[PATCH v2 0/6] Landlock: Implement scope control for pathname Unix sockets
Günther Noack
gnoack3000 at gmail.com
Sun Feb 8 13:44:38 UTC 2026
On Sun, Feb 08, 2026 at 02:57:16AM +0000, Tingmao Wang wrote:
> On 2/5/26 19:15, Mickaël Salaün wrote:
> > On Thu, Feb 05, 2026 at 10:18:54AM -0500, Justin Suess wrote:
> >> On 2/4/26 13:28, Mickaël Salaün wrote:
> >>>> Tingmao:
> >>>>
> >>>> For connecting a pathname unix socket, the order of the hooks landlock sees is something like:
> >>>>
> >>>> 1. security_unix_find. (to look up the paths)
> >>>>
> >>>> 2. security_unix_may_send, security_unix_stream_connect (after the path is looked up)
>
> btw, ideally for pathname sockets we can leave all the checking in the
> security_unix_find() hook (as newly proposed, with the struct sock *other
> param), and not have to e.g. call domain_is_scoped() again in
> security_unix_may_send and security_unix_stream_connect, right?
>
> (Although if this changes error codes, we might have to "delay" the denial
> until the may_send/connect hooks...? Hopefully not but not checked.)
Yes, absolutely. I have had a stab at it and will send it soon.
Justin adopted your suggestion from [1] and created an updated LSM
hook patch based on it. With that, I am doing both checks in the
security_unix_find() hook, based on the resulting struct sock.
[1] https://lore.kernel.org/all/e6b6b069-384c-4c45-a56b-fa54b26bc72a@maowtm.org/#t
–Günther
More information about the Linux-security-module-archive
mailing list