Landlock.Scope Enum
IPC isolation flags handled by a Landlock ruleset. Pass these as the scope
argument of CreateRuleset. Scopes are
all-or-nothing — there are no per-resource rules for them. Available from ABI 6
(kernel 6.12+).
Definition
Namespace: Sandbox
public enum Scope
Remarks
Scopes block inbound IPC that crosses the sandbox boundary. Unlike filesystem and network rights, they take no rules — declaring a scope isolates the domain outright. On kernels older than ABI 6 these flags are silently dropped by the binding (see ABI versions). For the precise semantics, see the "Scope flags" section of landlock(7).
Fields
| Value | Description |
|---|---|
ABSTRACT_UNIX_SOCKET |
Block inbound connections over abstract UNIX domain sockets from outside the sandbox. |
SIGNAL |
Block inbound signals sent from outside the sandbox. |
ABSTRACT_UNIX_SOCKET
Block connections to abstract UNIX domain sockets coming from outside the
domain (LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET). Min ABI 6 (kernel 6.12).
SIGNAL
Block signals sent to the domain from processes outside it
(LANDLOCK_SCOPE_SIGNAL). Min ABI 6 (kernel 6.12).
Applies to
Sandbox.dll — Linux only (x86-64, kernel ≥ 6.12 for scopes). See the scopes guide.