[LTP] [PATCH v2 03/11] Added three more SAFE_* macros for landlock sandbox:

public inbox for ltp@lists.linux.it
 help / color / mirror / Atom feed

From: Andrea Cervesato <andrea.cervesato@suse.de>
To: ltp@lists.linux.it
Subject: [LTP] [PATCH v2 03/11] Added three more SAFE_* macros for landlock sandbox:
Date: Wed, 10 Jul 2024 20:01:58 +0200	[thread overview]
Message-ID: <20240710-landlock-v2-3-ff79db017d57@suse.com> (raw)
In-Reply-To: <20240710-landlock-v2-0-ff79db017d57@suse.com>

From: Andrea Cervesato <andrea.cervesato@suse.com>

- SAFE_LANDLOCK_CREATE_RULESET
- SAFE_LANDLOCK_ADD_RULE
- SAFE_LANDLOCK_RESTRICT_SELF

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 include/lapi/landlock.h | 61 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/include/lapi/landlock.h b/include/lapi/landlock.h
index 2ee51b340..6d85eb12e 100644
--- a/include/lapi/landlock.h
+++ b/include/lapi/landlock.h
@@ -12,6 +12,8 @@
 # include <linux/landlock.h>
 #endif
 
+#include "lapi/syscalls.h"
+
 #ifndef HAVE_STRUCT_LANDLOCK_RULESET_ATTR
 struct landlock_ruleset_attr
 {
@@ -120,4 +122,63 @@ struct landlock_net_port_attr
 # define LANDLOCK_ACCESS_NET_CONNECT_TCP	(1ULL << 1)
 #endif
 
+static inline int safe_landlock_create_ruleset(const char *file, const int lineno,
+	const struct landlock_ruleset_attr *attr,
+	size_t size , uint32_t flags)
+{
+	int rval;
+
+	rval = tst_syscall(__NR_landlock_create_ruleset, attr, size, flags);
+	if (rval == -1) {
+		tst_brk_(file, lineno, TBROK | TERRNO,
+			"landlock_create_ruleset(%p, %lu, %u)",
+			attr, size, flags);
+	}
+
+	return rval;
+}
+
+static inline int safe_landlock_add_rule(const char *file, const int lineno,
+	int ruleset_fd, enum landlock_rule_type rule_type,
+	const void *rule_attr, uint32_t flags)
+{
+	int rval;
+
+	rval = tst_syscall(__NR_landlock_add_rule,
+		ruleset_fd, rule_type, rule_attr, flags);
+
+	if (rval == -1) {
+		tst_brk_(file, lineno, TBROK | TERRNO,
+			"landlock_add_rule(%d, %d, %p, %u)",
+			ruleset_fd, rule_type, rule_attr, flags);
+	}
+
+	return rval;
+}
+
+static inline int safe_landlock_restrict_self(const char *file, const int lineno,
+	int ruleset_fd, int flags)
+{
+	int rval;
+
+	rval = tst_syscall(__NR_landlock_restrict_self, ruleset_fd, flags);
+	if (rval == -1) {
+		tst_brk_(file, lineno, TBROK | TERRNO,
+			"landlock_restrict_self(%d, %u)",
+			ruleset_fd, flags);
+	}
+
+	return rval;
+}
+
+#define SAFE_LANDLOCK_CREATE_RULESET(attr, size, flags) \
+	safe_landlock_create_ruleset(__FILE__, __LINE__, (attr), (size), (flags))
+
+#define SAFE_LANDLOCK_ADD_RULE(ruleset_fd, rule_type, rule_attr, flags) \
+	safe_landlock_add_rule(__FILE__, __LINE__, \
+		(ruleset_fd), (rule_type), (rule_attr), (flags))
+
+#define SAFE_LANDLOCK_RESTRICT_SELF(ruleset_fd, flags) \
+	safe_landlock_restrict_self(__FILE__, __LINE__, (ruleset_fd), (flags))
+
 #endif

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

next prev parent reply	other threads:[~2024-07-10 18:02 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-10 18:01 [LTP] [PATCH v2 00/11] landlock testing suite Andrea Cervesato
2024-07-10 18:01 ` [LTP] [PATCH v2 01/11] Add landlock syscalls definitions Andrea Cervesato
2024-07-11  1:16   ` Li Wang
2024-07-10 18:01 ` [LTP] [PATCH v2 02/11] Add lapi/landlock.h fallback Andrea Cervesato
2024-07-11  1:30   ` Li Wang
2024-07-10 18:01 ` Andrea Cervesato [this message]
2024-07-11  3:47   ` [LTP] [PATCH v2 03/11] Added three more SAFE_* macros for landlock sandbox: Li Wang
2024-07-10 18:01 ` [LTP] [PATCH v2 04/11] Add SAFE_PRCTL macro Andrea Cervesato
2024-07-10 18:02 ` [LTP] [PATCH v2 05/11] Add landlock01 test Andrea Cervesato
2024-07-11  3:16   ` Li Wang
2024-07-11  7:06     ` Andrea Cervesato via ltp
2024-07-11  7:30       ` Li Wang
2024-07-10 18:02 ` [LTP] [PATCH v2 06/11] Add landlock02 test Andrea Cervesato
2024-07-10 18:02 ` [LTP] [PATCH v2 07/11] Add landlock03 test Andrea Cervesato
2024-07-10 18:02 ` [LTP] [PATCH v2 08/11] Add CAP_MKNOD fallback in lapi/capability.h Andrea Cervesato
2024-07-11  3:49   ` Li Wang
2024-07-10 18:02 ` [LTP] [PATCH v2 09/11] Add landlock04 test Andrea Cervesato
2024-07-11  9:33   ` Li Wang
2024-07-11 10:33     ` Andrea Cervesato via ltp
2024-07-11 11:01       ` Cyril Hrubis
2024-07-11 11:14         ` Li Wang
2024-07-10 18:02 ` [LTP] [PATCH v2 10/11] Add landlock05 test Andrea Cervesato
2024-07-10 18:02 ` [LTP] [PATCH v2 11/11] Add landlock06 test Andrea Cervesato
2024-07-11  8:45   ` Petr Vorel

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:2ee51b34 dfblob:6d85eb12 )
 OR (
bs:"[LTP] [PATCH v2 03/11] Added three more SAFE_* macros for landlock sandbox:" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240710-landlock-v2-3-ff79db017d57@suse.com \
    --to=andrea.cervesato@suse.de \
    --cc=ltp@lists.linux.it \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox