/* SPDX-License-Identifier: GPL-2.0-only */

/**
 * DOC: erratum_2
 *
 * Erratum 2: Scoped signal handling
 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 *
 * This fix addresses an issue where signal scoping was overly restrictive,
 * preventing sandboxed threads from signaling other threads within the same
 * process if they belonged to different domains.  Because threads are not
 * security boundaries, user space might assume that all threads within the same
 * process can send signals between themselves (see :manpage:`nptl(7)` and
 * :manpage:`libpsx(3)`).  Consistent with :manpage:`ptrace(2)` behavior, direct
 * interaction between threads of the same process should always be allowed.
 * This change ensures that any thread is allowed to send signals to any other
 * thread within the same process, regardless of their domain.
 *
 * Impact:
 *
 * This problem only manifests when the userspace process is itself using
 * :manpage:`libpsx(3)` or an equivalent mechanism to enforce a Landlock policy
 * on multiple already-running threads at once.  Programs which enforce a
 * Landlock policy at startup time and only then become multithreaded are not
 * affected.  Without this fix, signal scoping could break multi-threaded
 * applications that expect threads within the same process to freely signal
 * each other.
 */
LANDLOCK_ERRATUM(2)