@@ -39,13 +39,25 @@ the running kernel must support Landlock and
it must be enabled at boot time.
.\"
.SS Landlock rules
-A Landlock rule describes an action on an object.
-An object is currently a file hierarchy,
-and the related filesystem actions are defined with access rights (see
-.BR landlock_add_rule (2)).
+A Landlock rule describes an action on an object
+which the process intends to perform.
A set of rules is aggregated in a ruleset,
which can then restrict the thread enforcing it,
and its future children.
+.P
+The two existing types of rules are:
+.P
+.TP
+.B Filesystem rules
+For these rules, the object is a file hierarchy,
+and the related filesystem actions are defined with
+.IR "filesystem access rights" .
+.TP
+.B Network rules (since ABI v4)
+For these rules, the object is a TCP port,
+and the related actions are defined with
+.IR "network access rights" .
+.BR landlock_add_rule (2)).
.\"
.SS Filesystem actions
These flags enable to restrict a sandboxed process to a
This brings it up to date with the wording in the kernel documentation. Cc: Mickaël Salaün <mic@digikod.net> Cc: Tahera Fahimi <fahimitahera@gmail.com> Cc: Tanya Agarwal <tanyaagarwal25699@gmail.com> Signed-off-by: Günther Noack <gnoack@google.com> --- man/man7/landlock.7 | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-)