From: Andrea Cervesato via ltp <ltp@lists.linux.it>
To: Li Wang <liwang@redhat.com>, Andrea Cervesato <andrea.cervesato@suse.de>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v2 09/11] Add landlock04 test
Date: Thu, 11 Jul 2024 12:33:12 +0200 [thread overview]
Message-ID: <bddb07dc-d8a2-4946-bfba-8f476bc24613@suse.com> (raw)
In-Reply-To: <CAEemH2crUwPREXw=QTWSNEUk-_cs0vLeg_VYAgyBuUe5Cet3ow@mail.gmail.com>
On 7/11/24 11:33, Li Wang wrote:
>
>
> On Thu, Jul 11, 2024 at 2:05 AM Andrea Cervesato
> <andrea.cervesato@suse.de> wrote:
>
> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> This test verifies that all landlock rules are working properly.
> The way we do it is to verify that all disabled syscalls are not
> working but the one we enabled via specifc landlock rules.
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/landlock/.gitignore | 2 +
> testcases/kernel/syscalls/landlock/landlock04.c | 176 +++++++++++
> testcases/kernel/syscalls/landlock/landlock_exec.c | 9 +
> .../kernel/syscalls/landlock/landlock_tester.h | 350
> +++++++++++++++++++++
> 5 files changed, 538 insertions(+)
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 269cf24b1..10b54ae84 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -687,6 +687,7 @@ kill13 kill13
> landlock01 landlock01
> landlock02 landlock02
> landlock03 landlock03
> +landlock04 landlock04
>
> lchown01 lchown01
> lchown01_16 lchown01_16
> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
> b/testcases/kernel/syscalls/landlock/.gitignore
> index f79cd090b..4fe8d7cba 100644
> --- a/testcases/kernel/syscalls/landlock/.gitignore
> +++ b/testcases/kernel/syscalls/landlock/.gitignore
> @@ -1,3 +1,5 @@
> +landlock_exec
> landlock01
> landlock02
> landlock03
> +landlock04
> diff --git a/testcases/kernel/syscalls/landlock/landlock04.c
> b/testcases/kernel/syscalls/landlock/landlock04.c
> new file mode 100644
> index 000000000..1567328bb
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/landlock04.c
> @@ -0,0 +1,176 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato
> <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * This test verifies that all landlock rules are working
> properly. The way we
> + * do it is to verify that all disabled syscalls are not working
> but the one we
> + * enabled via specifc landlock rules.
> + */
> +
> +#include "landlock_common.h"
> +#include "landlock_tester.h"
> +
> +#define ACCESS_NAME(x) #x
> +
> +static struct landlock_ruleset_attr *ruleset_attr;
> +static struct landlock_path_beneath_attr *path_beneath_attr;
> +
> +struct rule_access {
> + char *path;
> + int access;
> +};
> +
> +static struct tvariant {
> + int access;
> + char *desc;
> +} tvariants[] = {
> + {
> + LANDLOCK_ACCESS_FS_READ_FILE |
> LANDLOCK_ACCESS_FS_EXECUTE,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_EXECUTE)
> + },
> + {
> + LANDLOCK_ACCESS_FS_WRITE_FILE,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_WRITE_FILE)
> + },
> + {
> + LANDLOCK_ACCESS_FS_READ_FILE,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_READ_FILE)
> + },
> + {
> + LANDLOCK_ACCESS_FS_READ_DIR,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_READ_DIR)
> + },
> + {
> + LANDLOCK_ACCESS_FS_REMOVE_DIR,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_REMOVE_DIR)
> + },
> + {
