19 lines
854 B
C
19 lines
854 B
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
|
|
/**
|
|
* DOC: erratum_2
|
|
*
|
|
* Erratum 2: Scoped signal handling
|
|
* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
*
|
|
* This fix addresses an issue where signal scoping was overly restrictive,
|
|
* preventing sandboxed threads from signaling other threads within the same
|
|
* process if they belonged to different domains. Because threads are not
|
|
* security boundaries, user space might assume that any thread within the same
|
|
* process can send signals between themselves (see :manpage:`nptl(7)` and
|
|
* :manpage:`libpsx(3)`). Consistent with :manpage:`ptrace(2)` behavior, direct
|
|
* interaction between threads of the same process should always be allowed.
|
|
* This change ensures that any thread is allowed to send signals to any other
|
|
* thread within the same process, regardless of their domain.
|
|
*/
|
|
LANDLOCK_ERRATUM(2)
|