[LTP] [PATCH 00/10] landlock testing suite

[LTP] [PATCH 00/10] landlock testing suite

[Andrea Cervesato]

This testing suite is meant to test the following syscalls:

- landlock_create_ruleset
- landlock_add_rule
- landlock_restrict_self

Documentation can be found in kernel manuals and inside the official
kernel documentation at

https://www.kernel.org/doc/html/latest/userspace-api/landlock.html

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
Andrea Cervesato (10):
      Add landlock syscalls definitions
      Add lapi/landlock.h fallback
      Add landlock SAFE_* macros
      Add SAFE_PRCTL macro
      Add landlock01 test
      Add landlock02 test
      Add landlock03 test
      Add landlock04 test
      Add landlock05 test
      Add landlock06 test

 configure.ac                                       |   5 +
 include/lapi/landlock.h                            | 120 +++++++
 include/lapi/syscalls/aarch64.in                   |   3 +
 include/lapi/syscalls/arc.in                       |   3 +
 include/lapi/syscalls/arm.in                       |   3 +
 include/lapi/syscalls/hppa.in                      |   3 +
 include/lapi/syscalls/i386.in                      |   3 +
 include/lapi/syscalls/ia64.in                      |   3 +
 include/lapi/syscalls/mips_n32.in                  |   3 +
 include/lapi/syscalls/mips_n64.in                  |   3 +
 include/lapi/syscalls/mips_o32.in                  |   3 +
 include/lapi/syscalls/powerpc.in                   |   3 +
 include/lapi/syscalls/powerpc64.in                 |   3 +
 include/lapi/syscalls/s390.in                      |   3 +
 include/lapi/syscalls/s390x.in                     |   3 +
 include/lapi/syscalls/sh.in                        |   3 +
 include/lapi/syscalls/sparc.in                     |   3 +
 include/lapi/syscalls/sparc64.in                   |   3 +
 include/lapi/syscalls/x86_64.in                    |   3 +
 include/tst_safe_macros.h                          |  25 ++
 lib/tst_safe_macros.c                              |  66 ++++
 runtest/syscalls                                   |   7 +
 testcases/kernel/syscalls/landlock/.gitignore      |   7 +
 testcases/kernel/syscalls/landlock/Makefile        |  15 +
 testcases/kernel/syscalls/landlock/landlock01.c    |  87 +++++
 testcases/kernel/syscalls/landlock/landlock02.c    | 153 +++++++++
 testcases/kernel/syscalls/landlock/landlock03.c    | 119 +++++++
 testcases/kernel/syscalls/landlock/landlock04.c    | 143 +++++++++
 testcases/kernel/syscalls/landlock/landlock05.c    | 113 +++++++
 testcases/kernel/syscalls/landlock/landlock06.c    | 110 +++++++
 .../kernel/syscalls/landlock/landlock_common.h     |  74 +++++
 testcases/kernel/syscalls/landlock/landlock_exec.c |   9 +
 .../kernel/syscalls/landlock/landlock_tester.h     | 350 +++++++++++++++++++++
 33 files changed, 1454 insertions(+)
---
base-commit: 53b4930da635e29b34af694f2b2a0a22411ec5a0
change-id: 20240617-landlock-c48a4623a447

Best regards,
-- 
Andrea Cervesato <andrea.cervesato@suse.com>


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 01/10] Add landlock syscalls definitions

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 include/lapi/syscalls/aarch64.in   | 3 +++
 include/lapi/syscalls/arc.in       | 3 +++
 include/lapi/syscalls/arm.in       | 3 +++
 include/lapi/syscalls/hppa.in      | 3 +++
 include/lapi/syscalls/i386.in      | 3 +++
 include/lapi/syscalls/ia64.in      | 3 +++
 include/lapi/syscalls/mips_n32.in  | 3 +++
 include/lapi/syscalls/mips_n64.in  | 3 +++
 include/lapi/syscalls/mips_o32.in  | 3 +++
 include/lapi/syscalls/powerpc.in   | 3 +++
 include/lapi/syscalls/powerpc64.in | 3 +++
 include/lapi/syscalls/s390.in      | 3 +++
 include/lapi/syscalls/s390x.in     | 3 +++
 include/lapi/syscalls/sh.in        | 3 +++
 include/lapi/syscalls/sparc.in     | 3 +++
 include/lapi/syscalls/sparc64.in   | 3 +++
 include/lapi/syscalls/x86_64.in    | 3 +++
 17 files changed, 51 insertions(+)

diff --git a/include/lapi/syscalls/aarch64.in b/include/lapi/syscalls/aarch64.in
index 2cb6c2d87..3e7797718 100644
--- a/include/lapi/syscalls/aarch64.in
+++ b/include/lapi/syscalls/aarch64.in
@@ -296,5 +296,8 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
 _sysctl 1078
diff --git a/include/lapi/syscalls/arc.in b/include/lapi/syscalls/arc.in
index 3e2ee9061..7fde1d263 100644
--- a/include/lapi/syscalls/arc.in
+++ b/include/lapi/syscalls/arc.in
@@ -316,4 +316,7 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
diff --git a/include/lapi/syscalls/arm.in b/include/lapi/syscalls/arm.in
index 7bdbca533..693644f83 100644
--- a/include/lapi/syscalls/arm.in
+++ b/include/lapi/syscalls/arm.in
@@ -394,4 +394,7 @@ pidfd_getfd (__NR_SYSCALL_BASE+438)
 faccessat2 (__NR_SYSCALL_BASE+439)
 epoll_pwait2 (__NR_SYSCALL_BASE+441)
 quotactl_fd (__NR_SYSCALL_BASE+443)
+landlock_create_ruleset (__NR_SYSCALL_BASE+444)
+landlock_add_rule (__NR_SYSCALL_BASE+445)
+landlock_restrict_self (__NR_SYSCALL_BASE+446)
 futex_waitv (__NR_SYSCALL_BASE+449)
diff --git a/include/lapi/syscalls/hppa.in b/include/lapi/syscalls/hppa.in
index 8ebdafafb..60c02aff2 100644
--- a/include/lapi/syscalls/hppa.in
+++ b/include/lapi/syscalls/hppa.in
@@ -43,4 +43,7 @@ close_range 436
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
diff --git a/include/lapi/syscalls/i386.in b/include/lapi/syscalls/i386.in
index 1472631c4..31ec1ecb2 100644
--- a/include/lapi/syscalls/i386.in
+++ b/include/lapi/syscalls/i386.in
@@ -430,4 +430,7 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
diff --git a/include/lapi/syscalls/ia64.in b/include/lapi/syscalls/ia64.in
index 0ea6e9722..2e56da7f9 100644
--- a/include/lapi/syscalls/ia64.in
+++ b/include/lapi/syscalls/ia64.in
@@ -343,4 +343,7 @@ pidfd_getfd 1462
 faccessat2 1463
 epoll_pwait2 1465
 quotactl_fd 1467
+landlock_create_ruleset 1468
+landlock_add_rule 1469
+landlock_restrict_self 1470
 futex_waitv 1473
diff --git a/include/lapi/syscalls/mips_n32.in b/include/lapi/syscalls/mips_n32.in
index e818c9d92..5f0fe65eb 100644
--- a/include/lapi/syscalls/mips_n32.in
+++ b/include/lapi/syscalls/mips_n32.in
@@ -370,4 +370,7 @@ process_madvise 6440
 epoll_pwait2 6441
 mount_setattr 6442
 quotactl_fd 6443
+landlock_create_ruleset 6444
+landlock_add_rule 6445
+landlock_restrict_self 6446
 futex_waitv 6449
diff --git a/include/lapi/syscalls/mips_n64.in b/include/lapi/syscalls/mips_n64.in
index 6e15f43b3..f81c60e66 100644
--- a/include/lapi/syscalls/mips_n64.in
+++ b/include/lapi/syscalls/mips_n64.in
@@ -346,4 +346,7 @@ process_madvise 5440
 epoll_pwait2 5441
 mount_setattr 5442
 quotactl_fd 5443
+landlock_create_ruleset 5444
+landlock_add_rule 5445
+landlock_restrict_self 5446
 futex_waitv 5449
diff --git a/include/lapi/syscalls/mips_o32.in b/include/lapi/syscalls/mips_o32.in
index 921d5d331..c2beffb75 100644
--- a/include/lapi/syscalls/mips_o32.in
+++ b/include/lapi/syscalls/mips_o32.in
@@ -416,4 +416,7 @@ process_madvise 4440
 epoll_pwait2 4441
 mount_setattr 4442
 quotactl_fd 4443
+landlock_create_ruleset 4444
+landlock_add_rule 4445
+landlock_restrict_self 4446
 futex_waitv 4449
diff --git a/include/lapi/syscalls/powerpc.in b/include/lapi/syscalls/powerpc.in
index 545d9d3d6..5460e4197 100644
--- a/include/lapi/syscalls/powerpc.in
+++ b/include/lapi/syscalls/powerpc.in
@@ -423,4 +423,7 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
diff --git a/include/lapi/syscalls/powerpc64.in b/include/lapi/syscalls/powerpc64.in
index 545d9d3d6..5460e4197 100644
--- a/include/lapi/syscalls/powerpc64.in
+++ b/include/lapi/syscalls/powerpc64.in
@@ -423,4 +423,7 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
diff --git a/include/lapi/syscalls/s390.in b/include/lapi/syscalls/s390.in
index 7213ac5f8..275b27f47 100644
--- a/include/lapi/syscalls/s390.in
+++ b/include/lapi/syscalls/s390.in
@@ -410,4 +410,7 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
diff --git a/include/lapi/syscalls/s390x.in b/include/lapi/syscalls/s390x.in
index 879012e2b..c200d02b2 100644
--- a/include/lapi/syscalls/s390x.in
+++ b/include/lapi/syscalls/s390x.in
@@ -358,4 +358,7 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
diff --git a/include/lapi/syscalls/sh.in b/include/lapi/syscalls/sh.in
index 7d5192a27..6f482a77b 100644
--- a/include/lapi/syscalls/sh.in
+++ b/include/lapi/syscalls/sh.in
@@ -404,4 +404,7 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
diff --git a/include/lapi/syscalls/sparc.in b/include/lapi/syscalls/sparc.in
index 91d2fb1c2..7181e80a0 100644
--- a/include/lapi/syscalls/sparc.in
+++ b/include/lapi/syscalls/sparc.in
@@ -409,4 +409,7 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
diff --git a/include/lapi/syscalls/sparc64.in b/include/lapi/syscalls/sparc64.in
index 1f2fc59b7..c96ab2021 100644
--- a/include/lapi/syscalls/sparc64.in
+++ b/include/lapi/syscalls/sparc64.in
@@ -374,4 +374,7 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
diff --git a/include/lapi/syscalls/x86_64.in b/include/lapi/syscalls/x86_64.in
index dc61aa56e..3082ca110 100644
--- a/include/lapi/syscalls/x86_64.in
+++ b/include/lapi/syscalls/x86_64.in
@@ -351,6 +351,9 @@ pidfd_getfd 438
 faccessat2 439
 epoll_pwait2 441
 quotactl_fd 443
+landlock_create_ruleset 444
+landlock_add_rule 445
+landlock_restrict_self 446
 futex_waitv 449
 rt_sigaction 512
 rt_sigreturn 513

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 02/10] Add lapi/landlock.h fallback

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 configure.ac            |   5 ++
 include/lapi/landlock.h | 120 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 125 insertions(+)

diff --git a/configure.ac b/configure.ac
index 82969b8d3..e5f0c9f77 100644
--- a/configure.ac
+++ b/configure.ac
@@ -157,6 +157,7 @@ AC_CHECK_FUNCS_ONCE([ \
 AC_CHECK_FUNCS(mkdtemp,[],AC_MSG_ERROR(mkdtemp() not found!))
 
 AC_CHECK_MEMBERS([struct fanotify_event_info_fid.fsid.__val],,,[#include <sys/fanotify.h>])
+AC_CHECK_MEMBERS([struct landlock_ruleset_attr.handled_access_net],,,[#include <linux/landlock.h>])
 AC_CHECK_MEMBERS([struct perf_event_mmap_page.aux_head],,,[#include <linux/perf_event.h>])
 AC_CHECK_MEMBERS([struct sigaction.sa_sigaction],[],[],[#include <signal.h>])
 AC_CHECK_MEMBERS([struct statx.stx_mnt_id, struct statx.stx_dio_mem_align],,,[
@@ -170,6 +171,7 @@ AC_CHECK_MEMBERS([struct utsname.domainname],,,[
 ])
 
 AC_CHECK_TYPES([enum kcmp_type],,,[#include <linux/kcmp.h>])
+AC_CHECK_TYPES([enum landlock_rule_type],,,[#include <linux/landlock.h>])
 AC_CHECK_TYPES([struct acct_v3],,,[#include <sys/acct.h>])
 AC_CHECK_TYPES([struct af_alg_iv, struct sockaddr_alg],,,[# include <linux/if_alg.h>])
 AC_CHECK_TYPES([struct fanotify_event_info_fid, struct fanotify_event_info_error,
@@ -190,6 +192,9 @@ AC_CHECK_TYPES([struct if_nextdqblk],,,[#include <linux/quota.h>])
 AC_CHECK_TYPES([struct iovec],,,[#include <sys/uio.h>])
 AC_CHECK_TYPES([struct ipc64_perm],,,[#include <sys/ipcbuf.h>])
 AC_CHECK_TYPES([struct loop_config],,,[#include <linux/loop.h>])
+AC_CHECK_TYPES([struct landlock_ruleset_attr],,,[#include <linux/landlock.h>])
+AC_CHECK_TYPES([struct landlock_path_beneath_attr],,,[#include <linux/landlock.h>])
+AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include <linux/landlock.h])
 