> + LANDLOCK_ACCESS_FS_REMOVE_FILE,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_REMOVE_FILE)
> + },
> + {
> + LANDLOCK_ACCESS_FS_MAKE_CHAR,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_CHAR)
> + },
> + {
> + LANDLOCK_ACCESS_FS_MAKE_BLOCK,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_BLOCK)
> + },
> + {
> + LANDLOCK_ACCESS_FS_MAKE_REG,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_REG)
> + },
> + {
> + LANDLOCK_ACCESS_FS_MAKE_SOCK,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_SOCK)
> + },
> + {
> + LANDLOCK_ACCESS_FS_MAKE_FIFO,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_FIFO)
> + },
> + {
> + LANDLOCK_ACCESS_FS_MAKE_SYM,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_SYM)
> + },
> + {
> + LANDLOCK_ACCESS_FS_WRITE_FILE |
> LANDLOCK_ACCESS_FS_TRUNCATE,
> + ACCESS_NAME(LANDLOCK_ACCESS_FS_TRUNCATE)
> + },
> +};
> +
> +static void run(void)
> +{
> + if (!SAFE_FORK()) {
> + struct tvariant variant = tvariants[tst_variant];
> +
> + tester_run_all_rules(variant.access);
> + _exit(0);
> + }
> +}
> +
> +static void setup(void)
> +{
> + struct tvariant variant = tvariants[tst_variant];
> + int ruleset_fd;
> +
> + verify_landlock_is_enabled();
> + tester_create_tree();
> +
> + tst_res(TINFO, "Testing %s", variant.desc);
> +
> + ruleset_attr->handled_access_fs = tester_get_all_rules();
> +
> + ruleset_fd = SAFE_LANDLOCK_CREATE_RULESET(
> + ruleset_attr, sizeof(struct
> landlock_ruleset_attr), 0);
> +
> + /* since our binary is dynamically linked, we need to
> enable libraries
> + * to be read and executed
> + */
> + struct rule_access rules[] = {
> + {"/lib", LANDLOCK_ACCESS_FS_READ_FILE |
> LANDLOCK_ACCESS_FS_EXECUTE},
> + {"/lib64", LANDLOCK_ACCESS_FS_READ_FILE |
> LANDLOCK_ACCESS_FS_EXECUTE},
> + {SANDBOX_FOLDER, variant.access}
> + };
>
>
> Good method, but can we find a way to get the lib-shared path
> automatically but not hard coding?
>
> Some platforms may have another configuration on the shared-lib path.
>
The only library we need is libc.so, which is usually installed in /lib
or /lib64. I don't really know if LTP supported distros which place libc
somewhere else.
Do you have suggestions on how to get shared-libs eventually? Because
the only way I know is to call dladdr() but it doesn't seem the way to
go (I obtain the current binary file)
>
> + int num_of_rules = ARRAY_SIZE(rules);
> +
> + for (int i = 0; i < num_of_rules; i++) {
> + if (access(rules[i].path, F_OK) == -1)
> + continue;
> +
> + path_beneath_attr->allowed_access = rules[i].access;
> + path_beneath_attr->parent_fd =
> SAFE_OPEN(rules[i].path, O_PATH | O_CLOEXEC);
> +
> + SAFE_LANDLOCK_ADD_RULE(
> + ruleset_fd,
> + LANDLOCK_RULE_PATH_BENEATH,
> + path_beneath_attr,
> + 0);
> +
> + SAFE_CLOSE(path_beneath_attr->parent_fd);
> + }
> +
> + enforce_ruleset(ruleset_fd);
> + SAFE_CLOSE(ruleset_fd);
> +}
> +
> +static struct tst_test test = {
> + .test_all = run,
> + .setup = setup,
> + .min_kver = "5.13",
> + .forks_child = 1,
> + .needs_tmpdir = 1,
> + .needs_root = 1,
> + .test_variants = ARRAY_SIZE(tvariants),
> + .resource_files = (const char *[]) {
> + TESTAPP,
> + NULL,
> + },
> + .needs_kconfigs = (const char *[]) {
> + "CONFIG_SECURITY_LANDLOCK=y",
> + NULL
> + },
> + .bufs = (struct tst_buffers []) {
> + {&ruleset_attr, .size = sizeof(struct
