[PATCH] Documentation: landlock: Document fs.resolve_unix audit blocker
Doehyun Baek
doehyunbaek at gmail.com
Thu Jun 25 09:28:19 UTC 2026
The Landlock audit code can emit fs.resolve_unix as a filesystem blocker
for pathname UNIX socket resolution denials, but the admin guide's blockers
list did not mention it.
Add the missing blocker name and ABI version to keep the audit
documentation in sync with the emitted records.
Fixes: ae97330d1bd6 ("landlock: Control pathname UNIX domain socket resolution by path")
Signed-off-by: Doehyun Baek <doehyunbaek at gmail.com>
---
Documentation/admin-guide/LSM/landlock.rst | 1 +
1 file changed, 1 insertion(+)
diff --git a/Documentation/admin-guide/LSM/landlock.rst b/Documentation/admin-guide/LSM/landlock.rst
index 314052bbeb0a..8eb85c9381ff 100644
--- a/Documentation/admin-guide/LSM/landlock.rst
+++ b/Documentation/admin-guide/LSM/landlock.rst
@@ -52,6 +52,7 @@ AUDIT_LANDLOCK_ACCESS
- fs.refer (ABI 2+)
- fs.truncate (ABI 3+)
- fs.ioctl_dev (ABI 5+)
+ - fs.resolve_unix (ABI 9+)
**net.*** - Network access rights (ABI 4+):
- net.bind_tcp - TCP port binding was denied
base-commit: ab9de95c9cf952332ab79453b4b5d1bfca8e514f
--
2.43.0
More information about the Linux-security-module-archive
mailing list