 AC_CHECK_TYPES([struct mmsghdr],,,[
 #define _GNU_SOURCE
diff --git a/include/lapi/landlock.h b/include/lapi/landlock.h
new file mode 100644
index 000000000..634da3bbb
--- /dev/null
+++ b/include/lapi/landlock.h
@@ -0,0 +1,120 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+#ifndef LAPI_LANDLOCK_H__
+#define LAPI_LANDLOCK_H__
+
+#include "config.h"
+#include "lapi/syscalls.h"
+
+#ifndef HAVE_STRUCT_LANDLOCK_RULESET_ATTR
+struct landlock_ruleset_attr
+{
+	uint64_t handled_access_fs;
+	uint64_t handled_access_net;
+};
+#endif
+
+#ifndef HAVE_STRUCT_LANDLOCK_PATH_BENEATH_ATTR
+struct landlock_path_beneath_attr
+{
+	uint64_t allowed_access;
+	int32_t parent_fd;
+} __attribute__((packed));
+#endif
+
+#ifndef HAVE_ENUM_LANDLOCK_RULE_TYPE
+enum landlock_rule_type
+{
+	LANDLOCK_RULE_PATH_BENEATH = 1,
+	LANDLOCK_RULE_NET_PORT,
+};
+#endif
+
+#ifndef HAVE_STRUCT_LANDLOCK_NET_PORT_ATTR
+struct landlock_net_port_attr
+{
+	uint64_t allowed_access;
+	uint64_t port;
+};
+#endif
+
+#ifndef LANDLOCK_CREATE_RULESET_VERSION
+# define LANDLOCK_CREATE_RULESET_VERSION	(1U << 0)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_EXECUTE
+# define LANDLOCK_ACCESS_FS_EXECUTE			(1ULL << 0)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_WRITE_FILE
+# define LANDLOCK_ACCESS_FS_WRITE_FILE		(1ULL << 1)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_READ_FILE
+# define LANDLOCK_ACCESS_FS_READ_FILE		(1ULL << 2)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_READ_DIR
+# define LANDLOCK_ACCESS_FS_READ_DIR		(1ULL << 3)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_REMOVE_DIR
+# define LANDLOCK_ACCESS_FS_REMOVE_DIR		(1ULL << 4)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_REMOVE_FILE
+# define LANDLOCK_ACCESS_FS_REMOVE_FILE		(1ULL << 5)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_MAKE_CHAR
+# define LANDLOCK_ACCESS_FS_MAKE_CHAR		(1ULL << 6)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_MAKE_DIR
+# define LANDLOCK_ACCESS_FS_MAKE_DIR		(1ULL << 7)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_MAKE_REG
+# define LANDLOCK_ACCESS_FS_MAKE_REG		(1ULL << 8)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_MAKE_SOCK
+# define LANDLOCK_ACCESS_FS_MAKE_SOCK		(1ULL << 9)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_MAKE_FIFO
+# define LANDLOCK_ACCESS_FS_MAKE_FIFO		(1ULL << 10)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_MAKE_BLOCK
+# define LANDLOCK_ACCESS_FS_MAKE_BLOCK		(1ULL << 11)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_MAKE_SYM
+# define LANDLOCK_ACCESS_FS_MAKE_SYM		(1ULL << 12)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_REFER
+# define LANDLOCK_ACCESS_FS_REFER			(1ULL << 13)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_TRUNCATE
+# define LANDLOCK_ACCESS_FS_TRUNCATE		(1ULL << 14)
+#endif
+
+#ifndef LANDLOCK_ACCESS_FS_IOCTL_DEV
+# define LANDLOCK_ACCESS_FS_IOCTL_DEV		(1ULL << 15)
+#endif
+
+#ifndef LANDLOCK_ACCESS_NET_BIND_TCP
+# define LANDLOCK_ACCESS_NET_BIND_TCP		(1ULL << 0)
+#endif
+
+#ifndef LANDLOCK_ACCESS_NET_CONNECT_TCP
+# define LANDLOCK_ACCESS_NET_CONNECT_TCP	(1ULL << 1)
+#endif
+
+#endif

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 03/10] Add landlock SAFE_* macros

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Added three more SAFE_* macros for landlock sandbox:

- SAFE_LANDLOCK_CREATE_RULESET
- SAFE_LANDLOCK_ADD_RULE
- SAFE_LANDLOCK_RESTRICT_SELF

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 include/tst_safe_macros.h | 19 ++++++++++++++++++
 lib/tst_safe_macros.c     | 50 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)

diff --git a/include/tst_safe_macros.h b/include/tst_safe_macros.h
index 08b8e930a..7748bd34f 100644
--- a/include/tst_safe_macros.h
+++ b/include/tst_safe_macros.h
@@ -14,6 +14,7 @@
 #include <sys/stat.h>
 #include <sys/vfs.h>
 #include <sys/sysinfo.h>
+#include <linux/landlock.h>
 #include <fcntl.h>
 #include <libgen.h>
 #include <signal.h>
@@ -503,4 +504,22 @@ int safe_sscanf(const char *file, const int lineno, const char *restrict buffer,
 #define SAFE_SSCANF(buffer, format, ...) \
 	safe_sscanf(__FILE__, __LINE__, (buffer), (format),	##__VA_ARGS__)
 
+int safe_landlock_create_ruleset(const char *file, const int lineno,
+	const struct landlock_ruleset_attr *attr,
+	size_t size , uint32_t flags);
+#define SAFE_LANDLOCK_CREATE_RULESET(attr, size, flags) \
+	safe_landlock_create_ruleset(__FILE__, __LINE__, (attr), (size), (flags))
+
+int safe_landlock_add_rule(const char *file, const int lineno,
+	int ruleset_fd, enum landlock_rule_type rule_type,
+	const void *rule_attr, uint32_t flags);
+#define SAFE_LANDLOCK_ADD_RULE(ruleset_fd, rule_type, rule_attr, flags) \
+	safe_landlock_add_rule(__FILE__, __LINE__, \
+		(ruleset_fd), (rule_type), (rule_attr), (flags))
+
+int safe_landlock_restrict_self(const char *file, const int lineno,
+	int ruleset_fd, int flags);
+#define SAFE_LANDLOCK_RESTRICT_SELF(ruleset_fd, flags) \
+	safe_landlock_restrict_self(__FILE__, __LINE__, (ruleset_fd), (flags))
+
 #endif /* TST_SAFE_MACROS_H__ */
diff --git a/lib/tst_safe_macros.c b/lib/tst_safe_macros.c
index 4e48c427b..ba997eb7c 100644
--- a/lib/tst_safe_macros.c
+++ b/lib/tst_safe_macros.c
@@ -710,3 +710,53 @@ int safe_mprotect(const char *file, const int lineno,
 
 	return rval;
 }
+
+
+int safe_landlock_create_ruleset(const char *file, const int lineno,
+	const struct landlock_ruleset_attr *attr,
+	size_t size , uint32_t flags)
+{
+	int rval;
+
+	rval = tst_syscall(__NR_landlock_create_ruleset, attr, size, flags);
+	if (rval == -1) {
+		tst_brk_(file, lineno, TBROK | TERRNO,
+			"landlock_create_ruleset(%p, %lu, %u)",
+			attr, size, flags);
+	}
+
+	return rval;
+}
+
+int safe_landlock_add_rule(const char *file, const int lineno,
+	int ruleset_fd, enum landlock_rule_type rule_type,
+	const void *rule_attr, uint32_t flags)
+{
+	int rval;
+
+	rval = tst_syscall(__NR_landlock_add_rule,
+		ruleset_fd, rule_type, rule_attr, flags);
+
+	if (rval == -1) {
+		tst_brk_(file, lineno, TBROK | TERRNO,
+			"landlock_add_rule(%d, %d, %p, %u)",
+			ruleset_fd, rule_type, rule_attr, flags);
+	}
+
+	return rval;
+}
+
+int safe_landlock_restrict_self(const char *file, const int lineno,
+	int ruleset_fd, int flags)
+{
+	int rval;
+
+	rval = tst_syscall(__NR_landlock_restrict_self, ruleset_fd, flags);
+	if (rval == -1) {
+		tst_brk_(file, lineno, TBROK | TERRNO,
+			"landlock_restrict_self(%d, %u)",
+			ruleset_fd, flags);
+	}
+
+	return rval;
+}

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 04/10] Add SAFE_PRCTL macro

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 include/tst_safe_macros.h |  6 ++++++
 lib/tst_safe_macros.c     | 16 ++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/include/tst_safe_macros.h b/include/tst_safe_macros.h
index 7748bd34f..733a2506e 100644
--- a/include/tst_safe_macros.h
+++ b/include/tst_safe_macros.h
@@ -504,6 +504,12 @@ int safe_sscanf(const char *file, const int lineno, const char *restrict buffer,
 #define SAFE_SSCANF(buffer, format, ...) \
 	safe_sscanf(__FILE__, __LINE__, (buffer), (format),	##__VA_ARGS__)
 
+int safe_prctl(const char *file, const int lineno,
+	int option, unsigned long arg2, unsigned long arg3,
+	unsigned long arg4, unsigned long arg5);
+#define SAFE_PRCTL(option, arg2, arg3, arg4, arg5) \
+	safe_prctl(__FILE__, __LINE__, (option), (arg2), (arg3), (arg4), (arg5))
+
 int safe_landlock_create_ruleset(const char *file, const int lineno,
 	const struct landlock_ruleset_attr *attr,
 	size_t size , uint32_t flags);
diff --git a/lib/tst_safe_macros.c b/lib/tst_safe_macros.c
index ba997eb7c..a81037161 100644
--- a/lib/tst_safe_macros.c
+++ b/lib/tst_safe_macros.c
@@ -10,6 +10,7 @@
 #include <errno.h>
 #include <sched.h>
 #include <sys/ptrace.h>
+#include <sys/prctl.h>
 #include "config.h"
 #ifdef HAVE_SYS_FANOTIFY_H
 # include <sys/fanotify.h>
@@ -711,6 +712,21 @@ int safe_mprotect(const char *file, const int lineno,
 	return rval;
 }
 
+int safe_prctl(const char *file, const int lineno,
+	int option, unsigned long arg2, unsigned long arg3,
+	unsigned long arg4, unsigned long arg5)
+{
+	int rval;
+
+	rval = prctl(option, arg2, arg3, arg4, arg5);
+	if (rval == -1) {
+		tst_brk_(file, lineno, TBROK | TERRNO,
+			"prctl(%d, %lu, %lu, %lu, %lu)",
+			option, arg2, arg3, arg4, arg5);
+	}
+
+	return rval;
+}
 
 int safe_landlock_create_ruleset(const char *file, const int lineno,
 	const struct landlock_ruleset_attr *attr,

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 05/10] Add landlock01 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

This test verifies that landlock_create_ruleset syscall fails with the
right error codes:

- EINVAL Unknown flags, or unknown access, or too small size
- E2BIG size is too big
- EFAULT attr was not a valid address
- ENOMSG Empty accesses (i.e., attr->handled_access_fs is 0)

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |  2 +
 testcases/kernel/syscalls/landlock/.gitignore      |  1 +
 testcases/kernel/syscalls/landlock/Makefile        | 10 +++
 testcases/kernel/syscalls/landlock/landlock01.c    | 87 ++++++++++++++++++++++
 .../kernel/syscalls/landlock/landlock_common.h     | 74 ++++++++++++++++++
 5 files changed, 174 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index 44a577db3..4c566d95f 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -684,6 +684,8 @@ kill11 kill11
 kill12 kill12
 kill13 kill13
 
