sys/linux: add Landlock UDP access rigths

l0kod · a-nogikh · commit cfdae68cf674 · 2026-01-23T08:40:19.000Z
Add the new LANDLOCK_ACCESS_NET_BIND_UDP,
LANDLOCK_ACCESS_NET_CONNECT_UDP, and LANDLOCK_ACCESS_NET_SENDTO_UDP
access rights.

Signed-off-by: Mickaël Salaün &lt;mic@digikod.net&gt;
diff --git a/sys/linux/landlock.txt b/sys/linux/landlock.txt
@@ -38,6 +38,6 @@ landlock_restrict_self_flags = LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF, LANDLOC
 
 landlock_access_fs_flags = LANDLOCK_ACCESS_FS_EXECUTE, LANDLOCK_ACCESS_FS_WRITE_FILE, LANDLOCK_ACCESS_FS_READ_FILE, LANDLOCK_ACCESS_FS_READ_DIR, LANDLOCK_ACCESS_FS_REMOVE_DIR, LANDLOCK_ACCESS_FS_REMOVE_FILE, LANDLOCK_ACCESS_FS_MAKE_CHAR, LANDLOCK_ACCESS_FS_MAKE_DIR, LANDLOCK_ACCESS_FS_MAKE_REG, LANDLOCK_ACCESS_FS_MAKE_SOCK, LANDLOCK_ACCESS_FS_MAKE_FIFO, LANDLOCK_ACCESS_FS_MAKE_BLOCK, LANDLOCK_ACCESS_FS_MAKE_SYM, LANDLOCK_ACCESS_FS_REFER, LANDLOCK_ACCESS_FS_TRUNCATE, LANDLOCK_ACCESS_FS_IOCTL_DEV
 
-landlock_access_net_flags = LANDLOCK_ACCESS_NET_BIND_TCP, LANDLOCK_ACCESS_NET_CONNECT_TCP
+landlock_access_net_flags = LANDLOCK_ACCESS_NET_BIND_TCP, LANDLOCK_ACCESS_NET_CONNECT_TCP, LANDLOCK_ACCESS_NET_BIND_UDP, LANDLOCK_ACCESS_NET_CONNECT_UDP, LANDLOCK_ACCESS_NET_SENDTO_UDP
 
 landlock_scope_flags = LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET, LANDLOCK_SCOPE_SIGNAL, LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
diff --git a/sys/linux/landlock.txt.const b/sys/linux/landlock.txt.const
@@ -17,7 +17,10 @@ LANDLOCK_ACCESS_FS_REMOVE_FILE = 32
 LANDLOCK_ACCESS_FS_TRUNCATE = 16384
 LANDLOCK_ACCESS_FS_WRITE_FILE = 2
 LANDLOCK_ACCESS_NET_BIND_TCP = 1
+LANDLOCK_ACCESS_NET_BIND_UDP = 4
 LANDLOCK_ACCESS_NET_CONNECT_TCP = 2
+LANDLOCK_ACCESS_NET_CONNECT_UDP = 8
+LANDLOCK_ACCESS_NET_SENDTO_UDP = 16
 LANDLOCK_CREATE_RULESET_ERRATA = 2
 LANDLOCK_CREATE_RULESET_VERSION = 1
 LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON = 2
