/* SPDX-License-Identifier: GPL-2.0-only */12/**3* DOC: erratum_24*5* Erratum 2: Scoped signal handling6* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~7*8* This fix addresses an issue where signal scoping was overly restrictive,9* preventing sandboxed threads from signaling other threads within the same10* process if they belonged to different domains. Because threads are not11* security boundaries, user space might assume that all threads within the same12* process can send signals between themselves (see :manpage:`nptl(7)` and13* :manpage:`libpsx(3)`). Consistent with :manpage:`ptrace(2)` behavior, direct14* interaction between threads of the same process should always be allowed.15* This change ensures that any thread is allowed to send signals to any other16* thread within the same process, regardless of their domain.17*18* Impact:19*20* This problem only manifests when the userspace process is itself using21* :manpage:`libpsx(3)` or an equivalent mechanism to enforce a Landlock policy22* on multiple already-running threads at once. Programs which enforce a23* Landlock policy at startup time and only then become multithreaded are not24* affected. Without this fix, signal scoping could break multi-threaded25* applications that expect threads within the same process to freely signal26* each other.27*/28LANDLOCK_ERRATUM(2)293031