+landlock01 landlock01
+
 lchown01 lchown01
 lchown01_16 lchown01_16
 lchown02  lchown02
diff --git a/testcases/kernel/syscalls/landlock/.gitignore b/testcases/kernel/syscalls/landlock/.gitignore
new file mode 100644
index 000000000..b69f9b94a
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/.gitignore
@@ -0,0 +1 @@
+landlock01
diff --git a/testcases/kernel/syscalls/landlock/Makefile b/testcases/kernel/syscalls/landlock/Makefile
new file mode 100644
index 000000000..4b3e3fd8f
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/Makefile
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+# Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+
+top_srcdir		?= ../../../..
+
+include $(top_srcdir)/include/mk/testcases.mk
+
+LDLIBS	+= -lc
+
+include $(top_srcdir)/include/mk/generic_leaf_target.mk
diff --git a/testcases/kernel/syscalls/landlock/landlock01.c b/testcases/kernel/syscalls/landlock/landlock01.c
new file mode 100644
index 000000000..9f8c6489c
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/landlock01.c
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * This test verifies that landlock_create_ruleset syscall fails with the right
+ * error codes:
+ *
+ * - EINVAL Unknown flags, or unknown access, or too small size
+ * - E2BIG size is too big
+ * - EFAULT attr was not a valid address
+ * - ENOMSG Empty accesses (i.e., attr->handled_access_fs is 0)
+ */
+
+#include "landlock_common.h"
+
+static struct landlock_ruleset_attr *ruleset_attr;
+static struct landlock_ruleset_attr *null_attr;
+static size_t rule_size;
+static size_t rule_small_size;
+static size_t rule_big_size;
+
+static struct tcase {
+	struct landlock_ruleset_attr **attr;
+	uint64_t access_fs;
+	size_t *size;
+	uint32_t flags;
+	int exp_errno;
+	char *msg;
+} tcases[] = {
+	{&ruleset_attr, -1, &rule_size, 0, EINVAL, "Unknown access"},
+	{&ruleset_attr, 0, &rule_small_size, 0, EINVAL, "Size is too small"},
+	{&ruleset_attr, 0, &rule_size, -1, EINVAL, "Unknown flags"},
+	{&ruleset_attr, 0, &rule_big_size, 0, E2BIG, "Size is too big"},
+	{&null_attr,    0, &rule_size, 0, EFAULT, "Invalid attr address"},
+	{&ruleset_attr, 0, &rule_size, 0, ENOMSG, "Empty accesses"},
+};
+
+static void run(unsigned int n)
+{
+	struct tcase *tc = &tcases[n];
+
+	if (*tc->attr)
+		(*tc->attr)->handled_access_fs = tc->access_fs;
+
+	TST_EXP_FAIL(tst_syscall(__NR_landlock_create_ruleset,
+			*tc->attr, *tc->size, tc->flags),
+		tc->exp_errno,
+		"%s",
+		tc->msg);
+
+	if (TST_RET >= 0)
+		SAFE_CLOSE(TST_RET);
+}
+
+static void setup(void)
+{
+	verify_landlock_is_enabled();
+
+	rule_size = sizeof(struct landlock_ruleset_attr);
+
+	rule_small_size = rule_size - 1;
+	rule_big_size = SAFE_SYSCONF(_SC_PAGESIZE) + 1;
+}
+
+static struct tst_test test = {
+	.test = run,
+	.tcnt = ARRAY_SIZE(tcases),
+	.setup = setup,
+	.min_kver = "5.13",
+	.needs_root = 1,
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_SECURITY_LANDLOCK=y",
+		NULL
+	},
+	.bufs = (struct tst_buffers []) {
+		{&ruleset_attr, .size = sizeof(struct landlock_ruleset_attr)},
+		{},
+	},
+	.caps = (struct tst_cap []) {
+		TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
+		{}
+	},
+};
diff --git a/testcases/kernel/syscalls/landlock/landlock_common.h b/testcases/kernel/syscalls/landlock/landlock_common.h
new file mode 100644
index 000000000..66f8fd19a
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/landlock_common.h
@@ -0,0 +1,74 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+#ifndef LANDLOCK_COMMON_H
+
+#include "tst_test.h"
+#include "lapi/prctl.h"
+#include "lapi/fcntl.h"
+#include "lapi/landlock.h"
+
+static inline void verify_landlock_is_enabled(void)
+{
+	int abi;
+
+	abi = tst_syscall(__NR_landlock_create_ruleset,
+		NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
+
+	if (abi < 0) {
+		if (errno == EOPNOTSUPP) {
+			tst_brk(TCONF, "Landlock is currently disabled. "
+				"Please enable it either via CONFIG_LSM or "
+				"'lsm' kernel parameter.");
+		}
+
+		tst_brk(TBROK | TERRNO, "landlock_create_ruleset error");
+	}
+
+	tst_res(TINFO, "Landlock ABI v%d", abi);
+}
+
+static inline void apply_landlock_rule(
+	struct landlock_path_beneath_attr *path_beneath_attr,
+	const int ruleset_fd,
+	const int access,
+	const char *path)
+{
+	path_beneath_attr->allowed_access = access;
+	path_beneath_attr->parent_fd = SAFE_OPEN(path, O_PATH | O_CLOEXEC);
+
+	SAFE_LANDLOCK_ADD_RULE(
+		ruleset_fd,
+		LANDLOCK_RULE_PATH_BENEATH,
+		path_beneath_attr,
+		0);
+
+	SAFE_CLOSE(path_beneath_attr->parent_fd);
+}
+
+static inline void enforce_ruleset(const int ruleset_fd)
+{
+	SAFE_PRCTL(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
+	SAFE_LANDLOCK_RESTRICT_SELF(ruleset_fd, 0);
+}
+
+static inline void apply_landlock_layer(
+	struct landlock_ruleset_attr *ruleset_attr,
+	struct landlock_path_beneath_attr *path_beneath_attr,
+	const char *path,
+	const int access)
+{
+	int ruleset_fd;
+
+	ruleset_fd = SAFE_LANDLOCK_CREATE_RULESET(
+		ruleset_attr, sizeof(struct landlock_ruleset_attr), 0);
+
+	apply_landlock_rule(path_beneath_attr, ruleset_fd, access, path);
+	enforce_ruleset(ruleset_fd);
+
+	SAFE_CLOSE(ruleset_fd);
+}
+
+#endif

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 06/10] Add landlock02 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

This test verifies that landlock_add_rule syscall fails with the
right error codes:

- EINVAL flags is not 0, or the rule accesses are inconsistent
- ENOMSG Empty accesses (i.e., rule_attr->allowed_access is 0)
- EBADF ruleset_fd  is  not  a  file  descriptor  for  the  current
  thread, or a member of rule_attr is not a file descriptor as
  expected
- EBADFD ruleset_fd is not a ruleset file descriptor, or a member of
  rule_attr is not the expected file descriptor type
- EFAULT rule_attr was not a valid address

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                |   1 +
 testcases/kernel/syscalls/landlock/.gitignore   |   1 +
 testcases/kernel/syscalls/landlock/landlock02.c | 153 ++++++++++++++++++++++++
 3 files changed, 155 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index 4c566d95f..7f9c83292 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -685,6 +685,7 @@ kill12 kill12
 kill13 kill13
 
 landlock01 landlock01
+landlock02 landlock02
 
 lchown01 lchown01
 lchown01_16 lchown01_16
diff --git a/testcases/kernel/syscalls/landlock/.gitignore b/testcases/kernel/syscalls/landlock/.gitignore
index b69f9b94a..ffed4abd2 100644
--- a/testcases/kernel/syscalls/landlock/.gitignore
+++ b/testcases/kernel/syscalls/landlock/.gitignore
@@ -1 +1,2 @@
 landlock01
+landlock02
diff --git a/testcases/kernel/syscalls/landlock/landlock02.c b/testcases/kernel/syscalls/landlock/landlock02.c
new file mode 100644
index 000000000..0e2da7ef5
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/landlock02.c
@@ -0,0 +1,153 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * This test verifies that landlock_add_rule syscall fails with the right
+ * error codes:
+ *
+ * - EINVAL flags is not 0, or the rule accesses are inconsistent
+ * - ENOMSG Empty accesses (i.e., rule_attr->allowed_access is 0)
+ * - EBADF ruleset_fd  is  not  a  file  descriptor  for  the  current  thread,
+ *   or a member of rule_attr is not a file descriptor as expected
+ * - EBADFD ruleset_fd is not a ruleset file descriptor, or a member of
+ *   rule_attr is not the expected file descriptor type
+ * - EFAULT rule_attr was not a valid address
+ */
+
+#include "landlock_common.h"
+
+static struct landlock_ruleset_attr *ruleset_attr;
+static struct landlock_path_beneath_attr *path_beneath_attr;
+static struct landlock_path_beneath_attr *rule_null;
+static int ruleset_fd;
+static int invalid_fd = -1;
+
+static struct tcase {
+	int *fd;
+	enum landlock_rule_type rule_type;
+	struct landlock_path_beneath_attr **attr;
+	int access;
+	int parent_fd;
+	uint32_t flags;
+	int exp_errno;
+	char *msg;
+} tcases[] = {
+	{
+		&ruleset_fd,
+		0,
+		&path_beneath_attr,
+		LANDLOCK_ACCESS_FS_EXECUTE,
+		0,
+		1,
+		EINVAL,
+		"Invalid flags"
+	},
+	{
+		&ruleset_fd,
+		0,
+		&path_beneath_attr,
+		LANDLOCK_ACCESS_FS_EXECUTE,
+		0,
+		0,
+		EINVAL,
+		"Invalid rule type"
+	},
+	{
+		&ruleset_fd,
+		LANDLOCK_RULE_PATH_BENEATH,
+		&path_beneath_attr,
+		0,
+		0,
+		0,
+		ENOMSG,
+		"Empty accesses"
+	},
+	{
+		&invalid_fd,
+		0,
+		&path_beneath_attr,
+		LANDLOCK_ACCESS_FS_EXECUTE,
+		0,
+		0,
+		EBADF,
+		"Invalid file descriptor"
+	},
+	{
+		&ruleset_fd,
+		LANDLOCK_RULE_PATH_BENEATH,
+		&path_beneath_attr,
+		LANDLOCK_ACCESS_FS_EXECUTE,
+		-1,
+		0,
+		EBADF,
+		"Invalid parent fd"
+	},
+	{
+		&ruleset_fd,
+		LANDLOCK_RULE_PATH_BENEATH,
+		&rule_null,
+		0,
+		0,
+		0,
+		EFAULT,
+		"Invalid rule attr"
+	},
+};
+
+static void run(unsigned int n)
+{
+	struct tcase *tc = &tcases[n];
+
+	if (*tc->attr) {
+		(*tc->attr)->allowed_access = tc->access;
+		(*tc->attr)->parent_fd = tc->parent_fd;
+	}
+
+	TST_EXP_FAIL(tst_syscall(__NR_landlock_add_rule,
+			*tc->fd, tc->rule_type, *tc->attr, tc->flags),
+		tc->exp_errno,
+		"%s",
+		tc->msg);
+}
+
+static void setup(void)
+{
+	verify_landlock_is_enabled();
+
+	ruleset_attr->handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE;
+
+	ruleset_fd = TST_EXP_FD_SILENT(tst_syscall(__NR_landlock_create_ruleset,
+		ruleset_attr, sizeof(struct landlock_ruleset_attr), 0));
+}
+
+static void cleanup(void)
+{
+	if (ruleset_fd != -1)
+		SAFE_CLOSE(ruleset_fd);
+}
+
+static struct tst_test test = {
+	.test = run,
+	.tcnt = ARRAY_SIZE(tcases),
+	.setup = setup,
+	.cleanup = cleanup,
+	.min_kver = "5.13",
+	.needs_root = 1,
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_SECURITY_LANDLOCK=y",
+		NULL
+	},
+	.bufs = (struct tst_buffers []) {
+		{&ruleset_attr, .size = sizeof(struct landlock_ruleset_attr)},
+		{&path_beneath_attr, .size = sizeof(struct landlock_path_beneath_attr)},
+		{},
+	},
+	.caps = (struct tst_cap []) {
+		TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
+		{}
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 07/10] Add landlock03 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

This test verifies that landlock_restrict_self syscall fails with the
right error codes:

- EINVAL flags is not 0
- EBADF ruleset_fd is not a file descriptor for the current thread
- EBADFD ruleset_fd is not a ruleset file descriptor
- EPERM ruleset doesn't have CAP_SYS_ADMIN in its namespace
- E2BIG The maximum number of stacked rulesets is reached for the
  current thread

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                |   1 +
 testcases/kernel/syscalls/landlock/.gitignore   |   1 +
 testcases/kernel/syscalls/landlock/landlock03.c | 119 ++++++++++++++++++++++++
 3 files changed, 121 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index 7f9c83292..1e2d682e3 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -686,6 +686,7 @@ kill13 kill13
 
 landlock01 landlock01
 landlock02 landlock02
+landlock03 landlock03
 
 lchown01 lchown01
 lchown01_16 lchown01_16
diff --git a/testcases/kernel/syscalls/landlock/.gitignore b/testcases/kernel/syscalls/landlock/.gitignore
index ffed4abd2..f79cd090b 100644
--- a/testcases/kernel/syscalls/landlock/.gitignore
+++ b/testcases/kernel/syscalls/landlock/.gitignore
@@ -1,2 +1,3 @@
 landlock01
 landlock02
+landlock03
diff --git a/testcases/kernel/syscalls/landlock/landlock03.c b/testcases/kernel/syscalls/landlock/landlock03.c
new file mode 100644
index 000000000..6511e24a7
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/landlock03.c
@@ -0,0 +1,119 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * This test verifies that landlock_restrict_self syscall fails with the right
+ * error codes:
+ *
+ * - EINVAL flags is not 0
+ * - EBADF ruleset_fd is not a file descriptor for the current thread
+ * - EBADFD ruleset_fd is not a ruleset file descriptor
+ * - EPERM ruleset doesn't have CAP_SYS_ADMIN in its namespace
+ * - E2BIG The maximum number of stacked rulesets is reached for the current
+ *   thread
+ */
+
+#include "landlock_common.h"
+
+#define MAX_STACKED_RULESETS 16
+
+static struct landlock_ruleset_attr *ruleset_attr;
+static int ruleset_fd = -1;
+static int ruleset_invalid = -1;
+static int file_fd = -1;
+
+static struct tst_cap dropadmin = {
+	.action = TST_CAP_DROP,
+	.id = CAP_SYS_ADMIN,
+	.name = "CAP_SYS_ADMIN",
+};
+
+static struct tst_cap needadmin = {
+	.action = TST_CAP_REQ,
+	.id = CAP_SYS_ADMIN,
+	.name = "CAP_SYS_ADMIN",
+};
+
+static struct tcase {
+	int *fd;
+	uint32_t flags;
+	int exp_errno;
+	char *msg;
+} tcases[] = {
+	{&ruleset_fd, -1, EINVAL, "Invalid flags"},
+	{&ruleset_invalid, 0, EBADF, "Invalid file descriptor"},
+	{&file_fd, 0, EBADFD, "Not a ruleset file descriptor"},
+	{&ruleset_fd, 0, EPERM, "File descriptor doesn't have CAP_SYS_ADMIN"},
+	{&ruleset_fd, 0, E2BIG, "Maximum number of stacked rulesets is reached"},
+};
+
+static void run(unsigned int n)
+{
+	struct tcase *tc = &tcases[n];
+
+	if (tc->exp_errno == EPERM)
+		tst_cap_action(&dropadmin);
+
+	if (tc->exp_errno == E2BIG) {
+		for (int i = 0; i < MAX_STACKED_RULESETS; i++) {
+			TST_EXP_PASS_SILENT(tst_syscall(__NR_landlock_restrict_self,
+				*tc->fd, tc->flags));
+			if (TST_RET == -1)
+				return;
+		}
+	}
+
+	TST_EXP_FAIL(tst_syscall(__NR_landlock_restrict_self, *tc->fd, tc->flags),
+		tc->exp_errno,
+		"%s", tc->msg);
+
+	if (tc->exp_errno == EPERM)
+		tst_cap_action(&needadmin);
+}
+
+static void setup(void)
+{
+	verify_landlock_is_enabled();
+
+	ruleset_attr->handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE;
+
+	ruleset_fd = TST_EXP_FD_SILENT(tst_syscall(__NR_landlock_create_ruleset,
+		ruleset_attr, sizeof(struct landlock_ruleset_attr), 0));
+
+	file_fd = SAFE_OPEN("junk.bin", O_CREAT, 0777);
+}
+
+static void cleanup(void)
+{
+	if (ruleset_fd != -1)
+		SAFE_CLOSE(ruleset_fd);
+
+	if (file_fd != -1)
+		SAFE_CLOSE(file_fd);
+}
+
+static struct tst_test test = {
+	.test = run,
+	.tcnt = ARRAY_SIZE(tcases),
+	.setup = setup,
+	.cleanup = cleanup,
+	.min_kver = "5.13",
+	.needs_tmpdir = 1,
+	.needs_root = 1,
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_SECURITY_LANDLOCK=y",
+		NULL
+	},
+	.bufs = (struct tst_buffers []) {
+		{&ruleset_attr, .size = sizeof(struct landlock_ruleset_attr)},
+		{},
+	},
+	.caps = (struct tst_cap []) {
+		TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
+		{}
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 08/10] Add landlock04 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

