tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1/* SPDX-License-Identifier: GPL-2.0-only */
2
3/**
4 * DOC: erratum_2
5 *
6 * Erratum 2: Scoped signal handling
7 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8 *
9 * This fix addresses an issue where signal scoping was overly restrictive,
10 * preventing sandboxed threads from signaling other threads within the same
11 * process if they belonged to different domains. Because threads are not
12 * security boundaries, user space might assume that any thread within the same
13 * process can send signals between themselves (see :manpage:`nptl(7)` and
14 * :manpage:`libpsx(3)`). Consistent with :manpage:`ptrace(2)` behavior, direct
15 * interaction between threads of the same process should always be allowed.
16 * This change ensures that any thread is allowed to send signals to any other
17 * thread within the same process, regardless of their domain.
18 */
19LANDLOCK_ERRATUM(2)