CVE-2026-46057

In the Linux kernel, the following vulnerability has been resolved:

landlock: Fix LOG SUBDOMAINS OFF inheritance across fork()

hook cred transfer() only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlock restrict self() which can set LOG SUBDOMAINS OFF on a credential without creating a domain (via the ruleset fd=-1 path): the field is committed but not preserved across fork() because the child's prepare creds() calls hook cred transfer() which skips the copy when domain is NULL.

This breaks the documented use case where a process mutes subdomain logs before forking sandboxed children: the children lose the muting and their domains produce unexpected audit records.

Fix this by unconditionally copying the Landlock credential blob.