Hello Günther!

On Wed, Feb 26, 2025 at 08:52:03PM +0000, Günther Noack wrote:

quoted

quoted

quoted

+    not stem from the same or a nested Landlock domain.

This could be read such that send(2) is replaced by connect(2) on a
non-connected datagram socket.  But you want to say that a connect(2)
is implicitly executed before the actual send(2) (which is still
executed, if connect(2) succeeds).

Thanks, that can indeed be misunderstood.

quoted

How about this wording?

	If send(2) is used on a non-connected datagram socket, an
	implicit connect(2) is executed first, and will be blocked when
	the remote end does not ....

I think this would be misleading as well, because the send(2) on the
non-connected datagram socket does *not* actually perform an implicit
connect(2).  (If it were doing that, the socket would be connected afterwards,
but it isn't.)  But we *do* initiate a communication with a previously unknown
remote address, just like connect(2), so we enforce the same Landlock policy as
for connect(2).

Agreed.

(Remark, connected datagram sockets sound absurd, because there is no connection
at the network layer. On datagram sockets, connect(2) only fixes the destination
address so that it can be omitted in subsequent send(2) calls.).

Rewording it to:

  A sendto(2) on a non-connected datagram socket is treated as if
  it were doing an implicit connect(2) and will be blocked if the
  remote end does not stem from the same or a nested Landlock domain.

Sounds good.

(P.S. I also replaced send(2) with sendto(2), which is a bit more appropriate in
the middle paragraph - you can not actually pass the destination address with
send(2), that only works with sendto(2).  I replaced it in the third paragraph
as well for consistency. It still makes sense IMHO considering that send(2) is a
special case of sendto(2).)

Yep, that sounds great.  Thanks!


Cheers,
Alex

-- 
<https://www.alejandro-colomar.es/>