> landlock_ruleset_attr)},
> + {&path_beneath_attr, .size = sizeof(struct
> landlock_path_beneath_attr)},
> + {},
> + },
> + .caps = (struct tst_cap []) {
> + TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
> + TST_CAP(TST_CAP_REQ, CAP_MKNOD),
> + {}
> + },
> + .format_device = 1,
> + .mount_device = 1,
> + .mntpoint = SANDBOX_FOLDER,
> + .all_filesystems = 1,
> + .skip_filesystems = (const char *[]) {
> + "vfat",
> + "exfat",
> + NULL
> + },
> + .max_runtime = 3600,
> +};
> diff --git a/testcases/kernel/syscalls/landlock/landlock_exec.c
> b/testcases/kernel/syscalls/landlock/landlock_exec.c
> new file mode 100644
> index 000000000..aae5c76b2
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/landlock_exec.c
> @@ -0,0 +1,9 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato
> <andrea.cervesato@suse.com>
> + */
> +
> +int main(void)
> +{
> + return 0;
> +}
> diff --git a/testcases/kernel/syscalls/landlock/landlock_tester.h
> b/testcases/kernel/syscalls/landlock/landlock_tester.h
> new file mode 100644
> index 000000000..89ca085d7
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/landlock_tester.h
> @@ -0,0 +1,350 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato
> <andrea.cervesato@suse.com>
> + */
> +
> +#ifndef LANDLOCK_TESTER_H
> +
> +#include "tst_test.h"
> +#include "lapi/landlock.h"
> +#include <sys/sysmacros.h>
> +
> +#define PERM_MODE 0700
> +
> +#define SANDBOX_FOLDER "sandbox"
> +#define TESTAPP "landlock_exec"
> +
> +#define FILE_EXEC SANDBOX_FOLDER"/"TESTAPP
> +#define FILE_READ SANDBOX_FOLDER"/file_read"
> +#define FILE_WRITE SANDBOX_FOLDER"/file_write"
> +#define FILE_REMOVE SANDBOX_FOLDER"/file_remove"
> +#define FILE_UNLINK SANDBOX_FOLDER"/file_unlink"
> +#define FILE_UNLINKAT SANDBOX_FOLDER"/file_unlinkat"
> +#define FILE_TRUNCATE SANDBOX_FOLDER"/file_truncate"
> +#define FILE_REGULAR SANDBOX_FOLDER"/regular0"
> +#define FILE_SOCKET SANDBOX_FOLDER"/socket0"
> +#define FILE_FIFO SANDBOX_FOLDER"/fifo0"
> +#define FILE_SYM0 SANDBOX_FOLDER"/symbolic0"
> +#define FILE_SYM1 SANDBOX_FOLDER"/symbolic1"
> +#define DIR_READDIR SANDBOX_FOLDER"/dir_readdir"
> +#define DIR_RMDIR SANDBOX_FOLDER"/dir_rmdir"
> +#define DEV_CHAR0 SANDBOX_FOLDER"/chardev0"
> +#define DEV_BLK0 SANDBOX_FOLDER"/blkdev0"
> +
> +#define ALL_RULES (\
> + LANDLOCK_ACCESS_FS_EXECUTE | \
> + LANDLOCK_ACCESS_FS_WRITE_FILE | \
> + LANDLOCK_ACCESS_FS_READ_FILE | \
> + LANDLOCK_ACCESS_FS_READ_DIR | \
> + LANDLOCK_ACCESS_FS_REMOVE_DIR | \
> + LANDLOCK_ACCESS_FS_REMOVE_FILE | \
> + LANDLOCK_ACCESS_FS_MAKE_CHAR | \
> + LANDLOCK_ACCESS_FS_MAKE_DIR | \
> + LANDLOCK_ACCESS_FS_MAKE_REG | \
> + LANDLOCK_ACCESS_FS_MAKE_SOCK | \
> + LANDLOCK_ACCESS_FS_MAKE_FIFO | \
> + LANDLOCK_ACCESS_FS_MAKE_BLOCK | \
> + LANDLOCK_ACCESS_FS_MAKE_SYM | \
> + LANDLOCK_ACCESS_FS_REFER | \
> + LANDLOCK_ACCESS_FS_TRUNCATE | \
> + LANDLOCK_ACCESS_NET_BIND_TCP | \
> + LANDLOCK_ACCESS_NET_CONNECT_TCP | \
> + LANDLOCK_ACCESS_FS_IOCTL_DEV)
> +
> +static char *readdir_files[] = {
> + DIR_READDIR"/file0",
> + DIR_READDIR"/file1",
> + DIR_READDIR"/file2",
> +};
> +
> +static int dev_chr;
> +static int dev_blk;
> +
> +static int tester_get_all_rules(void)
> +{
> + int abi;
> + int all_rules = ALL_RULES;
> +
> + abi = SAFE_LANDLOCK_CREATE_RULESET(
> + NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
