[PATCH 0/2] Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX

[PATCH 0/2] Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX

[Günther Noack]

This documents the LANDLOCK_ACCESS_FS_RESOLVE_UNIX feature,
introduced in the upcoming Linux 7.1 (Landlock ABI v9).

The first patch in this series fixes documentation for pre-existing
functionality and can be picked up directly.  The second patch should
wait until Linux 7.1 is released, but I'd like to send it for review
on time.

–Günther

Günther Noack (2):
  man/man7/landlock.7: Adapt compatibility in code example to ABI v8
  man/man7/landlock.7: Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX (ABI v9)

 man/man7/landlock.7 | 53 +++++++++++++++++++++++++++++++++++++++------
 1 file changed, 46 insertions(+), 7 deletions(-)

-- 
2.54.0

[PATCH 1/2] man/man7/landlock.7: Adapt compatibility in code example to ABI v8

[Günther Noack]

* Bring the code example up to speed with Landlock ABI v8
* Use the correct ABI level in the MIN() macro

Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
 man/man7/landlock.7 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
index 06910ccab5b1..0e3a11489af2 100644
--- a/man/man7/landlock.7
+++ b/man/man7/landlock.7
@@ -583,6 +583,9 @@ __u64 landlock_fs_access_rights[] = {
     (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v3: add "truncate"  */
     (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v4: TCP support     */
     (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v5: add "ioctl_dev" */
+    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v6: same            */
+    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v7: same            */
+    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v8: same            */
 };
 \&
 int abi = landlock_create_ruleset(NULL, 0,
@@ -595,7 +598,7 @@ if (abi == \-1) {
     perror("Unable to use Landlock");
     return;  /* Graceful fallback: Do nothing.  */
 }
-abi = MIN(abi, 3);
+abi = MIN(abi, 8);
 \&
 /* Only use the available rights in the ruleset.  */
 attr.handled_access_fs &= landlock_fs_access_rights[abi \- 1];
-- 
2.54.0

[PATCH 2/2] man/man7/landlock.7: Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX (ABI v9)

[Günther Noack]

Document the new LANDLOCK_ACCESS_FS_RESOLVE_UNIX filesystem access right,
which controls lookups of pathname UNIX domain sockets.  Restricts both
connect(2) and sendmsg(2) with an explicit recipient address to UNIX
sockets created outside the Landlock domain (same semantics as
LANDLOCK_SCOPE_* flags).  Denied attempts return EACCES.

Available since Linux 7.1 (Landlock ABI version 9).

Signed-off-by: Günther Noack <gnoack3000@gmail.com>
---
 man/man7/landlock.7 | 56 +++++++++++++++++++++++++++++++++++++--------
 1 file changed, 46 insertions(+), 10 deletions(-)

diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
index 0e3a11489af2..d0d9c720bfaf 100644
--- a/man/man7/landlock.7
+++ b/man/man7/landlock.7
@@ -139,6 +139,38 @@ whose implementations are safe and return the right error codes
 .RE
 .IP
 This access right is available since the fifth version of the Landlock ABI.
+.TP
+.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
+Look up pathname UNIX
+domain sockets
+.RB ( unix (7)).
+On UNIX domain sockets,
+this restricts both calls to
+.BR connect (2)
+and
+.BR sendmsg (2)
+with an explicit recipient address.
+.IP
+This access right only applies to connections to UNIX server sockets
+which were created outside the newly created Landlock domain
+(e.g., from within a parent domain or from an unrestricted process).
+Newly created UNIX servers
+within the same Landlock domain
+continue to be accessible.
+In this regard,
+.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
+has the same semantics as the
+.B LANDLOCK_SCOPE_*
+flags.
+.IP
+If a resolve attempt is denied,
+the operation returns an
+.B EACCES
+error,
+in line with other filesystem access rights
+(but different to denials for abstract UNIX domain sockets).
+.IP
+This access right is available since the ninth version of the Landlock ABI.
 .P
 Whether an opened file can be truncated with
 .BR ftruncate (2)
@@ -478,6 +510,8 @@ _	_	_
 \^	\^	LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
 _	_	_
 8	7.0	LANDLOCK_RESTRICT_SELF_TSYNC
+_	_	_
+9	7.1	LANDLOCK_ACCESS_FS_RESOLVE_UNIX
 .TE
 .P
 Users should use the Landlock ABI version rather than the kernel version
@@ -563,7 +597,8 @@ attr.handled_access_fs =
         LANDLOCK_ACCESS_FS_MAKE_SYM |
         LANDLOCK_ACCESS_FS_REFER |
         LANDLOCK_ACCESS_FS_TRUNCATE |
-        LANDLOCK_ACCESS_FS_IOCTL_DEV;
+        LANDLOCK_ACCESS_FS_IOCTL_DEV |
+        LANDLOCK_ACCESS_FS_RESOLVE_UNIX;
 .EE
 .in
 .P
@@ -578,14 +613,15 @@ and only use the available subset of access rights:
  * numbers hardcoded to keep the example short.
  */
 __u64 landlock_fs_access_rights[] = {
-    (LANDLOCK_ACCESS_FS_MAKE_SYM  << 1) \- 1,  /* v1                  */
-    (LANDLOCK_ACCESS_FS_REFER     << 1) \- 1,  /* v2: add "refer"     */
-    (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v3: add "truncate"  */
-    (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v4: TCP support     */
-    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v5: add "ioctl_dev" */
-    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v6: same            */
-    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v7: same            */
-    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v8: same            */
+    (LANDLOCK_ACCESS_FS_MAKE_SYM     << 1) \- 1,  /* v1                     */
+    (LANDLOCK_ACCESS_FS_REFER        << 1) \- 1,  /* v2: add "refer"        */
+    (LANDLOCK_ACCESS_FS_TRUNCATE     << 1) \- 1,  /* v3: add "truncate"     */
+    (LANDLOCK_ACCESS_FS_TRUNCATE     << 1) \- 1,  /* v4: TCP support        */
+    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v5: add "ioctl_dev"    */
+    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v6: same               */
+    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v7: same               */
+    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v8: same               */
+    (LANDLOCK_ACCESS_FS_RESOLVE_UNIX << 1) \- 1,  /* v9: add "resolve_unix" */
 };
 \&
 int abi = landlock_create_ruleset(NULL, 0,
@@ -598,7 +634,7 @@ if (abi == \-1) {
     perror("Unable to use Landlock");
     return;  /* Graceful fallback: Do nothing.  */
 }
-abi = MIN(abi, 8);
+abi = MIN(abi, 9);
 \&
 /* Only use the available rights in the ruleset.  */
 attr.handled_access_fs &= landlock_fs_access_rights[abi \- 1];
-- 
2.54.0

Re: [PATCH 1/2] man/man7/landlock.7: Adapt compatibility in code example to ABI v8

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 1531 bytes --]

Hi Günther!

On 2026-05-14T09:04:16+0200, Günther Noack wrote:
> * Bring the code example up to speed with Landlock ABI v8
> * Use the correct ABI level in the MIN() macro
> 
> Signed-off-by: Günther Noack <gnoack3000@gmail.com>

Thanks!  I've applied the patch.


Have a lovely day!
Alex

> ---
>  man/man7/landlock.7 | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
> index 06910ccab5b1..0e3a11489af2 100644
> --- a/man/man7/landlock.7
> +++ b/man/man7/landlock.7
> @@ -583,6 +583,9 @@ __u64 landlock_fs_access_rights[] = {
>      (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v3: add "truncate"  */
>      (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v4: TCP support     */
>      (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v5: add "ioctl_dev" */
> +    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v6: same            */
> +    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v7: same            */
> +    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v8: same            */
>  };
>  \&
>  int abi = landlock_create_ruleset(NULL, 0,
> @@ -595,7 +598,7 @@ if (abi == \-1) {
>      perror("Unable to use Landlock");
>      return;  /* Graceful fallback: Do nothing.  */
>  }
> -abi = MIN(abi, 3);
> +abi = MIN(abi, 8);
>  \&
>  /* Only use the available rights in the ruleset.  */
>  attr.handled_access_fs &= landlock_fs_access_rights[abi \- 1];
> -- 
> 2.54.0
> 

