Re: [PATCH v3 2/6] landlock: Implement LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET

["Günther Noack" <gnoack3000@gmail.com>]

On Tue, Feb 03, 2026 at 11:12:29PM +0000, Tingmao Wang wrote:
> Extend the existing abstract UNIX socket scoping to pathname sockets as
> well.  Basically all of the logic is reused between the two types, just
> that pathname sockets scoping are controlled by another bit, and has its
> own audit request type (since the current one is named
> "abstract_unix_socket").
> 
> Closes: https://github.com/landlock-lsm/linux/issues/51
> Signed-off-by: Tingmao Wang <m@maowtm.org>

A note in the context of this patch that occurred to me; While I was
discussing in my head which access bit should be introduced first [1].
I realized that if the LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET were to be
introduced first, this might be at odds with our other plans where we
do both the scope and path check in the same hook [2].  The scope
check may be difficult to move once we have started doing the check in
the other LSM hook, because there are other error conditions in
between the hooks.  That only makes a difference when connect()/send()
is denied - if we do the scope check in the new introduced
unix_find_bsd hook in the future, then some erroring connect()/send()
operations may return Landlock's error code instead of another one in
some cases.

If it is not possible to move the check into the other hook, we might
then in the end have to hook into both LSM hooks and carry information
between them, once the other patch set lands.  But the implementation
will be harder.

[1] https://lore.kernel.org/all/20260205.8531e4005118@gnoack.org/
[2] https://lore.kernel.org/all/aYMenaSmBkAsFowd@google.com/

–Günther