> +
> + if (abi < 2)
> + all_rules &= ~LANDLOCK_ACCESS_FS_REFER;
> +
> + if (abi < 3)
> + all_rules &= ~LANDLOCK_ACCESS_FS_TRUNCATE;
> +
> + if (abi < 4) {
> + all_rules &= ~(LANDLOCK_ACCESS_NET_BIND_TCP |
> + LANDLOCK_ACCESS_NET_CONNECT_TCP);
> + }
> +
> + if (abi < 5)
> + all_rules &= ~LANDLOCK_ACCESS_FS_IOCTL_DEV;
> +
> + return all_rules;
> +}
> +
> +static void tester_create_tree(void)
> +{
> + if (access(SANDBOX_FOLDER, F_OK) == -1)
> + SAFE_MKDIR(SANDBOX_FOLDER, PERM_MODE);
> +
> + /* folders */
> + SAFE_MKDIR(DIR_RMDIR, PERM_MODE);
> + SAFE_MKDIR(DIR_READDIR, PERM_MODE);
> + for (size_t i = 0; i < ARRAY_SIZE(readdir_files); i++)
> + SAFE_TOUCH(readdir_files[i], PERM_MODE, NULL);
> +
> + /* files */
> + tst_fill_file(FILE_READ, 'a', getpagesize(), 1);
> + SAFE_TOUCH(FILE_WRITE, PERM_MODE, NULL);
> + SAFE_TOUCH(FILE_REMOVE, PERM_MODE, NULL);
> + SAFE_TOUCH(FILE_UNLINK, PERM_MODE, NULL);
> + SAFE_TOUCH(FILE_UNLINKAT, PERM_MODE, NULL);
> + SAFE_TOUCH(FILE_TRUNCATE, PERM_MODE, NULL);
> + SAFE_TOUCH(FILE_SYM0, PERM_MODE, NULL);
> + SAFE_CP(TESTAPP, FILE_EXEC);
> +
> + /* devices */
> + dev_chr = makedev(1, 3);
> + dev_blk = makedev(7, 0);
> +}
> +
> +static void _test_exec(const int result)
> +{
> + int status;
> + pid_t pid;
> + char *const args[] = {(char *)FILE_EXEC, NULL};
> +
> + tst_res(TINFO, "Test binary execution");
> +
> + pid = SAFE_FORK();
> + if (!pid) {
> + int rval;
> +
> + if (result == TPASS) {
> + rval = execve(FILE_EXEC, args, NULL);
> + if (rval == -1)
> + tst_res(TFAIL | TERRNO, "Failed to
> execute test binary");
> + } else {
> + TST_EXP_FAIL(execve(FILE_EXEC, args,
> NULL), EACCES);
> + }
> +
> + _exit(1);
> + }
> +
> + SAFE_WAITPID(pid, &status, 0);
> + if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
> + return;
> +
> + tst_res(result, "Test binary has been executed");
> +}
> +
> +static void _test_write(const int result)
> +{
> + tst_res(TINFO, "Test writing file");
> +
> + if (result == TPASS)
> + TST_EXP_FD(open(FILE_WRITE, O_WRONLY, PERM_MODE));
> + else
> + TST_EXP_FAIL(open(FILE_WRITE, O_WRONLY,
> PERM_MODE), EACCES);
> +
> + if (TST_RET != -1)
> + SAFE_CLOSE(TST_RET);
> +}
> +
> +static void _test_read(const int result)
> +{
> + tst_res(TINFO, "Test reading file");
> +
> + if (result == TPASS)
> + TST_EXP_FD(open(FILE_READ, O_RDONLY, PERM_MODE));
> + else
> + TST_EXP_FAIL(open(FILE_READ, O_RDONLY, PERM_MODE),
> EACCES);
> +
> + if (TST_RET != -1)
> + SAFE_CLOSE(TST_RET);
> +}
> +
> +static void _test_readdir(const int result)
> +{
> + tst_res(TINFO, "Test reading directory");
> +
> + DIR *dir;
> + struct dirent *de;
> + int files_counted = 0;
> +
> + dir = opendir(DIR_READDIR);
> + if (!dir) {
> + tst_res(result == TPASS ? TFAIL : TPASS,
> + "Can't read '%s' directory", DIR_READDIR);
> +
> + return;
> + }
> +
> + tst_res(result, "Can read '%s' directory", DIR_READDIR);
> + if (result == TFAIL)
> + return;
> +
> + while ((de = readdir(dir)) != NULL) {
> + if (de->d_type != DT_REG)
> + continue;
> +
> + for (size_t i = 0; i < ARRAY_SIZE(readdir_files);
> i++) {
> + if (readdir_files[i] == NULL)
> + continue;
> +
> + if (strstr(readdir_files[i], de->d_name)
> != NULL)
> + files_counted++;
> + }
> + }
> +
> + SAFE_CLOSEDIR(dir);
> +
> + TST_EXP_EQ_LI(files_counted, ARRAY_SIZE(readdir_files));
> +}
> +