-- 
<https://www.alejandro-colomar.es>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH 2/2] man/man7/landlock.7: Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX (ABI v9)

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 5214 bytes --]

Hi Günther,

On 2026-05-14T09:04:17+0200, Günther Noack wrote:
> Document the new LANDLOCK_ACCESS_FS_RESOLVE_UNIX filesystem access right,
> which controls lookups of pathname UNIX domain sockets.  Restricts both
> connect(2) and sendmsg(2) with an explicit recipient address to UNIX
> sockets created outside the Landlock domain (same semantics as
> LANDLOCK_SCOPE_* flags).  Denied attempts return EACCES.
> 
> Available since Linux 7.1 (Landlock ABI version 9).
> 
> Signed-off-by: Günther Noack <gnoack3000@gmail.com>
> ---
>  man/man7/landlock.7 | 56 +++++++++++++++++++++++++++++++++++++--------
>  1 file changed, 46 insertions(+), 10 deletions(-)
> 
> diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
> index 0e3a11489af2..d0d9c720bfaf 100644
> --- a/man/man7/landlock.7
> +++ b/man/man7/landlock.7
> @@ -139,6 +139,38 @@ whose implementations are safe and return the right error codes
>  .RE
>  .IP
>  This access right is available since the fifth version of the Landlock ABI.
> +.TP
> +.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
> +Look up pathname UNIX
> +domain sockets
> +.RB ( unix (7)).
> +On UNIX domain sockets,
> +this restricts both calls to
> +.BR connect (2)
> +and
> +.BR sendmsg (2)
> +with an explicit recipient address.
> +.IP
> +This access right only applies to connections to UNIX server sockets

s/only applies/applies only/

> +which were created outside the newly created Landlock domain
> +(e.g., from within a parent domain or from an unrestricted process).
> +Newly created UNIX servers
> +within the same Landlock domain
> +continue to be accessible.
> +In this regard,
> +.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
> +has the same semantics as the
> +.B LANDLOCK_SCOPE_*

* is variable part, so it should be in italics:

	.BI LANDLOCK_SCOPE_ *

> +flags.
> +.IP
> +If a resolve attempt is denied,

'resolve attempt' seems weird.  Should this be 'resolution attempt'?

> +the operation returns an
> +.B EACCES
> +error,
> +in line with other filesystem access rights
> +(but different to denials for abstract UNIX domain sockets).
> +.IP
> +This access right is available since the ninth version of the Landlock ABI.

I see this is consistent with the rest of the page, but we should change
all of these to use cardinals instead of ordinals (and in digits, not
letters).

>  .P
>  Whether an opened file can be truncated with
>  .BR ftruncate (2)
> @@ -478,6 +510,8 @@ _	_	_
>  \^	\^	LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
>  _	_	_
>  8	7.0	LANDLOCK_RESTRICT_SELF_TSYNC
> +_	_	_
> +9	7.1	LANDLOCK_ACCESS_FS_RESOLVE_UNIX
>  .TE
>  .P
>  Users should use the Landlock ABI version rather than the kernel version
> @@ -563,7 +597,8 @@ attr.handled_access_fs =
>          LANDLOCK_ACCESS_FS_MAKE_SYM |
>          LANDLOCK_ACCESS_FS_REFER |
>          LANDLOCK_ACCESS_FS_TRUNCATE |
> -        LANDLOCK_ACCESS_FS_IOCTL_DEV;
> +        LANDLOCK_ACCESS_FS_IOCTL_DEV |
> +        LANDLOCK_ACCESS_FS_RESOLVE_UNIX;
>  .EE
>  .in
>  .P
> @@ -578,14 +613,15 @@ and only use the available subset of access rights:
>   * numbers hardcoded to keep the example short.
>   */
>  __u64 landlock_fs_access_rights[] = {
> -    (LANDLOCK_ACCESS_FS_MAKE_SYM  << 1) \- 1,  /* v1                  */
> -    (LANDLOCK_ACCESS_FS_REFER     << 1) \- 1,  /* v2: add "refer"     */
> -    (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v3: add "truncate"  */
> -    (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v4: TCP support     */
> -    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v5: add "ioctl_dev" */
> -    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v6: same            */
> -    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v7: same            */
> -    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v8: same            */
> +    (LANDLOCK_ACCESS_FS_MAKE_SYM     << 1) \- 1,  /* v1                     */
> +    (LANDLOCK_ACCESS_FS_REFER        << 1) \- 1,  /* v2: add "refer"        */
> +    (LANDLOCK_ACCESS_FS_TRUNCATE     << 1) \- 1,  /* v3: add "truncate"     */
> +    (LANDLOCK_ACCESS_FS_TRUNCATE     << 1) \- 1,  /* v4: TCP support        */
> +    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v5: add "ioctl_dev"    */
> +    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v6: same               */
> +    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v7: same               */
> +    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v8: same               */
> +    (LANDLOCK_ACCESS_FS_RESOLVE_UNIX << 1) \- 1,  /* v9: add "resolve_unix" */

We should probably use C99 comments (//), to reduce the width, and
alignment issues.

Feel free to send formatting patches for these side issues.


Cheers,
Alex

>  };
>  \&
>  int abi = landlock_create_ruleset(NULL, 0,
> @@ -598,7 +634,7 @@ if (abi == \-1) {
>      perror("Unable to use Landlock");
>      return;  /* Graceful fallback: Do nothing.  */
>  }
> -abi = MIN(abi, 8);
> +abi = MIN(abi, 9);
>  \&
>  /* Only use the available rights in the ruleset.  */
>  attr.handled_access_fs &= landlock_fs_access_rights[abi \- 1];
> -- 
> 2.54.0
> 
> 

-- 
<https://www.alejandro-colomar.es>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH 2/2] man/man7/landlock.7: Document LANDLOCK_ACCESS_FS_RESOLVE_UNIX (ABI v9)

[Günther Noack]

Hello Alejandro,

On Thu, May 14, 2026 at 02:21:14PM +0200, Alejandro Colomar wrote:
> On 2026-05-14T09:04:17+0200, Günther Noack wrote:
> > Document the new LANDLOCK_ACCESS_FS_RESOLVE_UNIX filesystem access right,
> > which controls lookups of pathname UNIX domain sockets.  Restricts both
> > connect(2) and sendmsg(2) with an explicit recipient address to UNIX
> > sockets created outside the Landlock domain (same semantics as
> > LANDLOCK_SCOPE_* flags).  Denied attempts return EACCES.
> > 
> > Available since Linux 7.1 (Landlock ABI version 9).
> > 
> > Signed-off-by: Günther Noack <gnoack3000@gmail.com>
> > ---
> >  man/man7/landlock.7 | 56 +++++++++++++++++++++++++++++++++++++--------
> >  1 file changed, 46 insertions(+), 10 deletions(-)
> > 
> > diff --git a/man/man7/landlock.7 b/man/man7/landlock.7
> > index 0e3a11489af2..d0d9c720bfaf 100644
> > --- a/man/man7/landlock.7
> > +++ b/man/man7/landlock.7
> > @@ -139,6 +139,38 @@ whose implementations are safe and return the right error codes
> >  .RE
> >  .IP
> >  This access right is available since the fifth version of the Landlock ABI.
> > +.TP
> > +.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
> > +Look up pathname UNIX
> > +domain sockets
> > +.RB ( unix (7)).
> > +On UNIX domain sockets,
> > +this restricts both calls to
> > +.BR connect (2)
> > +and
> > +.BR sendmsg (2)
> > +with an explicit recipient address.
> > +.IP
> > +This access right only applies to connections to UNIX server sockets
> 
> s/only applies/applies only/

Done, thanks!

I should pay more attention to that,
it might be a German-ism to mix that up.


> > +which were created outside the newly created Landlock domain
> > +(e.g., from within a parent domain or from an unrestricted process).
> > +Newly created UNIX servers
> > +within the same Landlock domain
> > +continue to be accessible.
> > +In this regard,
> > +.B LANDLOCK_ACCESS_FS_RESOLVE_UNIX
> > +has the same semantics as the
> > +.B LANDLOCK_SCOPE_*
> 
> * is variable part, so it should be in italics:
> 
> 	.BI LANDLOCK_SCOPE_ *

Done.

