From cfdae68cf674e793b812de543e4a64a35deda2dd Mon Sep 17 00:00:00 2001
From: Mickaël Salaün <mic@digikod.net>
Date: Thu, 22 Jan 2026 16:23:19 +0100
Subject: sys/linux: add Landlock UDP access rigths
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add the new LANDLOCK_ACCESS_NET_BIND_UDP,
LANDLOCK_ACCESS_NET_CONNECT_UDP, and LANDLOCK_ACCESS_NET_SENDTO_UDP
access rights.

Signed-off-by: Mickaël Salaün <mic@digikod.net>
---
 sys/linux/landlock.txt       | 2 +-
 sys/linux/landlock.txt.const | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

(limited to 'sys')

diff --git a/sys/linux/landlock.txt b/sys/linux/landlock.txt
index baeb308fc..abde9c3d3 100644
--- a/sys/linux/landlock.txt
+++ b/sys/linux/landlock.txt
@@ -38,6 +38,6 @@ landlock_restrict_self_flags = LANDLOCK_RESTRICT_SELF_LOG_SAME_EXEC_OFF, LANDLOC
 
 landlock_access_fs_flags = LANDLOCK_ACCESS_FS_EXECUTE, LANDLOCK_ACCESS_FS_WRITE_FILE, LANDLOCK_ACCESS_FS_READ_FILE, LANDLOCK_ACCESS_FS_READ_DIR, LANDLOCK_ACCESS_FS_REMOVE_DIR, LANDLOCK_ACCESS_FS_REMOVE_FILE, LANDLOCK_ACCESS_FS_MAKE_CHAR, LANDLOCK_ACCESS_FS_MAKE_DIR, LANDLOCK_ACCESS_FS_MAKE_REG, LANDLOCK_ACCESS_FS_MAKE_SOCK, LANDLOCK_ACCESS_FS_MAKE_FIFO, LANDLOCK_ACCESS_FS_MAKE_BLOCK, LANDLOCK_ACCESS_FS_MAKE_SYM, LANDLOCK_ACCESS_FS_REFER, LANDLOCK_ACCESS_FS_TRUNCATE, LANDLOCK_ACCESS_FS_IOCTL_DEV
 
-landlock_access_net_flags = LANDLOCK_ACCESS_NET_BIND_TCP, LANDLOCK_ACCESS_NET_CONNECT_TCP
+landlock_access_net_flags = LANDLOCK_ACCESS_NET_BIND_TCP, LANDLOCK_ACCESS_NET_CONNECT_TCP, LANDLOCK_ACCESS_NET_BIND_UDP, LANDLOCK_ACCESS_NET_CONNECT_UDP, LANDLOCK_ACCESS_NET_SENDTO_UDP
 
 landlock_scope_flags = LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET, LANDLOCK_SCOPE_SIGNAL, LANDLOCK_SCOPE_PATHNAME_UNIX_SOCKET
diff --git a/sys/linux/landlock.txt.const b/sys/linux/landlock.txt.const
index 6f0a8d6d1..9334e5987 100644
--- a/sys/linux/landlock.txt.const
+++ b/sys/linux/landlock.txt.const
@@ -17,7 +17,10 @@ LANDLOCK_ACCESS_FS_REMOVE_FILE = 32
 LANDLOCK_ACCESS_FS_TRUNCATE = 16384
 LANDLOCK_ACCESS_FS_WRITE_FILE = 2
 LANDLOCK_ACCESS_NET_BIND_TCP = 1
+LANDLOCK_ACCESS_NET_BIND_UDP = 4
 LANDLOCK_ACCESS_NET_CONNECT_TCP = 2
+LANDLOCK_ACCESS_NET_CONNECT_UDP = 8
+LANDLOCK_ACCESS_NET_SENDTO_UDP = 16
 LANDLOCK_CREATE_RULESET_ERRATA = 2
 LANDLOCK_CREATE_RULESET_VERSION = 1
 LANDLOCK_RESTRICT_SELF_LOG_NEW_EXEC_ON = 2
-- 
cgit mrf-deployment