Welcome to the Linux Foundation Forum!

How to disable abstract sockets

fomton843 Posts: 1
edited December 2022 in Kernel Development

I am looking for a way to disable abstract sockets as part of the default network namespace of the kernel.

The objective is to create an environment where effective sandboxing of userspace processes can take place, but since abstract sockets cannot be blocked in the file system, the only way to disable them is to create a new empty namespace. For applications that need network access, this isn't feasible and the only workarounds I am aware of are hacks that add existing interfaces to the new namespace, which requires root permissions however.

In order to isolate abstract sockets, I am looking for a way to disable them completely through a kernel runtime switch or possibly through a compile flag. Ideally this could be done in the context of a process?

Does anything like this actually exist?


Upcoming Training