security/landlock/errata/abi-6.h - linux/kernel/git/klassert/ipsec-next - Git at Google

 /* SPDX-License-Identifier: GPL-2.0-only */

 /**
  * DOC: erratum_2
  *
  * Erratum 2: Scoped signal handling
  * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  *
  * This fix addresses an issue where signal scoping was overly restrictive,
  * preventing sandboxed threads from signaling other threads within the same
  * process if they belonged to different domains.  Because threads are not
  * security boundaries, user space might assume that any thread within the same
  * process can send signals between themselves (see :manpage:`nptl(7)` and
  * :manpage:`libpsx(3)`).  Consistent with :manpage:`ptrace(2)` behavior, direct
  * interaction between threads of the same process should always be allowed.
  * This change ensures that any thread is allowed to send signals to any other
  * thread within the same process, regardless of their domain.
  */
 LANDLOCK_ERRATUM(2)
	/* SPDX-License-Identifier: GPL-2.0-only */

	/**
	* DOC: erratum_2
	*
	* Erratum 2: Scoped signal handling
	* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	*
	* This fix addresses an issue where signal scoping was overly restrictive,
	* preventing sandboxed threads from signaling other threads within the same
	* process if they belonged to different domains. Because threads are not
	* security boundaries, user space might assume that any thread within the same
	* process can send signals between themselves (see :manpage:`nptl(7)` and
	* :manpage:`libpsx(3)`). Consistent with :manpage:`ptrace(2)` behavior, direct
	* interaction between threads of the same process should always be allowed.
	* This change ensures that any thread is allowed to send signals to any other
	* thread within the same process, regardless of their domain.
	*/
	LANDLOCK_ERRATUM(2)