> +static void _test_rmdir(const int result)
> +{
> + tst_res(TINFO, "Test removing directory");
> +
> + if (result == TPASS)
> + TST_EXP_PASS(rmdir(DIR_RMDIR));
> + else
> + TST_EXP_FAIL(rmdir(DIR_RMDIR), EACCES);
> +}
> +
> +static void _test_rmfile(const int result)
> +{
> + tst_res(TINFO, "Test removing file");
> +
> + if (result == TPASS) {
> + TST_EXP_PASS(unlink(FILE_UNLINK));
> + TST_EXP_PASS(remove(FILE_REMOVE));
> + } else {
> + TST_EXP_FAIL(unlink(FILE_UNLINK), EACCES);
> + TST_EXP_FAIL(remove(FILE_REMOVE), EACCES);
> + }
> +}
> +
> +static void _test_make(
> + const char *path,
> + const int type,
> + const int dev,
> + const int result)
> +{
> + tst_res(TINFO, "Test normal or special files creation");
> +
> + if (result == TPASS)
> + TST_EXP_PASS(mknod(path, type | 0400, dev));
> + else
> + TST_EXP_FAIL(mknod(path, type | 0400, dev), EACCES);
> +}
> +
> +static void _test_symbolic(const int result)
> +{
> + tst_res(TINFO, "Test symbolic links");
> +
> + if (result == TPASS)
> + TST_EXP_PASS(symlink(FILE_SYM0, FILE_SYM1));
> + else
> + TST_EXP_FAIL(symlink(FILE_SYM0, FILE_SYM1), EACCES);
> +}
> +
> +static void _test_truncate(const int result)
> +{
> + int fd;
> +
> + tst_res(TINFO, "Test truncating file");
> +
> + if (result == TPASS) {
> + TST_EXP_PASS(truncate(FILE_TRUNCATE, 10));
> +
> + fd = TST_EXP_FD(open(FILE_TRUNCATE, O_WRONLY,
> PERM_MODE));
> + if (fd != -1) {
> + TST_EXP_PASS(ftruncate(fd, 10));
> + SAFE_CLOSE(fd);
> + }
> +
> + fd = TST_EXP_FD(open(FILE_TRUNCATE, O_WRONLY |
> O_TRUNC, PERM_MODE));
> + if (fd != -1)
> + SAFE_CLOSE(fd);
> + } else {
> + TST_EXP_FAIL(truncate(FILE_TRUNCATE, 10), EACCES);
> +
> + fd = open(FILE_TRUNCATE, O_WRONLY, PERM_MODE);
> + if (fd != -1) {
> + TST_EXP_FAIL(ftruncate(fd, 10), EACCES);
> + SAFE_CLOSE(fd);
> + }
> +
> + TST_EXP_FAIL(open(FILE_TRUNCATE, O_WRONLY |
> O_TRUNC, PERM_MODE),
> + EACCES);
> +
> + if (TST_RET != -1)
> + SAFE_CLOSE(TST_RET);
> + }
> +}
> +
> +static void tester_run_rules(const int rules, const int result)
> +{
> + if (rules & LANDLOCK_ACCESS_FS_EXECUTE)
> + _test_exec(result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_WRITE_FILE)
> + _test_write(result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_READ_FILE)
> + _test_read(result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_READ_DIR)
> + _test_readdir(result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_REMOVE_DIR)
> + _test_rmdir(result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_REMOVE_FILE)
> + _test_rmfile(result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_MAKE_CHAR)
> + _test_make(DEV_CHAR0, S_IFCHR, dev_chr, result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_MAKE_BLOCK)
> + _test_make(DEV_BLK0, S_IFBLK, dev_blk, result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_MAKE_REG)
> + _test_make(FILE_REGULAR, S_IFREG, 0, result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_MAKE_SOCK)
> + _test_make(FILE_SOCKET, S_IFSOCK, 0, result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_MAKE_FIFO)
> + _test_make(FILE_FIFO, S_IFIFO, 0, result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_MAKE_SYM)
> + _test_symbolic(result);
> +
> + if (rules & LANDLOCK_ACCESS_FS_TRUNCATE) {
> + if ((tst_kvercmp(6, 2, 0)) < 0) {
> + tst_res(TINFO, "Skip truncate test.
