Re: [PATCH v4 0/7] landlock: Add UDP access control support

[Matthieu Buffet <matthieu@buffet.re>]

Hi Mickaël, Günther,

Thank you both for your reviews, I will follow up with these last fixes 
in a v5.

On 5/22/2026 11:08 PM, Mickaël Salaün wrote:
>> I'm just not super happy about the clarity of logs generated for denied
>> autobinds ("domain=xxxxxx blockers=net.bind_udp"), due to the fact that
>> addresses and ports are currently only logged if they are non-0. A later
>> (coordinated LSM-wide) patch could improve readability by replacing != 0
>> checks with new booleans in struct lsm_network_audit.
> 
> Do you plan to send such patch after this series?  I guess we could add
> has_{port,addr} fields to lsm_network_audit and handle AF_UNSPEC too?

I have not come up with anything better than adding boolean fields, so 
if you're in, I will draft a proposition along these lines (and cc: LSM 
subsystem maintainers to synchronize the change across LSMs, I guess)

>> I'm also not
>> exactly happy with the integration in existing TCP selftests, but
>> refactoring them has already been discussed earlier.
> 
> Can you remind us what was your concern and the potential fix?

Regarding TCP selftests, I was referencing that discussion about 
readability (length, and usage of conditionals in what are already test 
variants) :
https://lore.kernel.org/linux-security-module/22dcebae-dc5d-0bf1-c686-d2f444558106@huawei-partners.com/
Nothing blocking, refactoring can be done when things are less busy.

-- 
Matthieu