landlock: Explain file descriptor access rights
Starting with LANDLOCK_ACCESS_FS_TRUNCATE, it is worth explaining why we
choose to restrict access checks at open time. This new "File
descriptor access rights" section is complementary to the existing
"Inode access rights" section. Add a new guiding principle related to
this section.
Reviewed-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20221209193813.972012-1-mic@digikod.net
[mic: Include the latest Günther's suggestion, and fix spelling]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
projects / linux.git / commit