This test verifies that all landlock rules are working properly.
The way we do it is to verify that all disabled syscalls are not
working but the one we enabled via specifc landlock rules.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                   |   1 +
 testcases/kernel/syscalls/landlock/.gitignore      |   2 +
 testcases/kernel/syscalls/landlock/Makefile        |   5 +
 testcases/kernel/syscalls/landlock/landlock04.c    | 143 +++++++++
 testcases/kernel/syscalls/landlock/landlock_exec.c |   9 +
 .../kernel/syscalls/landlock/landlock_tester.h     | 350 +++++++++++++++++++++
 6 files changed, 510 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index 1e2d682e3..9acdaf760 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -687,6 +687,7 @@ kill13 kill13
 landlock01 landlock01
 landlock02 landlock02
 landlock03 landlock03
+landlock04 landlock04
 
 lchown01 lchown01
 lchown01_16 lchown01_16
diff --git a/testcases/kernel/syscalls/landlock/.gitignore b/testcases/kernel/syscalls/landlock/.gitignore
index f79cd090b..4fe8d7cba 100644
--- a/testcases/kernel/syscalls/landlock/.gitignore
+++ b/testcases/kernel/syscalls/landlock/.gitignore
@@ -1,3 +1,5 @@
+landlock_exec
 landlock01
 landlock02
 landlock03
+landlock04
diff --git a/testcases/kernel/syscalls/landlock/Makefile b/testcases/kernel/syscalls/landlock/Makefile
index 4b3e3fd8f..bdc6bd2d4 100644
--- a/testcases/kernel/syscalls/landlock/Makefile
+++ b/testcases/kernel/syscalls/landlock/Makefile
@@ -8,3 +8,8 @@ include $(top_srcdir)/include/mk/testcases.mk
 LDLIBS	+= -lc
 
 include $(top_srcdir)/include/mk/generic_leaf_target.mk
+
+# the reason why landlock_exec test binary is statically linked, is that
+# we can't read libc out of the sandboxed folder once LANDLOCK_ACCESS_FS_EXECUTE
+# has been activated
+landlock_exec: LDLIBS += -static -fPIC
diff --git a/testcases/kernel/syscalls/landlock/landlock04.c b/testcases/kernel/syscalls/landlock/landlock04.c
new file mode 100644
index 000000000..1e7c6f3d1
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/landlock04.c
@@ -0,0 +1,143 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * This test verifies that all landlock rules are working properly. The way we
+ * do it is to verify that all disabled syscalls are not working but the one we
+ * enabled via specifc landlock rules.
+ */
+
+#include "landlock_common.h"
+#include "landlock_tester.h"
+
+#define ACCESS_NAME(x) #x
+
+static struct landlock_ruleset_attr *ruleset_attr;
+static struct landlock_path_beneath_attr *path_beneath_attr;
+
+static struct tvariant {
+	int access;
+	char *desc;
+} tvariants[] = {
+	{
+		LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_EXECUTE,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_EXECUTE)
+	},
+	{
+		LANDLOCK_ACCESS_FS_WRITE_FILE,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_WRITE_FILE)
+	},
+	{
+		LANDLOCK_ACCESS_FS_READ_FILE,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_READ_FILE)
+	},
+	{
+		LANDLOCK_ACCESS_FS_READ_DIR,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_READ_DIR)
+	},
+	{
+		LANDLOCK_ACCESS_FS_REMOVE_DIR,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_REMOVE_DIR)
+	},
+	{
+		LANDLOCK_ACCESS_FS_REMOVE_FILE,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_REMOVE_FILE)
+	},
+	{
+		LANDLOCK_ACCESS_FS_MAKE_CHAR,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_CHAR)
+	},
+	{
+		LANDLOCK_ACCESS_FS_MAKE_BLOCK,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_BLOCK)
+	},
+	{
+		LANDLOCK_ACCESS_FS_MAKE_REG,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_REG)
+	},
+	{
+		LANDLOCK_ACCESS_FS_MAKE_SOCK,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_SOCK)
+	},
+	{
+		LANDLOCK_ACCESS_FS_MAKE_FIFO,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_FIFO)
+	},
+	{
+		LANDLOCK_ACCESS_FS_MAKE_SYM,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_SYM)
+	},
+	{
+		LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_TRUNCATE,
+		ACCESS_NAME(LANDLOCK_ACCESS_FS_TRUNCATE)
+	},
+};
+
+static void run(void)
+{
+	if (!SAFE_FORK()) {
+		struct tvariant  variant = tvariants[tst_variant];
+
+		tester_run_all_rules(variant.access);
+		_exit(0);
+	}
+}
+
+static void setup(void)
+{
+	struct tvariant variant = tvariants[tst_variant];
+
+	verify_landlock_is_enabled();
+	tester_create_tree();
+
+	tst_res(TINFO, "Testing %s", variant.desc);
+
+	ruleset_attr->handled_access_fs = tester_get_all_rules();
+
+	apply_landlock_layer(
+		ruleset_attr,
+		path_beneath_attr,
+		SANDBOX_FOLDER,
+		variant.access);
+}
+
+static struct tst_test test = {
+	.test_all = run,
+	.setup = setup,
+	.min_kver = "5.13",
+	.forks_child = 1,
+	.needs_tmpdir = 1,
+	.needs_root = 1,
+	.test_variants = ARRAY_SIZE(tvariants),
+	.resource_files = (const char *[]) {
+		TESTAPP,
+		NULL,
+	},
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_SECURITY_LANDLOCK=y",
+		NULL
+	},
+	.bufs = (struct tst_buffers []) {
+		{&ruleset_attr, .size = sizeof(struct landlock_ruleset_attr)},
+		{&path_beneath_attr, .size = sizeof(struct landlock_path_beneath_attr)},
+		{},
+	},
+	.caps = (struct tst_cap []) {
+		TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
+		TST_CAP(TST_CAP_REQ, CAP_MKNOD),
+		{}
+	},
+	.format_device = 1,
+	.mount_device = 1,
+	.mntpoint = SANDBOX_FOLDER,
+	.all_filesystems = 1,
+	.skip_filesystems = (const char *[]) {
+		"vfat",
+		NULL
+	},
+	.max_runtime = 3600,
+};
diff --git a/testcases/kernel/syscalls/landlock/landlock_exec.c b/testcases/kernel/syscalls/landlock/landlock_exec.c
new file mode 100644
index 000000000..aae5c76b2
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/landlock_exec.c
@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+int main(void)
+{
+	return 0;
+}
diff --git a/testcases/kernel/syscalls/landlock/landlock_tester.h b/testcases/kernel/syscalls/landlock/landlock_tester.h
new file mode 100644
index 000000000..89ca085d7
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/landlock_tester.h
@@ -0,0 +1,350 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+#ifndef LANDLOCK_TESTER_H
+
+#include "tst_test.h"
+#include "lapi/landlock.h"
+#include <sys/sysmacros.h>
+
+#define PERM_MODE 0700
+
+#define SANDBOX_FOLDER	"sandbox"
+#define TESTAPP			"landlock_exec"
+
+#define FILE_EXEC		SANDBOX_FOLDER"/"TESTAPP
+#define FILE_READ		SANDBOX_FOLDER"/file_read"
+#define FILE_WRITE		SANDBOX_FOLDER"/file_write"
+#define FILE_REMOVE		SANDBOX_FOLDER"/file_remove"
+#define FILE_UNLINK		SANDBOX_FOLDER"/file_unlink"
+#define FILE_UNLINKAT	SANDBOX_FOLDER"/file_unlinkat"
+#define FILE_TRUNCATE	SANDBOX_FOLDER"/file_truncate"
+#define FILE_REGULAR	SANDBOX_FOLDER"/regular0"
+#define FILE_SOCKET		SANDBOX_FOLDER"/socket0"
+#define FILE_FIFO		SANDBOX_FOLDER"/fifo0"
+#define FILE_SYM0		SANDBOX_FOLDER"/symbolic0"
+#define FILE_SYM1		SANDBOX_FOLDER"/symbolic1"
+#define DIR_READDIR		SANDBOX_FOLDER"/dir_readdir"
+#define DIR_RMDIR		SANDBOX_FOLDER"/dir_rmdir"
+#define DEV_CHAR0		SANDBOX_FOLDER"/chardev0"
+#define DEV_BLK0		SANDBOX_FOLDER"/blkdev0"
+
+#define ALL_RULES (\
+	LANDLOCK_ACCESS_FS_EXECUTE | \
+	LANDLOCK_ACCESS_FS_WRITE_FILE | \
+	LANDLOCK_ACCESS_FS_READ_FILE | \
+	LANDLOCK_ACCESS_FS_READ_DIR | \
+	LANDLOCK_ACCESS_FS_REMOVE_DIR | \
+	LANDLOCK_ACCESS_FS_REMOVE_FILE | \
+	LANDLOCK_ACCESS_FS_MAKE_CHAR | \
+	LANDLOCK_ACCESS_FS_MAKE_DIR | \
+	LANDLOCK_ACCESS_FS_MAKE_REG | \
+	LANDLOCK_ACCESS_FS_MAKE_SOCK | \
+	LANDLOCK_ACCESS_FS_MAKE_FIFO | \
+	LANDLOCK_ACCESS_FS_MAKE_BLOCK | \
+	LANDLOCK_ACCESS_FS_MAKE_SYM | \
+	LANDLOCK_ACCESS_FS_REFER | \
+	LANDLOCK_ACCESS_FS_TRUNCATE | \
+	LANDLOCK_ACCESS_NET_BIND_TCP | \
+	LANDLOCK_ACCESS_NET_CONNECT_TCP | \
+	LANDLOCK_ACCESS_FS_IOCTL_DEV)
+
+static char *readdir_files[] = {
+	DIR_READDIR"/file0",
+	DIR_READDIR"/file1",
+	DIR_READDIR"/file2",
+};
+
+static int dev_chr;
+static int dev_blk;
+
+static int tester_get_all_rules(void)
+{
+	int abi;
+	int all_rules = ALL_RULES;
+
+	abi = SAFE_LANDLOCK_CREATE_RULESET(
+		NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
+
+	if (abi < 2)
+		all_rules &= ~LANDLOCK_ACCESS_FS_REFER;
+
+	if (abi < 3)
+		all_rules &= ~LANDLOCK_ACCESS_FS_TRUNCATE;
+
+	if (abi < 4) {
+		all_rules &= ~(LANDLOCK_ACCESS_NET_BIND_TCP |
+			LANDLOCK_ACCESS_NET_CONNECT_TCP);
+	}
+
+	if (abi < 5)
+		all_rules &= ~LANDLOCK_ACCESS_FS_IOCTL_DEV;
+
+	return all_rules;
+}
+
+static void tester_create_tree(void)
+{
+	if (access(SANDBOX_FOLDER, F_OK) == -1)
+		SAFE_MKDIR(SANDBOX_FOLDER, PERM_MODE);
+
+	/* folders */
+	SAFE_MKDIR(DIR_RMDIR, PERM_MODE);
+	SAFE_MKDIR(DIR_READDIR, PERM_MODE);
+	for (size_t i = 0; i < ARRAY_SIZE(readdir_files); i++)
+		SAFE_TOUCH(readdir_files[i], PERM_MODE, NULL);
+
+	/* files */
+	tst_fill_file(FILE_READ, 'a', getpagesize(), 1);
+	SAFE_TOUCH(FILE_WRITE, PERM_MODE, NULL);
+	SAFE_TOUCH(FILE_REMOVE, PERM_MODE, NULL);
+	SAFE_TOUCH(FILE_UNLINK, PERM_MODE, NULL);
+	SAFE_TOUCH(FILE_UNLINKAT, PERM_MODE, NULL);
+	SAFE_TOUCH(FILE_TRUNCATE, PERM_MODE, NULL);
+	SAFE_TOUCH(FILE_SYM0, PERM_MODE, NULL);
+	SAFE_CP(TESTAPP, FILE_EXEC);
+
+	/* devices */
+	dev_chr = makedev(1, 3);
+	dev_blk = makedev(7, 0);
+}
+
+static void _test_exec(const int result)
+{
+	int status;
+	pid_t pid;
+	char *const args[] = {(char *)FILE_EXEC, NULL};
+
+	tst_res(TINFO, "Test binary execution");
+
+	pid = SAFE_FORK();
+	if (!pid) {
+		int rval;
+
+		if (result == TPASS) {
+			rval = execve(FILE_EXEC, args, NULL);
+			if (rval == -1)
+				tst_res(TFAIL | TERRNO, "Failed to execute test binary");
+		} else {
+			TST_EXP_FAIL(execve(FILE_EXEC, args, NULL), EACCES);
+		}
+
+		_exit(1);
+	}
+
+	SAFE_WAITPID(pid, &status, 0);
+	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
+		return;
+
+	tst_res(result, "Test binary has been executed");
+}
+
+static void _test_write(const int result)
+{
+	tst_res(TINFO, "Test writing file");
+
+	if (result == TPASS)
+		TST_EXP_FD(open(FILE_WRITE, O_WRONLY, PERM_MODE));
+	else
+		TST_EXP_FAIL(open(FILE_WRITE, O_WRONLY, PERM_MODE), EACCES);
+
+	if (TST_RET != -1)
+		SAFE_CLOSE(TST_RET);
+}
+
+static void _test_read(const int result)
+{
+	tst_res(TINFO, "Test reading file");
+
+	if (result == TPASS)
+		TST_EXP_FD(open(FILE_READ, O_RDONLY, PERM_MODE));
+	else
+		TST_EXP_FAIL(open(FILE_READ, O_RDONLY, PERM_MODE), EACCES);
+
+	if (TST_RET != -1)
+		SAFE_CLOSE(TST_RET);
+}
+
+static void _test_readdir(const int result)
+{
+	tst_res(TINFO, "Test reading directory");
+
+	DIR *dir;
+	struct dirent *de;
+	int files_counted = 0;
+
+	dir = opendir(DIR_READDIR);
+	if (!dir) {
+		tst_res(result == TPASS ? TFAIL : TPASS,
+			"Can't read '%s' directory", DIR_READDIR);
+
+		return;
+	}
+
+	tst_res(result, "Can read '%s' directory", DIR_READDIR);
+	if (result == TFAIL)
+		return;
+
+	while ((de = readdir(dir)) != NULL) {
+		if (de->d_type != DT_REG)
+			continue;
+
+		for (size_t i = 0; i < ARRAY_SIZE(readdir_files); i++) {
+			if (readdir_files[i] == NULL)
+				continue;
+
+			if (strstr(readdir_files[i], de->d_name) != NULL)
+				files_counted++;
+		}
+	}
+
+	SAFE_CLOSEDIR(dir);
+
+	TST_EXP_EQ_LI(files_counted, ARRAY_SIZE(readdir_files));
+}
+
+static void _test_rmdir(const int result)
+{
+	tst_res(TINFO, "Test removing directory");
+
+	if (result == TPASS)
+		TST_EXP_PASS(rmdir(DIR_RMDIR));
+	else
+		TST_EXP_FAIL(rmdir(DIR_RMDIR), EACCES);
+}
+
+static void _test_rmfile(const int result)
+{
+	tst_res(TINFO, "Test removing file");
+
+	if (result == TPASS) {
+		TST_EXP_PASS(unlink(FILE_UNLINK));
+		TST_EXP_PASS(remove(FILE_REMOVE));
+	} else {
+		TST_EXP_FAIL(unlink(FILE_UNLINK), EACCES);
+		TST_EXP_FAIL(remove(FILE_REMOVE), EACCES);
+	}
+}
+
+static void _test_make(
+	const char *path,
+	const int type,
+	const int dev,
+	const int result)
+{
+	tst_res(TINFO, "Test normal or special files creation");
+
+	if (result == TPASS)
+		TST_EXP_PASS(mknod(path, type | 0400, dev));
+	else
+		TST_EXP_FAIL(mknod(path, type | 0400, dev), EACCES);
+}
+
+static void _test_symbolic(const int result)
+{
+	tst_res(TINFO, "Test symbolic links");
+
+	if (result == TPASS)
+		TST_EXP_PASS(symlink(FILE_SYM0, FILE_SYM1));
+	else
+		TST_EXP_FAIL(symlink(FILE_SYM0, FILE_SYM1), EACCES);
+}
+
+static void _test_truncate(const int result)
+{
+	int fd;
+
+	tst_res(TINFO, "Test truncating file");
+
+	if (result == TPASS) {
+		TST_EXP_PASS(truncate(FILE_TRUNCATE, 10));
+
+		fd = TST_EXP_FD(open(FILE_TRUNCATE, O_WRONLY, PERM_MODE));
+		if (fd != -1) {
+			TST_EXP_PASS(ftruncate(fd, 10));
+			SAFE_CLOSE(fd);
+		}
+
+		fd = TST_EXP_FD(open(FILE_TRUNCATE, O_WRONLY | O_TRUNC, PERM_MODE));
+		if (fd != -1)
+			SAFE_CLOSE(fd);
+	} else {
+		TST_EXP_FAIL(truncate(FILE_TRUNCATE, 10), EACCES);
+
+		fd = open(FILE_TRUNCATE, O_WRONLY, PERM_MODE);
+		if (fd != -1) {
+			TST_EXP_FAIL(ftruncate(fd, 10), EACCES);
+			SAFE_CLOSE(fd);
+		}
+
+		TST_EXP_FAIL(open(FILE_TRUNCATE, O_WRONLY | O_TRUNC, PERM_MODE),
+			EACCES);
+
+		if (TST_RET != -1)
+			SAFE_CLOSE(TST_RET);
+	}
+}
+
+static void tester_run_rules(const int rules, const int result)
+{
+	if (rules & LANDLOCK_ACCESS_FS_EXECUTE)
+		_test_exec(result);
+
+	if (rules & LANDLOCK_ACCESS_FS_WRITE_FILE)
+		_test_write(result);
+
+	if (rules & LANDLOCK_ACCESS_FS_READ_FILE)
+		_test_read(result);
+
+	if (rules & LANDLOCK_ACCESS_FS_READ_DIR)
+		_test_readdir(result);
+
+	if (rules & LANDLOCK_ACCESS_FS_REMOVE_DIR)
+		_test_rmdir(result);
+
+	if (rules & LANDLOCK_ACCESS_FS_REMOVE_FILE)
+		_test_rmfile(result);
+
+	if (rules & LANDLOCK_ACCESS_FS_MAKE_CHAR)
+		_test_make(DEV_CHAR0, S_IFCHR, dev_chr, result);
+
+	if (rules & LANDLOCK_ACCESS_FS_MAKE_BLOCK)
+		_test_make(DEV_BLK0, S_IFBLK, dev_blk, result);
+
+	if (rules & LANDLOCK_ACCESS_FS_MAKE_REG)
+		_test_make(FILE_REGULAR, S_IFREG, 0, result);
+
+	if (rules & LANDLOCK_ACCESS_FS_MAKE_SOCK)
+		_test_make(FILE_SOCKET, S_IFSOCK, 0, result);
+
+	if (rules & LANDLOCK_ACCESS_FS_MAKE_FIFO)
+		_test_make(FILE_FIFO, S_IFIFO, 0, result);
+
+	if (rules & LANDLOCK_ACCESS_FS_MAKE_SYM)
+		_test_symbolic(result);
+
+	if (rules & LANDLOCK_ACCESS_FS_TRUNCATE) {
+		if ((tst_kvercmp(6, 2, 0)) < 0) {
+			tst_res(TINFO, "Skip truncate test. Minimum kernel version is 6.2");
+			return;
+		}
+
+		_test_truncate(result);
+	}
+}
+
+static inline void tester_run_all_rules(const int pass_rules)
+{
+	int fail_rules;
+	int all_rules;
+
+	all_rules = tester_get_all_rules();
+	fail_rules = all_rules & ~pass_rules;
+
+	tester_run_rules(pass_rules, TPASS);
+	tester_run_rules(fail_rules, TFAIL);
+}
+
+#endif

