[RFC PATCH 3/5] samples/landlock: Add support for LANDLOCK_ACCESS_FS_CONNECT_UNIX
Günther Noack
gnoack3000 at gmail.com
Sat Jan 10 15:05:18 UTC 2026
Hello!
On Thu, Jan 01, 2026 at 02:30:06PM -0500, Justin Suess wrote:
> Allow users to separately specify unix socket rights,
> document the variable, and make the right optional.
>
> Signed-off-by: Justin Suess <utilityemal77 at gmail.com>
> Cc: Günther Noack <gnoack3000 at gmail.com>
FYI, I ended up not applying this on V2.
I am unconvinced whether further separating the groups of access
rights is a good idea for the sandboxer. This is just sample code to
be used as reference, so it is good to keep it simple. I feel that
giving it more granular control over access rights does not help
readers to understand it much further?
It is true though that it would make sense to have this feature in
more production-grade tools. 👍
–Günther
More information about the Linux-security-module-archive
mailing list