container: optionally isolate host abstract UNIX domain sockets via landlock

internal/app/app_pd_linux_test.go

@@ -62,6 +62,7 @@ var testCasesPd = []sealTestCase{
 				Remount(m("/"), syscall.MS_RDONLY),
 			SeccompPresets: seccomp.PresetExt | seccomp.PresetDenyDevel,
 			HostNet:        true,
+			HostAbstract:   true,
 			RetainSession:  true,
 			ForwardCancel:  true,
 		},
@@ -203,6 +204,7 @@ var testCasesPd = []sealTestCase{
 				Remount(m("/"), syscall.MS_RDONLY),
 			SeccompPresets: seccomp.PresetExt | seccomp.PresetDenyDevel,
 			HostNet:        true,
+			HostAbstract:   true,
 			RetainSession:  true,
 			ForwardCancel:  true,
 		},