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 09/10] Add landlock05 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

This test verifies LANDLOCK_ACCESS_FS_REFER access in the
landlock sandbox. The feature is available since kernel 5.19.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                |   1 +
 testcases/kernel/syscalls/landlock/.gitignore   |   1 +
 testcases/kernel/syscalls/landlock/landlock05.c | 113 ++++++++++++++++++++++++
 3 files changed, 115 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index 9acdaf760..a3ade6dc1 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -688,6 +688,7 @@ landlock01 landlock01
 landlock02 landlock02
 landlock03 landlock03
 landlock04 landlock04
+landlock05 landlock05
 
 lchown01 lchown01
 lchown01_16 lchown01_16
diff --git a/testcases/kernel/syscalls/landlock/.gitignore b/testcases/kernel/syscalls/landlock/.gitignore
index 4fe8d7cba..a7ea6be2e 100644
--- a/testcases/kernel/syscalls/landlock/.gitignore
+++ b/testcases/kernel/syscalls/landlock/.gitignore
@@ -3,3 +3,4 @@ landlock01
 landlock02
 landlock03
 landlock04
+landlock05
diff --git a/testcases/kernel/syscalls/landlock/landlock05.c b/testcases/kernel/syscalls/landlock/landlock05.c
new file mode 100644
index 000000000..57ed67e9f
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/landlock05.c
@@ -0,0 +1,113 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * This test verifies LANDLOCK_ACCESS_FS_REFER access in the
+ * landlock sandbox.
+ *
+ * [Algorithm]
+ *
+ * - apply LANDLOCK_ACCESS_FS_REFER in the folder1
+ * - apply LANDLOCK_ACCESS_FS_REFER in the folder2
+ * - create folder3
+ * - verify that file can be moved from folder1 to folder2
+ * - verify that file can't be moved from folder1 to folder3
+ */
+
+#include "landlock_common.h"
+
+#define MNTPOINT "sandbox"
+#define DIR1 MNTPOINT"/folder1"
+#define DIR2 MNTPOINT"/folder2"
+#define DIR3 MNTPOINT"/folder3"
+#define FILENAME1 DIR1"/file"
+#define FILENAME2 DIR2"/file"
+#define FILENAME3 DIR3"/file"
+
+static struct landlock_ruleset_attr *ruleset_attr;
+static struct landlock_path_beneath_attr *path_beneath_attr;
+
+static void run(void)
+{
+	if (!SAFE_FORK()) {
+		TST_EXP_PASS(rename(FILENAME1, FILENAME2));
+		if (TST_RET == -1)
+			return;
+
+		TST_EXP_FAIL(rename(FILENAME2, FILENAME3), EXDEV);
+
+		_exit(0);
+	}
+}
+
+static void setup(void)
+{
+	int ruleset_fd;
+
+	verify_landlock_is_enabled();
+
+	SAFE_MKDIR(DIR1, 0640);
+	SAFE_MKDIR(DIR2, 0640);
+	SAFE_MKDIR(DIR3, 0640);
+	SAFE_TOUCH(FILENAME1, 0640, NULL);
+
+	tst_res(TINFO, "Applying LANDLOCK_ACCESS_FS_REFER");
+
+	ruleset_attr->handled_access_fs =
+		LANDLOCK_ACCESS_FS_READ_FILE |
+		LANDLOCK_ACCESS_FS_WRITE_FILE |
+		LANDLOCK_ACCESS_FS_REFER;
+
+	ruleset_fd = SAFE_LANDLOCK_CREATE_RULESET(
+		ruleset_attr, sizeof(struct landlock_ruleset_attr), 0);
+
+	apply_landlock_rule(
+		path_beneath_attr,
+		ruleset_fd,
+		LANDLOCK_ACCESS_FS_REFER,
+		DIR1);
+
+	apply_landlock_rule(
+		path_beneath_attr,
+		ruleset_fd,
+		LANDLOCK_ACCESS_FS_REFER,
+		DIR2);
+
+	enforce_ruleset(ruleset_fd);
+
+	SAFE_CLOSE(ruleset_fd);
+}
+
+static struct tst_test test = {
+	.test_all = run,
+	.setup = setup,
+	.min_kver = "5.19",
+	.needs_tmpdir = 1,
+	.needs_root = 1,
+	.forks_child = 1,
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_SECURITY_LANDLOCK=y",
+		NULL
+	},
+	.bufs = (struct tst_buffers []) {
+		{&ruleset_attr, .size = sizeof(struct landlock_ruleset_attr)},
+		{&path_beneath_attr, .size = sizeof(struct landlock_path_beneath_attr)},
+		{},
+	},
+	.caps = (struct tst_cap []) {
+		TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
+		{}
+	},
+	.format_device = 1,
+	.mount_device = 1,
+	.mntpoint = MNTPOINT,
+	.all_filesystems = 1,
+	.skip_filesystems = (const char *[]) {
+		"vfat",
+		NULL
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH 10/10] Add landlock06 test

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

This test verifies LANDLOCK_ACCESS_FS_IOCTL_DEV access in the
landlock sandbox by creating a pipe and testing that ioctl() can
be executed on it. The test is also verifying that some of the I/O
operations can be always executed no matter the sandbox rules.
This feature is available since kernel 6.10.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
 runtest/syscalls                                |   1 +
 testcases/kernel/syscalls/landlock/.gitignore   |   1 +
 testcases/kernel/syscalls/landlock/landlock06.c | 110 ++++++++++++++++++++++++
 3 files changed, 112 insertions(+)

diff --git a/runtest/syscalls b/runtest/syscalls
index a3ade6dc1..ebaf8dea4 100644
--- a/runtest/syscalls
+++ b/runtest/syscalls
@@ -689,6 +689,7 @@ landlock02 landlock02
 landlock03 landlock03
 landlock04 landlock04
 landlock05 landlock05
+landlock06 landlock06
 
