As remarked by @thejh in https://lore.kernel.org/linux-security-module/CAG48ez3NvVnonOqKH4oRwRqbSOLO0p9djBqgvxVwn6gtGQBPcw@mail.gmail.com/ -- establishing a connection to a named Unix Domain Socket is done through connect(2), passing the filename in the struct sockaddr, and that is not covered by Landlock's file system control. It would be nice if such connections could be restricted by file path, because the file path is how such services are identified.
(Remark, a much coarser control to forbid Unix Domain Socket connections will be possible with https://github.com/landlock-lsm/linux/issues/6 once these patches are in, but that is by socket type, not by file path.)
As remarked by @thejh in https://lore.kernel.org/linux-security-module/CAG48ez3NvVnonOqKH4oRwRqbSOLO0p9djBqgvxVwn6gtGQBPcw@mail.gmail.com/ -- establishing a connection to a named Unix Domain Socket is done through connect(2), passing the filename in the
struct sockaddr
, and that is not covered by Landlock's file system control. It would be nice if such connections could be restricted by file path, because the file path is how such services are identified.(Remark, a much coarser control to forbid Unix Domain Socket connections will be possible with https://github.com/landlock-lsm/linux/issues/6 once these patches are in, but that is by socket type, not by file path.)