Daniel Bernstein has observed that security-conscious unprivileged userland processes may benefit from the ability to irrevocably remove their ability to create, bind, connect to, or send messages to non-AF_UNIX sockets.
This patch defines a 'long sys_disablenetwork(void)' syscall and implements it in an LSM in order to avoid modifying the definition of 'struct task_struct'.
Some review of this LSM took place and several improvements were suggested:
- consider whether to enable localhost-IP connections for improved compatibility with portable software
- consider whether to disable the abstract namespace of Unix sockets (or to enter a fresh namespace) since Unix DAC is not available to control access to such sockets
- rewrite for recent kernels (which removed the modularity of the LSM framework)
- consider non-syscall APIs.