 lchown01 lchown01
 lchown01_16 lchown01_16
diff --git a/testcases/kernel/syscalls/landlock/.gitignore b/testcases/kernel/syscalls/landlock/.gitignore
index a7ea6be2e..315ac1dca 100644
--- a/testcases/kernel/syscalls/landlock/.gitignore
+++ b/testcases/kernel/syscalls/landlock/.gitignore
@@ -4,3 +4,4 @@ landlock02
 landlock03
 landlock04
 landlock05
+landlock06
diff --git a/testcases/kernel/syscalls/landlock/landlock06.c b/testcases/kernel/syscalls/landlock/landlock06.c
new file mode 100644
index 000000000..3281c2d2d
--- /dev/null
+++ b/testcases/kernel/syscalls/landlock/landlock06.c
@@ -0,0 +1,110 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
+ */
+
+/*\
+ * [Description]
+ *
+ * This test verifies LANDLOCK_ACCESS_FS_IOCTL_DEV access in the
+ * landlock sandbox by creating a pipe and testing that ioctl() can be executed
+ * on it. The test is also verifying that some of the I/O operations can be
+ * always executed no matter the sandbox rules.
+ */
+
+#include "landlock_common.h"
+#include <sys/ioctl.h>
+
+#define MNTPOINT "sandbox"
+#define FILENAME MNTPOINT"/fifo"
+
+static struct landlock_ruleset_attr *ruleset_attr;
+static struct landlock_path_beneath_attr *path_beneath_attr;
+static int file_fd;
+static int dev_fd;
+
+static void run(void)
+{
+	if (!SAFE_FORK()) {
+		int flag;
+		size_t sz = 0;
+
+		TST_EXP_PASS(ioctl(file_fd, FIONREAD, &sz));
+
+		/* check unrestrictable commands */
+		TST_EXP_PASS(ioctl(dev_fd, FIOCLEX));
+		TST_EXP_PASS(ioctl(dev_fd, FIONCLEX));
+		TST_EXP_PASS(ioctl(dev_fd, FIONBIO, &flag));
+		TST_EXP_PASS(ioctl(dev_fd, FIOASYNC, &flag));
+
+		_exit(0);
+	}
+}
+
+static void setup(void)
+{
+	int ruleset_fd;
+
+	verify_landlock_is_enabled();
+
+	SAFE_MKFIFO(FILENAME, 0640);
+
+	file_fd = SAFE_OPEN(FILENAME, O_RDONLY | O_NONBLOCK, 0640);
+	dev_fd = SAFE_OPEN("/dev/zero", O_RDONLY | O_NONBLOCK, 0640);
+
+	tst_res(TINFO, "Applying LANDLOCK_ACCESS_FS_IOCTL_DEV");
+
+	ruleset_attr->handled_access_fs = LANDLOCK_ACCESS_FS_IOCTL_DEV;
+
+	ruleset_fd = SAFE_LANDLOCK_CREATE_RULESET(
+		ruleset_attr, sizeof(struct landlock_ruleset_attr), 0);
+
+	apply_landlock_layer(
+		ruleset_attr,
+		path_beneath_attr,
+		MNTPOINT,
+		LANDLOCK_ACCESS_FS_IOCTL_DEV
+	);
+
+	SAFE_CLOSE(ruleset_fd);
+}
+
+static void cleanup(void)
+{
+	if (dev_fd != -1)
+		SAFE_CLOSE(dev_fd);
+
+	if (file_fd != -1)
+		SAFE_CLOSE(file_fd);
+}
+
+static struct tst_test test = {
+	.test_all = run,
+	.setup = setup,
+	.cleanup = cleanup,
+	.min_kver = "6.10",
+	.needs_tmpdir = 1,
+	.needs_root = 1,
+	.forks_child = 1,
+	.needs_kconfigs = (const char *[]) {
+		"CONFIG_SECURITY_LANDLOCK=y",
+		NULL
+	},
+	.bufs = (struct tst_buffers []) {
+		{&ruleset_attr, .size = sizeof(struct landlock_ruleset_attr)},
+		{&path_beneath_attr, .size = sizeof(struct landlock_path_beneath_attr)},
+		{},
+	},
+	.caps = (struct tst_cap []) {
+		TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
+		{}
+	},
+	.format_device = 1,
+	.mount_device = 1,
+	.mntpoint = MNTPOINT,
+	.all_filesystems = 1,
+	.skip_filesystems = (const char *[]) {
+		"vfat",
+		NULL
+	},
+};

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 01/10] Add landlock syscalls definitions

[Li Wang]

On Mon, Jul 1, 2024 at 11:46 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>

Reviewed-by: Li Wang <liwang@redhat.com>


---
>  include/lapi/syscalls/aarch64.in   | 3 +++
>  include/lapi/syscalls/arc.in       | 3 +++
>  include/lapi/syscalls/arm.in       | 3 +++
>  include/lapi/syscalls/hppa.in      | 3 +++
>  include/lapi/syscalls/i386.in      | 3 +++
>  include/lapi/syscalls/ia64.in      | 3 +++
>  include/lapi/syscalls/mips_n32.in  | 3 +++
>  include/lapi/syscalls/mips_n64.in  | 3 +++
>  include/lapi/syscalls/mips_o32.in  | 3 +++
>  include/lapi/syscalls/powerpc.in   | 3 +++
>  include/lapi/syscalls/powerpc64.in | 3 +++
>  include/lapi/syscalls/s390.in      | 3 +++
>  include/lapi/syscalls/s390x.in     | 3 +++
>  include/lapi/syscalls/sh.in        | 3 +++
>  include/lapi/syscalls/sparc.in     | 3 +++
>  include/lapi/syscalls/sparc64.in   | 3 +++
>  include/lapi/syscalls/x86_64.in    | 3 +++
>  17 files changed, 51 insertions(+)
>
> diff --git a/include/lapi/syscalls/aarch64.in b/include/lapi/syscalls/
> aarch64.in
> index 2cb6c2d87..3e7797718 100644
> --- a/include/lapi/syscalls/aarch64.in
> +++ b/include/lapi/syscalls/aarch64.in
> @@ -296,5 +296,8 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
>  _sysctl 1078
> diff --git a/include/lapi/syscalls/arc.in b/include/lapi/syscalls/arc.in
> index 3e2ee9061..7fde1d263 100644
> --- a/include/lapi/syscalls/arc.in
> +++ b/include/lapi/syscalls/arc.in
> @@ -316,4 +316,7 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
> diff --git a/include/lapi/syscalls/arm.in b/include/lapi/syscalls/arm.in
> index 7bdbca533..693644f83 100644
> --- a/include/lapi/syscalls/arm.in
> +++ b/include/lapi/syscalls/arm.in
> @@ -394,4 +394,7 @@ pidfd_getfd (__NR_SYSCALL_BASE+438)
>  faccessat2 (__NR_SYSCALL_BASE+439)
>  epoll_pwait2 (__NR_SYSCALL_BASE+441)
>  quotactl_fd (__NR_SYSCALL_BASE+443)
> +landlock_create_ruleset (__NR_SYSCALL_BASE+444)
> +landlock_add_rule (__NR_SYSCALL_BASE+445)
> +landlock_restrict_self (__NR_SYSCALL_BASE+446)
>  futex_waitv (__NR_SYSCALL_BASE+449)
> diff --git a/include/lapi/syscalls/hppa.in b/include/lapi/syscalls/hppa.in
> index 8ebdafafb..60c02aff2 100644
> --- a/include/lapi/syscalls/hppa.in
> +++ b/include/lapi/syscalls/hppa.in
> @@ -43,4 +43,7 @@ close_range 436
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
> diff --git a/include/lapi/syscalls/i386.in b/include/lapi/syscalls/i386.in
> index 1472631c4..31ec1ecb2 100644
> --- a/include/lapi/syscalls/i386.in
> +++ b/include/lapi/syscalls/i386.in
> @@ -430,4 +430,7 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
> diff --git a/include/lapi/syscalls/ia64.in b/include/lapi/syscalls/ia64.in
> index 0ea6e9722..2e56da7f9 100644
> --- a/include/lapi/syscalls/ia64.in
> +++ b/include/lapi/syscalls/ia64.in
> @@ -343,4 +343,7 @@ pidfd_getfd 1462
>  faccessat2 1463
>  epoll_pwait2 1465
>  quotactl_fd 1467
> +landlock_create_ruleset 1468
> +landlock_add_rule 1469
> +landlock_restrict_self 1470
>  futex_waitv 1473
> diff --git a/include/lapi/syscalls/mips_n32.in b/include/lapi/syscalls/
> mips_n32.in
> index e818c9d92..5f0fe65eb 100644
> --- a/include/lapi/syscalls/mips_n32.in
> +++ b/include/lapi/syscalls/mips_n32.in
> @@ -370,4 +370,7 @@ process_madvise 6440
>  epoll_pwait2 6441
>  mount_setattr 6442
>  quotactl_fd 6443
> +landlock_create_ruleset 6444
> +landlock_add_rule 6445
> +landlock_restrict_self 6446
>  futex_waitv 6449
> diff --git a/include/lapi/syscalls/mips_n64.in b/include/lapi/syscalls/
> mips_n64.in
> index 6e15f43b3..f81c60e66 100644
> --- a/include/lapi/syscalls/mips_n64.in
> +++ b/include/lapi/syscalls/mips_n64.in
> @@ -346,4 +346,7 @@ process_madvise 5440
>  epoll_pwait2 5441
>  mount_setattr 5442
>  quotactl_fd 5443
> +landlock_create_ruleset 5444
> +landlock_add_rule 5445
> +landlock_restrict_self 5446
>  futex_waitv 5449
> diff --git a/include/lapi/syscalls/mips_o32.in b/include/lapi/syscalls/
> mips_o32.in
> index 921d5d331..c2beffb75 100644
> --- a/include/lapi/syscalls/mips_o32.in
> +++ b/include/lapi/syscalls/mips_o32.in
> @@ -416,4 +416,7 @@ process_madvise 4440
>  epoll_pwait2 4441
>  mount_setattr 4442
>  quotactl_fd 4443
> +landlock_create_ruleset 4444
> +landlock_add_rule 4445
> +landlock_restrict_self 4446
>  futex_waitv 4449
> diff --git a/include/lapi/syscalls/powerpc.in b/include/lapi/syscalls/
> powerpc.in
> index 545d9d3d6..5460e4197 100644
> --- a/include/lapi/syscalls/powerpc.in
> +++ b/include/lapi/syscalls/powerpc.in
> @@ -423,4 +423,7 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
> diff --git a/include/lapi/syscalls/powerpc64.in b/include/lapi/syscalls/
> powerpc64.in
> index 545d9d3d6..5460e4197 100644
> --- a/include/lapi/syscalls/powerpc64.in
> +++ b/include/lapi/syscalls/powerpc64.in
> @@ -423,4 +423,7 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
> diff --git a/include/lapi/syscalls/s390.in b/include/lapi/syscalls/s390.in
> index 7213ac5f8..275b27f47 100644
> --- a/include/lapi/syscalls/s390.in
> +++ b/include/lapi/syscalls/s390.in
> @@ -410,4 +410,7 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
> diff --git a/include/lapi/syscalls/s390x.in b/include/lapi/syscalls/
> s390x.in
> index 879012e2b..c200d02b2 100644
> --- a/include/lapi/syscalls/s390x.in
> +++ b/include/lapi/syscalls/s390x.in
> @@ -358,4 +358,7 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
> diff --git a/include/lapi/syscalls/sh.in b/include/lapi/syscalls/sh.in
> index 7d5192a27..6f482a77b 100644
> --- a/include/lapi/syscalls/sh.in
> +++ b/include/lapi/syscalls/sh.in
> @@ -404,4 +404,7 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
> diff --git a/include/lapi/syscalls/sparc.in b/include/lapi/syscalls/
> sparc.in
> index 91d2fb1c2..7181e80a0 100644
> --- a/include/lapi/syscalls/sparc.in
> +++ b/include/lapi/syscalls/sparc.in
> @@ -409,4 +409,7 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
> diff --git a/include/lapi/syscalls/sparc64.in b/include/lapi/syscalls/
> sparc64.in
> index 1f2fc59b7..c96ab2021 100644
> --- a/include/lapi/syscalls/sparc64.in
> +++ b/include/lapi/syscalls/sparc64.in
> @@ -374,4 +374,7 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
> diff --git a/include/lapi/syscalls/x86_64.in b/include/lapi/syscalls/
> x86_64.in
> index dc61aa56e..3082ca110 100644
> --- a/include/lapi/syscalls/x86_64.in
> +++ b/include/lapi/syscalls/x86_64.in
> @@ -351,6 +351,9 @@ pidfd_getfd 438
>  faccessat2 439
>  epoll_pwait2 441
>  quotactl_fd 443
> +landlock_create_ruleset 444
> +landlock_add_rule 445
> +landlock_restrict_self 446
>  futex_waitv 449
>  rt_sigaction 512
>  rt_sigreturn 513
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>
>

-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 02/10] Add lapi/landlock.h fallback

[Li Wang]

On Mon, Jul 1, 2024 at 11:43 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  configure.ac            |   5 ++
>  include/lapi/landlock.h | 120
> ++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 125 insertions(+)
>
> diff --git a/configure.ac b/configure.ac
> index 82969b8d3..e5f0c9f77 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -157,6 +157,7 @@ AC_CHECK_FUNCS_ONCE([ \
>  AC_CHECK_FUNCS(mkdtemp,[],AC_MSG_ERROR(mkdtemp() not found!))
>
>  AC_CHECK_MEMBERS([struct fanotify_event_info_fid.fsid.__val],,,[#include
> <sys/fanotify.h>])
> +AC_CHECK_MEMBERS([struct
> landlock_ruleset_attr.handled_access_net],,,[#include <linux/landlock.h>])
>  AC_CHECK_MEMBERS([struct perf_event_mmap_page.aux_head],,,[#include
> <linux/perf_event.h>])
>  AC_CHECK_MEMBERS([struct sigaction.sa_sigaction],[],[],[#include
> <signal.h>])
>  AC_CHECK_MEMBERS([struct statx.stx_mnt_id, struct
> statx.stx_dio_mem_align],,,[
> @@ -170,6 +171,7 @@ AC_CHECK_MEMBERS([struct utsname.domainname],,,[
>  ])
>
>  AC_CHECK_TYPES([enum kcmp_type],,,[#include <linux/kcmp.h>])
> +AC_CHECK_TYPES([enum landlock_rule_type],,,[#include <linux/landlock.h>])
>  AC_CHECK_TYPES([struct acct_v3],,,[#include <sys/acct.h>])
>  AC_CHECK_TYPES([struct af_alg_iv, struct sockaddr_alg],,,[# include
> <linux/if_alg.h>])
>  AC_CHECK_TYPES([struct fanotify_event_info_fid, struct
> fanotify_event_info_error,
> @@ -190,6 +192,9 @@ AC_CHECK_TYPES([struct if_nextdqblk],,,[#include
> <linux/quota.h>])
>  AC_CHECK_TYPES([struct iovec],,,[#include <sys/uio.h>])
>  AC_CHECK_TYPES([struct ipc64_perm],,,[#include <sys/ipcbuf.h>])
>  AC_CHECK_TYPES([struct loop_config],,,[#include <linux/loop.h>])
> +AC_CHECK_TYPES([struct landlock_ruleset_attr],,,[#include
> <linux/landlock.h>])
> +AC_CHECK_TYPES([struct landlock_path_beneath_attr],,,[#include
> <linux/landlock.h>])
> +AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include
> <linux/landlock.h])
>

This line misses the ), it should be:

-AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include
<linux/landlock.h])
+AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include
<linux/landlock.h>])


-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 02/10] Add lapi/landlock.h fallback

[Li Wang]

Li Wang <liwang@redhat.com> wrote:


> +AC_CHECK_TYPES([struct landlock_path_beneath_attr],,,[#include
>> <linux/landlock.h>])
>> +AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include
>> <linux/landlock.h])
>>
>
> This line misses the ), it should be:
>

Typo, I meant there was missing an angle bracket ">".


