From: "Mickaël Salaün" <mic@digikod.net>
To: "Günther Noack" <gnoack@google.com>
Cc: linux-security-module@vger.kernel.org,
Jeff Xu <jeffxu@google.com>,
Jorge Lucangeli Obes <jorgelo@chromium.org>,
Allen Webb <allenwebb@google.com>,
Dmitry Torokhov <dtor@google.com>,
Paul Moore <paul@paul-moore.com>,
Konstantin Meskhidze <konstantin.meskhidze@huawei.com>,
Matt Bobrowski <repnop@google.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH v3 2/5] selftests/landlock: Test ioctl support
Date: Fri, 18 Aug 2023 19:06:07 +0200 [thread overview]
Message-ID: <20230818.HopaLahS0qua@digikod.net> (raw)
In-Reply-To: <20230814172816.3907299-3-gnoack@google.com>
On Mon, Aug 14, 2023 at 07:28:13PM +0200, Günther Noack wrote:
> Exercises Landlock's IOCTL feature: If the LANDLOCK_ACCESS_FS_IOCTL
> right is restricted, the use of IOCTL fails with a freshly opened
> file.
>
> Irrespective of the LANDLOCK_ACCESS_FS_IOCTL right, IOCTL continues to
> work with a selected set of known harmless IOCTL commands.
>
> Signed-off-by: Günther Noack <gnoack@google.com>
> ---
> tools/testing/selftests/landlock/fs_test.c | 96 +++++++++++++++++++++-
> 1 file changed, 93 insertions(+), 3 deletions(-)
>
> diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
> index 09dd1eaac8a9..456bd681091d 100644
> --- a/tools/testing/selftests/landlock/fs_test.c
> +++ b/tools/testing/selftests/landlock/fs_test.c
> @@ -3329,7 +3329,7 @@ TEST_F_FORK(layout1, truncate_unhandled)
> LANDLOCK_ACCESS_FS_WRITE_FILE;
> int ruleset_fd;
>
> - /* Enable Landlock. */
> + /* Enables Landlock. */
> ruleset_fd = create_ruleset(_metadata, handled, rules);
>
> ASSERT_LE(0, ruleset_fd);
> @@ -3412,7 +3412,7 @@ TEST_F_FORK(layout1, truncate)
> LANDLOCK_ACCESS_FS_TRUNCATE;
> int ruleset_fd;
>
> - /* Enable Landlock. */
> + /* Enables Landlock. */
> ruleset_fd = create_ruleset(_metadata, handled, rules);
>
> ASSERT_LE(0, ruleset_fd);
> @@ -3639,7 +3639,7 @@ TEST_F_FORK(ftruncate, open_and_ftruncate)
> };
> int fd, ruleset_fd;
>
> - /* Enable Landlock. */
> + /* Enables Landlock. */
> ruleset_fd = create_ruleset(_metadata, variant->handled, rules);
> ASSERT_LE(0, ruleset_fd);
> enforce_ruleset(_metadata, ruleset_fd);
> @@ -3732,6 +3732,96 @@ TEST(memfd_ftruncate)
> ASSERT_EQ(0, close(fd));
> }
We should also check with O_PATH to make sure the correct error is
returned (and not EACCES).
>
> +/* Invokes the FIOQSIZE ioctl(2) and returns its errno or 0. */
> +static int test_fioqsize_ioctl(int fd)
> +{
> + loff_t size;
> +
> + if (ioctl(fd, FIOQSIZE, &size) < 0)
> + return errno;
> + return 0;
> +}
> +
> +/*
> + * Attempt ioctls on regular files, with file descriptors opened before and
> + * after landlocking.
> + */
> +TEST_F_FORK(layout1, ioctl)
> +{
> + const struct rule rules[] = {
> + {
> + .path = file1_s1d1,
> + .access = LANDLOCK_ACCESS_FS_IOCTL,
> + },
> + {
> + .path = dir_s2d1,
> + .access = LANDLOCK_ACCESS_FS_IOCTL,
> + },
> + {},
> + };
> + const __u64 handled = LANDLOCK_ACCESS_FS_IOCTL;
> + int ruleset_fd;
> + int dir_s1d1_fd, file1_s1d1_fd, dir_s2d1_fd;
> +
> + /* Enables Landlock. */
> + ruleset_fd = create_ruleset(_metadata, handled, rules);
> + ASSERT_LE(0, ruleset_fd);
> + enforce_ruleset(_metadata, ruleset_fd);
> + ASSERT_EQ(0, close(ruleset_fd));
> +
> + dir_s1d1_fd = open(dir_s1d1, O_RDONLY);
You can use O_CLOEXEC everywhere.
> + ASSERT_LE(0, dir_s1d1_fd);
> + file1_s1d1_fd = open(file1_s1d1, O_RDONLY);
> + ASSERT_LE(0, file1_s1d1_fd);
> + dir_s2d1_fd = open(dir_s2d1, O_RDONLY);
> + ASSERT_LE(0, dir_s2d1_fd);
> +
> + /*
> + * Checks that FIOQSIZE works on files where LANDLOCK_ACCESS_FS_IOCTL is
> + * permitted.
> + */
> + EXPECT_EQ(EACCES, test_fioqsize_ioctl(dir_s1d1_fd));
> + EXPECT_EQ(0, test_fioqsize_ioctl(file1_s1d1_fd));
> + EXPECT_EQ(0, test_fioqsize_ioctl(dir_s2d1_fd));
> +
> + /* Closes all file descriptors. */
> + ASSERT_EQ(0, close(dir_s1d1_fd));
> + ASSERT_EQ(0, close(file1_s1d1_fd));
> + ASSERT_EQ(0, close(dir_s2d1_fd));
> +}
> +
> +TEST_F_FORK(layout1, ioctl_always_allowed)
> +{
> + struct landlock_ruleset_attr attr = {
const struct landlock_ruleset_attr attr = {
> + .handled_access_fs = LANDLOCK_ACCESS_FS_IOCTL,
> + };
> + int ruleset_fd, fd;
> + int flag = 0;
> + int n;
const int flag = 0;
int ruleset_fd, test_fd, n;
> +
> + /* Enables Landlock. */
> + ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
> + ASSERT_LE(0, ruleset_fd);
> + enforce_ruleset(_metadata, ruleset_fd);
> + ASSERT_EQ(0, close(ruleset_fd));
> +
> + fd = open(file1_s1d1, O_RDONLY);
> + ASSERT_LE(0, fd);
> +
> + /* Checks that the restrictable FIOQSIZE is restricted. */
> + EXPECT_EQ(EACCES, test_fioqsize_ioctl(fd));
> +
> + /* Checks that unrestrictable commands are unrestricted. */
> + EXPECT_EQ(0, ioctl(fd, FIOCLEX));
> + EXPECT_EQ(0, ioctl(fd, FIONCLEX));
> + EXPECT_EQ(0, ioctl(fd, FIONBIO, &flag));
> + EXPECT_EQ(0, ioctl(fd, FIOASYNC, &flag));
> + EXPECT_EQ(0, ioctl(fd, FIONREAD, &n));
> + EXPECT_EQ(0, n);
> +
> + ASSERT_EQ(0, close(fd));
> +}
> +
> /* clang-format off */
> FIXTURE(layout1_bind) {};
> /* clang-format on */
> --
> 2.41.0.694.ge786442a9b-goog
>
next prev parent reply other threads:[~2023-08-18 17:06 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-14 17:28 [PATCH v3 0/5] Landlock: IOCTL support Günther Noack
2023-08-14 17:28 ` [PATCH v3 1/5] landlock: Add ioctl access right Günther Noack
2023-08-14 17:43 ` Günther Noack
2023-08-14 17:28 ` [PATCH v3 2/5] selftests/landlock: Test ioctl support Günther Noack
2023-08-18 17:06 ` Mickaël Salaün [this message]
2023-08-25 15:51 ` Günther Noack
2023-08-25 17:07 ` Mickaël Salaün
2023-09-01 13:35 ` Günther Noack
2023-09-01 20:24 ` Mickaël Salaün
2023-08-14 17:28 ` [PATCH v3 3/5] selftests/landlock: Test ioctl with memfds Günther Noack
2023-08-14 17:28 ` [PATCH v3 4/5] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL Günther Noack
2023-08-14 17:28 ` [PATCH v3 5/5] landlock: Document ioctl support Günther Noack
2023-08-18 16:28 ` Mickaël Salaün
2023-08-25 11:55 ` Günther Noack
2023-08-18 13:26 ` [PATCH v3 0/5] Landlock: IOCTL support Mickaël Salaün
2023-08-18 13:39 ` Mickaël Salaün
2023-08-25 15:03 ` Günther Noack
2023-08-25 16:50 ` Mickaël Salaün
2023-08-26 18:26 ` Mickaël Salaün
2023-09-02 11:53 ` Günther Noack
2023-09-04 18:08 ` Mickaël Salaün
2023-09-11 10:02 ` Günther Noack
2023-09-11 15:25 ` Mickaël Salaün
2023-09-11 16:34 ` Mickaël Salaün
2023-10-19 22:09 ` Günther Noack
2023-10-20 14:57 ` Mickaël Salaün
2023-10-25 22:07 ` Günther Noack
2023-10-26 14:55 ` Mickaël Salaün
2023-11-03 13:06 ` Günther Noack
2023-11-03 15:12 ` Mickaël Salaün
2023-08-22 14:39 ` [PATCH v3 0/5] Landlock: IOCTL support - TTY restrictions RFC Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230818.HopaLahS0qua@digikod.net \
--to=mic@digikod.net \
--cc=allenwebb@google.com \
--cc=dtor@google.com \
--cc=gnoack@google.com \
--cc=jeffxu@google.com \
--cc=jorgelo@chromium.org \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=repnop@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.