version 8.
 .SH RETURN VALUE
 On success,
 .BR landlock_restrict_self ()

diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
index bcf06ea30ad4..06910ccab5b1 100644
--- a/man/man7/landlock.7
+++ b/man/man7/landlock.7

@@ -476,6 +476,8 @@ _	_	_
 7	6.15	LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF
 \^	\^	LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON
 \^	\^	LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
+_	_	_
+8	7.0	LANDLOCK_RESTRICT_SELF_TSYNC
 .TE
 .P
 Users should use the Landlock ABI version rather than the kernel version

-- 
2.53.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help