From: Mikhail Ivanov > Sent: 31 October 2024 16:22 > > On 10/18/2024 9:08 PM, Mickaël Salaün wrote: > > On Thu, Oct 17, 2024 at 02:59:48PM +0200, Matthieu Baerts wrote: > >> Hi Mikhail and Landlock maintainers, > >> > >> +cc MPTCP list. > > > > Thanks, we should include this list in the next series. > > > >> > >> On 17/10/2024 13:04, Mikhail Ivanov wrote: > >>> Do not check TCP access right if socket protocol is not IPPROTO_TCP. > >>> LANDLOCK_ACCESS_NET_BIND_TCP and LANDLOCK_ACCESS_NET_CONNECT_TCP > >>> should not restrict bind(2) and connect(2) for non-TCP protocols > >>> (SCTP, MPTCP, SMC). I suspect you should check all IP protocols. After all if TCP is banned why should SCTP be allowed? Maybe you should have a different (probably more severe) restriction on SCTP. You'd also need to look at the socket options used to add additional local and remote IP addresses to a connect attempt. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
