I agree with Mickaël's comment: this seems like an important fix. Mostly for completeness: I played with the "socket type" patch set in a "TCP server" example, where *all* possible operations are restricted with Landlock, including the ones from the "socket type" patch set V2 with the little fix we discussed. - socket() - bind() - enforce a landlock ruleset restricting: - file system access - all TCP bind and connect - socket creation - listen() - accept()
