Re: [RFC PATCH v3 0/8] landlock: Add UDP access control support
From: Günther Noack <hidden>
Date: 2026-01-11 21:23:25
Also in:
linux-security-module
Hello Matthieu! On Fri, Dec 12, 2025 at 05:36:56PM +0100, Matthieu Buffet wrote:
Here is v3 of UDP support for Landlock. My apologies for the delay, I've had to deal with unrelated problems. All feedback from v1/v2 should be merged, thanks again for taking the time to review them.
Good to see the patch again. :) Apologies for review delay as well. There are many Landlock reviews in flight at the moment, it might take some time to catch up with all of them. FYI: In [1], I have been sending a patch for controlling UNIX socket lookup, which is restricting connect() and sendmsg() operations for UNIX domain sockets of types SOCK_STREAM, SOCK_DGRAM and SOCK_SEQPACKET. I am bringing it up because it feels that the semantics for the UDP and UNIX datagram access rights hook in similar places and therefore should work similarly? In the current UNIX socket patch set (v2), there is only one Landlock access right which controls both connect() and sendmsg() when they are done on a UNIX datagram socket. This feels natural to be, because you can reach the same recipient address whether that is done with connect() or with sendmsg()...? (Was there a previous discussion where it was decided that these should be two different access rights for UDP sockets and UNIX dgram sockets?) [1] https://lore.kernel.org/all/20260101134102.25938-1-gnoack3000@gmail.com/ (local) Thanks, –Günther