> -AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include
> <linux/landlock.h])
> +AC_CHECK_TYPES([struct landlock_net_port_attr],,,[#include
> <linux/landlock.h>])
>


-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 03/10] Add landlock SAFE_* macros

[Li Wang]

Reviewed-by: Li Wang <liwang@redhat.com>

On Mon, Jul 1, 2024 at 11:43 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> Added three more SAFE_* macros for landlock sandbox:
>
> - SAFE_LANDLOCK_CREATE_RULESET
> - SAFE_LANDLOCK_ADD_RULE
> - SAFE_LANDLOCK_RESTRICT_SELF
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  include/tst_safe_macros.h | 19 ++++++++++++++++++
>  lib/tst_safe_macros.c     | 50
> +++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 69 insertions(+)
>
> diff --git a/include/tst_safe_macros.h b/include/tst_safe_macros.h
> index 08b8e930a..7748bd34f 100644
> --- a/include/tst_safe_macros.h
> +++ b/include/tst_safe_macros.h
> @@ -14,6 +14,7 @@
>  #include <sys/stat.h>
>  #include <sys/vfs.h>
>  #include <sys/sysinfo.h>
> +#include <linux/landlock.h>
>  #include <fcntl.h>
>  #include <libgen.h>
>  #include <signal.h>
> @@ -503,4 +504,22 @@ int safe_sscanf(const char *file, const int lineno,
> const char *restrict buffer,
>  #define SAFE_SSCANF(buffer, format, ...) \
>         safe_sscanf(__FILE__, __LINE__, (buffer), (format),
>  ##__VA_ARGS__)
>
> +int safe_landlock_create_ruleset(const char *file, const int lineno,
> +       const struct landlock_ruleset_attr *attr,
> +       size_t size , uint32_t flags);
> +#define SAFE_LANDLOCK_CREATE_RULESET(attr, size, flags) \
> +       safe_landlock_create_ruleset(__FILE__, __LINE__, (attr), (size),
> (flags))
> +
> +int safe_landlock_add_rule(const char *file, const int lineno,
> +       int ruleset_fd, enum landlock_rule_type rule_type,
> +       const void *rule_attr, uint32_t flags);
> +#define SAFE_LANDLOCK_ADD_RULE(ruleset_fd, rule_type, rule_attr, flags) \
> +       safe_landlock_add_rule(__FILE__, __LINE__, \
> +               (ruleset_fd), (rule_type), (rule_attr), (flags))
> +
> +int safe_landlock_restrict_self(const char *file, const int lineno,
> +       int ruleset_fd, int flags);
> +#define SAFE_LANDLOCK_RESTRICT_SELF(ruleset_fd, flags) \
> +       safe_landlock_restrict_self(__FILE__, __LINE__, (ruleset_fd),
> (flags))
> +
>  #endif /* TST_SAFE_MACROS_H__ */
> diff --git a/lib/tst_safe_macros.c b/lib/tst_safe_macros.c
> index 4e48c427b..ba997eb7c 100644
> --- a/lib/tst_safe_macros.c
> +++ b/lib/tst_safe_macros.c
> @@ -710,3 +710,53 @@ int safe_mprotect(const char *file, const int lineno,
>
>         return rval;
>  }
> +
> +
> +int safe_landlock_create_ruleset(const char *file, const int lineno,
> +       const struct landlock_ruleset_attr *attr,
> +       size_t size , uint32_t flags)
> +{
> +       int rval;
> +
> +       rval = tst_syscall(__NR_landlock_create_ruleset, attr, size,
> flags);
> +       if (rval == -1) {
> +               tst_brk_(file, lineno, TBROK | TERRNO,
> +                       "landlock_create_ruleset(%p, %lu, %u)",
> +                       attr, size, flags);
> +       }
> +
> +       return rval;
> +}
> +
> +int safe_landlock_add_rule(const char *file, const int lineno,
> +       int ruleset_fd, enum landlock_rule_type rule_type,
> +       const void *rule_attr, uint32_t flags)
> +{
> +       int rval;
> +
> +       rval = tst_syscall(__NR_landlock_add_rule,
> +               ruleset_fd, rule_type, rule_attr, flags);
> +
> +       if (rval == -1) {
> +               tst_brk_(file, lineno, TBROK | TERRNO,
> +                       "landlock_add_rule(%d, %d, %p, %u)",
> +                       ruleset_fd, rule_type, rule_attr, flags);
> +       }
> +
> +       return rval;
> +}
> +
> +int safe_landlock_restrict_self(const char *file, const int lineno,
> +       int ruleset_fd, int flags)
> +{
> +       int rval;
> +
> +       rval = tst_syscall(__NR_landlock_restrict_self, ruleset_fd, flags);
> +       if (rval == -1) {
> +               tst_brk_(file, lineno, TBROK | TERRNO,
> +                       "landlock_restrict_self(%d, %u)",
> +                       ruleset_fd, flags);
> +       }
> +
> +       return rval;
> +}
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>
>

-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 04/10] Add SAFE_PRCTL macro

[Li Wang]

Reviewed-by: Li Wang <liwang@redhat.com>

On Mon, Jul 1, 2024 at 11:43 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  include/tst_safe_macros.h |  6 ++++++
>  lib/tst_safe_macros.c     | 16 ++++++++++++++++
>  2 files changed, 22 insertions(+)
>
> diff --git a/include/tst_safe_macros.h b/include/tst_safe_macros.h
> index 7748bd34f..733a2506e 100644
> --- a/include/tst_safe_macros.h
> +++ b/include/tst_safe_macros.h
> @@ -504,6 +504,12 @@ int safe_sscanf(const char *file, const int lineno,
> const char *restrict buffer,
>  #define SAFE_SSCANF(buffer, format, ...) \
>         safe_sscanf(__FILE__, __LINE__, (buffer), (format),
>  ##__VA_ARGS__)
>
> +int safe_prctl(const char *file, const int lineno,
> +       int option, unsigned long arg2, unsigned long arg3,
> +       unsigned long arg4, unsigned long arg5);
> +#define SAFE_PRCTL(option, arg2, arg3, arg4, arg5) \
> +       safe_prctl(__FILE__, __LINE__, (option), (arg2), (arg3), (arg4),
> (arg5))
> +
>  int safe_landlock_create_ruleset(const char *file, const int lineno,
>         const struct landlock_ruleset_attr *attr,
>         size_t size , uint32_t flags);
> diff --git a/lib/tst_safe_macros.c b/lib/tst_safe_macros.c
> index ba997eb7c..a81037161 100644
> --- a/lib/tst_safe_macros.c
> +++ b/lib/tst_safe_macros.c
> @@ -10,6 +10,7 @@
>  #include <errno.h>
>  #include <sched.h>
>  #include <sys/ptrace.h>
> +#include <sys/prctl.h>
>  #include "config.h"
>  #ifdef HAVE_SYS_FANOTIFY_H
>  # include <sys/fanotify.h>
> @@ -711,6 +712,21 @@ int safe_mprotect(const char *file, const int lineno,
>         return rval;
>  }
>
> +int safe_prctl(const char *file, const int lineno,
> +       int option, unsigned long arg2, unsigned long arg3,
> +       unsigned long arg4, unsigned long arg5)
> +{
> +       int rval;
> +
> +       rval = prctl(option, arg2, arg3, arg4, arg5);
> +       if (rval == -1) {
> +               tst_brk_(file, lineno, TBROK | TERRNO,
> +                       "prctl(%d, %lu, %lu, %lu, %lu)",
> +                       option, arg2, arg3, arg4, arg5);
> +       }
> +
> +       return rval;
> +}
>
>  int safe_landlock_create_ruleset(const char *file, const int lineno,
>         const struct landlock_ruleset_attr *attr,
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>
>

-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 08/10] Add landlock04 test

[Li Wang]

On Mon, Jul 1, 2024 at 11:44 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> This test verifies that all landlock rules are working properly.
> The way we do it is to verify that all disabled syscalls are not
> working but the one we enabled via specifc landlock rules.
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  runtest/syscalls                                   |   1 +
>  testcases/kernel/syscalls/landlock/.gitignore      |   2 +
>  testcases/kernel/syscalls/landlock/Makefile        |   5 +
>  testcases/kernel/syscalls/landlock/landlock04.c    | 143 +++++++++
>  testcases/kernel/syscalls/landlock/landlock_exec.c |   9 +
>  .../kernel/syscalls/landlock/landlock_tester.h     | 350
> +++++++++++++++++++++
>  6 files changed, 510 insertions(+)
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 1e2d682e3..9acdaf760 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -687,6 +687,7 @@ kill13 kill13
>  landlock01 landlock01
>  landlock02 landlock02
>  landlock03 landlock03
> +landlock04 landlock04
>
>  lchown01 lchown01
>  lchown01_16 lchown01_16
> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
> b/testcases/kernel/syscalls/landlock/.gitignore
> index f79cd090b..4fe8d7cba 100644
> --- a/testcases/kernel/syscalls/landlock/.gitignore
> +++ b/testcases/kernel/syscalls/landlock/.gitignore
> @@ -1,3 +1,5 @@
> +landlock_exec
>  landlock01
>  landlock02
>  landlock03
> +landlock04
> diff --git a/testcases/kernel/syscalls/landlock/Makefile
> b/testcases/kernel/syscalls/landlock/Makefile
> index 4b3e3fd8f..bdc6bd2d4 100644
> --- a/testcases/kernel/syscalls/landlock/Makefile
> +++ b/testcases/kernel/syscalls/landlock/Makefile
> @@ -8,3 +8,8 @@ include $(top_srcdir)/include/mk/testcases.mk
>  LDLIBS += -lc
>
>  include $(top_srcdir)/include/mk/generic_leaf_target.mk
> +
> +# the reason why landlock_exec test binary is statically linked, is that
> +# we can't read libc out of the sandboxed folder once
> LANDLOCK_ACCESS_FS_EXECUTE
> +# has been activated
> +landlock_exec: LDLIBS += -static -fPIC
> diff --git a/testcases/kernel/syscalls/landlock/landlock04.c
> b/testcases/kernel/syscalls/landlock/landlock04.c
> new file mode 100644
> index 000000000..1e7c6f3d1
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/landlock04.c
> @@ -0,0 +1,143 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <
> andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * This test verifies that all landlock rules are working properly. The
> way we
> + * do it is to verify that all disabled syscalls are not working but the
> one we
> + * enabled via specifc landlock rules.
> + */
> +
> +#include "landlock_common.h"
> +#include "landlock_tester.h"
> +
> +#define ACCESS_NAME(x) #x
> +
> +static struct landlock_ruleset_attr *ruleset_attr;
> +static struct landlock_path_beneath_attr *path_beneath_attr;
> +
> +static struct tvariant {
> +       int access;
> +       char *desc;
> +} tvariants[] = {
> +       {
> +               LANDLOCK_ACCESS_FS_READ_FILE | LANDLOCK_ACCESS_FS_EXECUTE,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_EXECUTE)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_WRITE_FILE,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_WRITE_FILE)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_READ_FILE,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_READ_FILE)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_READ_DIR,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_READ_DIR)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_REMOVE_DIR,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_REMOVE_DIR)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_REMOVE_FILE,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_REMOVE_FILE)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_MAKE_CHAR,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_CHAR)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_MAKE_BLOCK,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_BLOCK)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_MAKE_REG,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_REG)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_MAKE_SOCK,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_SOCK)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_MAKE_FIFO,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_FIFO)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_MAKE_SYM,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_MAKE_SYM)
> +       },
> +       {
> +               LANDLOCK_ACCESS_FS_WRITE_FILE |
> LANDLOCK_ACCESS_FS_TRUNCATE,
> +               ACCESS_NAME(LANDLOCK_ACCESS_FS_TRUNCATE)
> +       },
> +};
> +
> +static void run(void)
> +{
> +       if (!SAFE_FORK()) {
> +               struct tvariant  variant = tvariants[tst_variant];
> +
> +               tester_run_all_rules(variant.access);
> +               _exit(0);
> +       }
> +}
> +
> +static void setup(void)
> +{
> +       struct tvariant variant = tvariants[tst_variant];
> +
> +       verify_landlock_is_enabled();
> +       tester_create_tree();
> +
> +       tst_res(TINFO, "Testing %s", variant.desc);
> +
> +       ruleset_attr->handled_access_fs = tester_get_all_rules();
> +
> +       apply_landlock_layer(
> +               ruleset_attr,
> +               path_beneath_attr,
> +               SANDBOX_FOLDER,
> +               variant.access);
> +}
> +
> +static struct tst_test test = {
> +       .test_all = run,
> +       .setup = setup,
> +       .min_kver = "5.13",
> +       .forks_child = 1,
> +       .needs_tmpdir = 1,
> +       .needs_root = 1,
> +       .test_variants = ARRAY_SIZE(tvariants),
> +       .resource_files = (const char *[]) {
> +               TESTAPP,
> +               NULL,
> +       },
> +       .needs_kconfigs = (const char *[]) {
> +               "CONFIG_SECURITY_LANDLOCK=y",
> +               NULL
> +       },
> +       .bufs = (struct tst_buffers []) {
> +               {&ruleset_attr, .size = sizeof(struct
> landlock_ruleset_attr)},
> +               {&path_beneath_attr, .size = sizeof(struct
> landlock_path_beneath_attr)},
> +               {},
> +       },
> +       .caps = (struct tst_cap []) {
> +               TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
> +               TST_CAP(TST_CAP_REQ, CAP_MKNOD),
>

We have to define CAP_MKNOD in the include/lapi/capability.h,
otherwise it can't be built on some platform.

landlock04.c:131:38: error: ‘CAP_MKNOD’ undeclared here (not in a
function); did you mean ‘SAFE_MKNOD’?
  131 |                 TST_CAP(TST_CAP_REQ, CAP_MKNOD),


-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 05/10] Add landlock01 test

[Li Wang]

On Mon, Jul 1, 2024 at 11:43 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>

Reviewed-by: Li Wang <liwang@redhat.com>

Mostly code is pretty good, but just a tiny issue comment inline below.