> Minimum kernel version is 6.2");
> + return;
> + }
> +
> + _test_truncate(result);
> + }
> +}
> +
> +static inline void tester_run_all_rules(const int pass_rules)
> +{
> + int fail_rules;
> + int all_rules;
> +
> + all_rules = tester_get_all_rules();
> + fail_rules = all_rules & ~pass_rules;
> +
> + tester_run_rules(pass_rules, TPASS);
> + tester_run_rules(fail_rules, TFAIL);
> +}
> +
> +#endif
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>
>
>
> --
> Regards,
> Li Wang
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2024-07-11 10:33 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-10 18:01 [LTP] [PATCH v2 00/11] landlock testing suite Andrea Cervesato
2024-07-10 18:01 ` [LTP] [PATCH v2 01/11] Add landlock syscalls definitions Andrea Cervesato
2024-07-11 1:16 ` Li Wang
2024-07-10 18:01 ` [LTP] [PATCH v2 02/11] Add lapi/landlock.h fallback Andrea Cervesato
2024-07-11 1:30 ` Li Wang
2024-07-10 18:01 ` [LTP] [PATCH v2 03/11] Added three more SAFE_* macros for landlock sandbox: Andrea Cervesato
2024-07-11 3:47 ` Li Wang
2024-07-10 18:01 ` [LTP] [PATCH v2 04/11] Add SAFE_PRCTL macro Andrea Cervesato
2024-07-10 18:02 ` [LTP] [PATCH v2 05/11] Add landlock01 test Andrea Cervesato
2024-07-11 3:16 ` Li Wang
2024-07-11 7:06 ` Andrea Cervesato via ltp
2024-07-11 7:30 ` Li Wang
2024-07-10 18:02 ` [LTP] [PATCH v2 06/11] Add landlock02 test Andrea Cervesato
2024-07-10 18:02 ` [LTP] [PATCH v2 07/11] Add landlock03 test Andrea Cervesato
2024-07-10 18:02 ` [LTP] [PATCH v2 08/11] Add CAP_MKNOD fallback in lapi/capability.h Andrea Cervesato
2024-07-11 3:49 ` Li Wang
2024-07-10 18:02 ` [LTP] [PATCH v2 09/11] Add landlock04 test Andrea Cervesato
2024-07-11 9:33 ` Li Wang
2024-07-11 10:33 ` Andrea Cervesato via ltp [this message]
2024-07-11 11:01 ` Cyril Hrubis
2024-07-11 11:14 ` Li Wang
2024-07-10 18:02 ` [LTP] [PATCH v2 10/11] Add landlock05 test Andrea Cervesato
2024-07-10 18:02 ` [LTP] [PATCH v2 11/11] Add landlock06 test Andrea Cervesato
2024-07-11 8:45 ` Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bddb07dc-d8a2-4946-bfba-8f476bc24613@suse.com \
--to=ltp@lists.linux.it \
--cc=andrea.cervesato@suse.com \
--cc=andrea.cervesato@suse.de \
--cc=liwang@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.