Comment by razighter777

Comment by razighter777 3 days ago

0 replies

View on Hacker News

There's always a lot of caution and review that goes into a new syscall feature, because once you add a feature, there's no takebacks. All the libraries downstream from landlock rely on the kernel API being good.

There is an ongoing patch series for udp and another one for general socket control.

You can read about it on the linux-security-module mailing list.

Basically UDP is harder to hook into because it's a connectionless protocol. So bind and connect don't really work the same way.

https://lore.kernel.org/all/20241214184540.3835222-1-matthie...

https://lore.kernel.org/linux-security-module/20251118134639...