Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly
When using the recommended "best-effort" mode, Go-Landlock did not restrict the TCP bind() and connect() operations any more when they were requested. This affects Go-Landlock users to whom both of the following conditions apply: They use Landlock rulesets that are supposed to restrict networking (through landlock.V4, landlock.V5, or self-configured). These Landlock rulesets are used in best-effort mode. Typically, affected code uses the Go-Landlock API like this (the crucial part being …