[PATCH v4 2/6] landlock: Control pathname UNIX domain socket resolution by path
Günther Noack
gnoack3000 at gmail.com
Tue Feb 10 23:04:13 UTC 2026
On Mon, Feb 09, 2026 at 08:11:18AM -0500, Justin Suess wrote:
> On 2/9/26 05:21, Günther Noack wrote:
> > On Mon, Feb 09, 2026 at 12:10:12AM +0100, Günther Noack wrote:
> >> + /* Lookup for the purpose of saving coredumps is OK. */
> >> + if (flags & SOCK_COREDUMP)
> >> + return 0;
> if (unlikely(flags & SOCK_COREDUMP))
> return 0;
Done.
> >> +
> >> + /* Only stream, dgram and seqpacket sockets are restricted. */
> >> + if (type != SOCK_STREAM && type != SOCK_DGRAM && type != SOCK_SEQPACKET)
> >> + return 0;
> if (unlikely(type != SOCK_STREAM && type != SOCK_DGRAM && type != SOCK_SEQPACKET))
> return 0;
Not applicable any more, as I dropped the check per Mickaël's review
in the adjacent mail (I do not think it makes a big difference either
way, TBH.)
–Günther
More information about the Linux-security-module-archive
mailing list