> > +flags.
> > +.IP
> > +If a resolve attempt is denied,
> 
> 'resolve attempt' seems weird.  Should this be 'resolution attempt'?

Good point, done.


> > +the operation returns an
> > +.B EACCES
> > +error,
> > +in line with other filesystem access rights
> > +(but different to denials for abstract UNIX domain sockets).
> > +.IP
> > +This access right is available since the ninth version of the Landlock ABI.
> 
> I see this is consistent with the rest of the page, but we should change
> all of these to use cardinals instead of ordinals (and in digits, not
> letters).

Done. I made it consistent with the landlock_restrict_self(2) man page
as well, where we have put these version indicators as shorter phrases
next to the tagged paragraph headlines of the affected flags.


> >  .P
> >  Whether an opened file can be truncated with
> >  .BR ftruncate (2)
> > @@ -478,6 +510,8 @@ _	_	_
> >  \^	\^	LANDLOCK_RESTRICT_SELF_LOG_SUBDOMAINS_OFF
> >  _	_	_
> >  8	7.0	LANDLOCK_RESTRICT_SELF_TSYNC
> > +_	_	_
> > +9	7.1	LANDLOCK_ACCESS_FS_RESOLVE_UNIX
> >  .TE
> >  .P
> >  Users should use the Landlock ABI version rather than the kernel version
> > @@ -563,7 +597,8 @@ attr.handled_access_fs =
> >          LANDLOCK_ACCESS_FS_MAKE_SYM |
> >          LANDLOCK_ACCESS_FS_REFER |
> >          LANDLOCK_ACCESS_FS_TRUNCATE |
> > -        LANDLOCK_ACCESS_FS_IOCTL_DEV;
> > +        LANDLOCK_ACCESS_FS_IOCTL_DEV |
> > +        LANDLOCK_ACCESS_FS_RESOLVE_UNIX;
> >  .EE
> >  .in
> >  .P
> > @@ -578,14 +613,15 @@ and only use the available subset of access rights:
> >   * numbers hardcoded to keep the example short.
> >   */
> >  __u64 landlock_fs_access_rights[] = {
> > -    (LANDLOCK_ACCESS_FS_MAKE_SYM  << 1) \- 1,  /* v1                  */
> > -    (LANDLOCK_ACCESS_FS_REFER     << 1) \- 1,  /* v2: add "refer"     */
> > -    (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v3: add "truncate"  */
> > -    (LANDLOCK_ACCESS_FS_TRUNCATE  << 1) \- 1,  /* v4: TCP support     */
> > -    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v5: add "ioctl_dev" */
> > -    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v6: same            */
> > -    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v7: same            */
> > -    (LANDLOCK_ACCESS_FS_IOCTL_DEV << 1) \- 1,  /* v8: same            */
> > +    (LANDLOCK_ACCESS_FS_MAKE_SYM     << 1) \- 1,  /* v1                     */
> > +    (LANDLOCK_ACCESS_FS_REFER        << 1) \- 1,  /* v2: add "refer"        */
> > +    (LANDLOCK_ACCESS_FS_TRUNCATE     << 1) \- 1,  /* v3: add "truncate"     */
> > +    (LANDLOCK_ACCESS_FS_TRUNCATE     << 1) \- 1,  /* v4: TCP support        */
> > +    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v5: add "ioctl_dev"    */
> > +    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v6: same               */
> > +    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v7: same               */
> > +    (LANDLOCK_ACCESS_FS_IOCTL_DEV    << 1) \- 1,  /* v8: same               */
> > +    (LANDLOCK_ACCESS_FS_RESOLVE_UNIX << 1) \- 1,  /* v9: add "resolve_unix" */
> 
> We should probably use C99 comments (//), to reduce the width, and
> alignment issues.

Good idea, done.


> Feel free to send formatting patches for these side issues.

I split it up a bit, so that the fixes independent of the new feature
can go separately; see
https://lore.kernel.org/all/20260515165753.8830-1-gnoack3000@gmail.com/

Thanks for the review!
–Günther