On Tue, Jun 11, 2024 at 10:19:20AM +0200, Mickaël Salaün wrote:

On Tue, Jun 11, 2024 at 12:27:58AM +0200, Jann Horn wrote:

quoted

This reminds me - from what I remember, Landlock also doesn't restrict
access to filesystem-based unix sockets yet... I'm I'm right about
that, we should probably at some point add code at some point to
restrict that as part of the path-based filesystem access rules? (But
to be clear, I'm not saying I expect you to do that as part of your
patch, just commenting for context.)

Yes, I totally agree.  For now, unix socket binding requires to create
the LANDLOCK_ACCESS_FS_MAKE_SOCK right, but connecting to an existing
socket is not controlled.  The abstract unix socket scoping is
orthogonal and extends Landlock with unix socket LSM hooks, which are
required to extend the "filesystem" access rights to control path-based
unix socket.

Thanks for the reminder, Jann!  I filed it as
https://github.com/landlock-lsm/linux/issues/36.

–Günther