> This test verifies that landlock_create_ruleset syscall fails with the
> right error codes:
>
> - EINVAL Unknown flags, or unknown access, or too small size
> - E2BIG size is too big
> - EFAULT attr was not a valid address
> - ENOMSG Empty accesses (i.e., attr->handled_access_fs is 0)
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  runtest/syscalls                                   |  2 +
>  testcases/kernel/syscalls/landlock/.gitignore      |  1 +
>  testcases/kernel/syscalls/landlock/Makefile        | 10 +++
>  testcases/kernel/syscalls/landlock/landlock01.c    | 87
> ++++++++++++++++++++++
>  .../kernel/syscalls/landlock/landlock_common.h     | 74 ++++++++++++++++++
>  5 files changed, 174 insertions(+)
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 44a577db3..4c566d95f 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -684,6 +684,8 @@ kill11 kill11
>  kill12 kill12
>  kill13 kill13
>
> +landlock01 landlock01
> +
>  lchown01 lchown01
>  lchown01_16 lchown01_16
>  lchown02  lchown02
> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
> b/testcases/kernel/syscalls/landlock/.gitignore
> new file mode 100644
> index 000000000..b69f9b94a
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/.gitignore
> @@ -0,0 +1 @@
> +landlock01
> diff --git a/testcases/kernel/syscalls/landlock/Makefile
> b/testcases/kernel/syscalls/landlock/Makefile
> new file mode 100644
> index 000000000..4b3e3fd8f
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/Makefile
> @@ -0,0 +1,10 @@
> +# SPDX-License-Identifier: GPL-2.0-or-later
> +# Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com
> >
> +
> +top_srcdir             ?= ../../../..
> +
> +include $(top_srcdir)/include/mk/testcases.mk
> +
> +LDLIBS += -lc
> +
> +include $(top_srcdir)/include/mk/generic_leaf_target.mk
> diff --git a/testcases/kernel/syscalls/landlock/landlock01.c
> b/testcases/kernel/syscalls/landlock/landlock01.c
> new file mode 100644
> index 000000000..9f8c6489c
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/landlock01.c
> @@ -0,0 +1,87 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <
> andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * This test verifies that landlock_create_ruleset syscall fails with the
> right
> + * error codes:
> + *
> + * - EINVAL Unknown flags, or unknown access, or too small size
> + * - E2BIG size is too big
> + * - EFAULT attr was not a valid address
> + * - ENOMSG Empty accesses (i.e., attr->handled_access_fs is 0)
> + */
> +
> +#include "landlock_common.h"
> +
> +static struct landlock_ruleset_attr *ruleset_attr;
> +static struct landlock_ruleset_attr *null_attr;
> +static size_t rule_size;
> +static size_t rule_small_size;
> +static size_t rule_big_size;
> +
> +static struct tcase {
> +       struct landlock_ruleset_attr **attr;
> +       uint64_t access_fs;
> +       size_t *size;
> +       uint32_t flags;
> +       int exp_errno;
> +       char *msg;
> +} tcases[] = {
> +       {&ruleset_attr, -1, &rule_size, 0, EINVAL, "Unknown access"},
> +       {&ruleset_attr, 0, &rule_small_size, 0, EINVAL, "Size is too
> small"},
> +       {&ruleset_attr, 0, &rule_size, -1, EINVAL, "Unknown flags"},
> +       {&ruleset_attr, 0, &rule_big_size, 0, E2BIG, "Size is too big"},
> +       {&null_attr,    0, &rule_size, 0, EFAULT, "Invalid attr address"},
> +       {&ruleset_attr, 0, &rule_size, 0, ENOMSG, "Empty accesses"},
> +};
> +
> +static void run(unsigned int n)
> +{
> +       struct tcase *tc = &tcases[n];
> +
> +       if (*tc->attr)
> +               (*tc->attr)->handled_access_fs = tc->access_fs;
> +
> +       TST_EXP_FAIL(tst_syscall(__NR_landlock_create_ruleset,
> +                       *tc->attr, *tc->size, tc->flags),
> +               tc->exp_errno,
> +               "%s",
> +               tc->msg);
> +
> +       if (TST_RET >= 0)
> +               SAFE_CLOSE(TST_RET);
> +}
> +
> +static void setup(void)
> +{
> +       verify_landlock_is_enabled();
> +
> +       rule_size = sizeof(struct landlock_ruleset_attr);
> +
> +       rule_small_size = rule_size - 1;
>

Here minus 1 is not enough, we have to decrease more than 8
otherwise it just returns ENOMSG.

    landlock01.c:49: TFAIL: Size is too small expected EINVAL: ENOMSG (42)

  rule_small_size = rule_size - 9;

or, we use a small enough type:

  rule_small_size = sizeof(int);

my test kernel is 6.9.6-200.fc40.x86_64.

I haven't figured out that's why, but maybe inside the
landlock_create_ruleset()
syscall compare the size unprecisely. Something like invoke the
copy_min_struct_from_user.

199         err = copy_min_struct_from_user(&ruleset_attr,
sizeof(ruleset_attr),
200
offsetofend(typeof(ruleset_attr),
201                                          handled_access_fs),
202                                          attr, size);

...

32 #define offsetofend(TYPE, MEMBER) \
 33         (offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER))

This needs more investigation...




> +       rule_big_size = SAFE_SYSCONF(_SC_PAGESIZE) + 1;
> +}
> +
> +static struct tst_test test = {
> +       .test = run,
> +       .tcnt = ARRAY_SIZE(tcases),
> +       .setup = setup,
> +       .min_kver = "5.13",
> +       .needs_root = 1,
> +       .needs_kconfigs = (const char *[]) {
> +               "CONFIG_SECURITY_LANDLOCK=y",
> +               NULL
> +       },
> +       .bufs = (struct tst_buffers []) {
> +               {&ruleset_attr, .size = sizeof(struct
> landlock_ruleset_attr)},
> +               {},
> +       },
> +       .caps = (struct tst_cap []) {
> +               TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
> +               {}
> +       },
> +};
> diff --git a/testcases/kernel/syscalls/landlock/landlock_common.h
> b/testcases/kernel/syscalls/landlock/landlock_common.h
> new file mode 100644
> index 000000000..66f8fd19a
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/landlock_common.h
> @@ -0,0 +1,74 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <
> andrea.cervesato@suse.com>
> + */
> +
> +#ifndef LANDLOCK_COMMON_H
> +
> +#include "tst_test.h"
> +#include "lapi/prctl.h"
> +#include "lapi/fcntl.h"
> +#include "lapi/landlock.h"
> +
> +static inline void verify_landlock_is_enabled(void)
> +{
> +       int abi;
> +
> +       abi = tst_syscall(__NR_landlock_create_ruleset,
> +               NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
> +
> +       if (abi < 0) {
> +               if (errno == EOPNOTSUPP) {
> +                       tst_brk(TCONF, "Landlock is currently disabled. "
> +                               "Please enable it either via CONFIG_LSM or
> "
> +                               "'lsm' kernel parameter.");
> +               }
> +
> +               tst_brk(TBROK | TERRNO, "landlock_create_ruleset error");
> +       }
> +
> +       tst_res(TINFO, "Landlock ABI v%d", abi);
> +}
> +
> +static inline void apply_landlock_rule(
> +       struct landlock_path_beneath_attr *path_beneath_attr,
> +       const int ruleset_fd,
> +       const int access,
> +       const char *path)
> +{
> +       path_beneath_attr->allowed_access = access;
> +       path_beneath_attr->parent_fd = SAFE_OPEN(path, O_PATH | O_CLOEXEC);
> +
> +       SAFE_LANDLOCK_ADD_RULE(
> +               ruleset_fd,
> +               LANDLOCK_RULE_PATH_BENEATH,
> +               path_beneath_attr,
> +               0);
> +
> +       SAFE_CLOSE(path_beneath_attr->parent_fd);
> +}
> +
> +static inline void enforce_ruleset(const int ruleset_fd)
> +{
> +       SAFE_PRCTL(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
> +       SAFE_LANDLOCK_RESTRICT_SELF(ruleset_fd, 0);
> +}
> +
> +static inline void apply_landlock_layer(
> +       struct landlock_ruleset_attr *ruleset_attr,
> +       struct landlock_path_beneath_attr *path_beneath_attr,
> +       const char *path,
> +       const int access)
> +{
> +       int ruleset_fd;
> +
> +       ruleset_fd = SAFE_LANDLOCK_CREATE_RULESET(
> +               ruleset_attr, sizeof(struct landlock_ruleset_attr), 0);
> +
> +       apply_landlock_rule(path_beneath_attr, ruleset_fd, access, path);
> +       enforce_ruleset(ruleset_fd);
> +
> +       SAFE_CLOSE(ruleset_fd);
> +}
> +
> +#endif
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>
>

-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 06/10] Add landlock02 test

[Li Wang]

On Mon, Jul 1, 2024 at 11:44 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> This test verifies that landlock_add_rule syscall fails with the
> right error codes:
>
> - EINVAL flags is not 0, or the rule accesses are inconsistent
> - ENOMSG Empty accesses (i.e., rule_attr->allowed_access is 0)
> - EBADF ruleset_fd  is  not  a  file  descriptor  for  the  current
>   thread, or a member of rule_attr is not a file descriptor as
>   expected
> - EBADFD ruleset_fd is not a ruleset file descriptor, or a member of
>   rule_attr is not the expected file descriptor type
> - EFAULT rule_attr was not a valid address
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>

Reviewed-by: Li Wang <liwang@redhat.com>

---
>  runtest/syscalls                                |   1 +
>  testcases/kernel/syscalls/landlock/.gitignore   |   1 +
>  testcases/kernel/syscalls/landlock/landlock02.c | 153
> ++++++++++++++++++++++++
>  3 files changed, 155 insertions(+)
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 4c566d95f..7f9c83292 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -685,6 +685,7 @@ kill12 kill12
>  kill13 kill13
>
>  landlock01 landlock01
> +landlock02 landlock02
>
>  lchown01 lchown01
>  lchown01_16 lchown01_16
> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
> b/testcases/kernel/syscalls/landlock/.gitignore
> index b69f9b94a..ffed4abd2 100644
> --- a/testcases/kernel/syscalls/landlock/.gitignore
> +++ b/testcases/kernel/syscalls/landlock/.gitignore
> @@ -1 +1,2 @@
>  landlock01
> +landlock02
> diff --git a/testcases/kernel/syscalls/landlock/landlock02.c
> b/testcases/kernel/syscalls/landlock/landlock02.c
> new file mode 100644
> index 000000000..0e2da7ef5
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/landlock02.c
> @@ -0,0 +1,153 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <
> andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * This test verifies that landlock_add_rule syscall fails with the right
> + * error codes:
> + *
> + * - EINVAL flags is not 0, or the rule accesses are inconsistent
> + * - ENOMSG Empty accesses (i.e., rule_attr->allowed_access is 0)
> + * - EBADF ruleset_fd  is  not  a  file  descriptor  for  the  current
> thread,
> + *   or a member of rule_attr is not a file descriptor as expected
> + * - EBADFD ruleset_fd is not a ruleset file descriptor, or a member of
> + *   rule_attr is not the expected file descriptor type
> + * - EFAULT rule_attr was not a valid address
> + */
> +
> +#include "landlock_common.h"
> +
> +static struct landlock_ruleset_attr *ruleset_attr;
> +static struct landlock_path_beneath_attr *path_beneath_attr;
> +static struct landlock_path_beneath_attr *rule_null;
> +static int ruleset_fd;
> +static int invalid_fd = -1;
> +
> +static struct tcase {
> +       int *fd;
> +       enum landlock_rule_type rule_type;
> +       struct landlock_path_beneath_attr **attr;
> +       int access;
> +       int parent_fd;
> +       uint32_t flags;
> +       int exp_errno;
> +       char *msg;
> +} tcases[] = {
> +       {
> +               &ruleset_fd,
> +               0,
> +               &path_beneath_attr,
> +               LANDLOCK_ACCESS_FS_EXECUTE,
> +               0,
> +               1,
> +               EINVAL,
> +               "Invalid flags"
> +       },
> +       {
> +               &ruleset_fd,
> +               0,
> +               &path_beneath_attr,
> +               LANDLOCK_ACCESS_FS_EXECUTE,
> +               0,
> +               0,
> +               EINVAL,
> +               "Invalid rule type"
> +       },
> +       {
> +               &ruleset_fd,
> +               LANDLOCK_RULE_PATH_BENEATH,
> +               &path_beneath_attr,
> +               0,
> +               0,
> +               0,
> +               ENOMSG,
> +               "Empty accesses"
> +       },
> +       {
> +               &invalid_fd,
> +               0,
> +               &path_beneath_attr,
> +               LANDLOCK_ACCESS_FS_EXECUTE,
> +               0,
> +               0,
> +               EBADF,
> +               "Invalid file descriptor"
> +       },
> +       {
> +               &ruleset_fd,
> +               LANDLOCK_RULE_PATH_BENEATH,
> +               &path_beneath_attr,
> +               LANDLOCK_ACCESS_FS_EXECUTE,
> +               -1,
> +               0,
> +               EBADF,
> +               "Invalid parent fd"
> +       },
> +       {
> +               &ruleset_fd,
> +               LANDLOCK_RULE_PATH_BENEATH,
> +               &rule_null,
> +               0,
> +               0,
> +               0,
> +               EFAULT,
> +               "Invalid rule attr"
> +       },
> +};
> +
> +static void run(unsigned int n)
> +{
> +       struct tcase *tc = &tcases[n];
> +
> +       if (*tc->attr) {
> +               (*tc->attr)->allowed_access = tc->access;
> +               (*tc->attr)->parent_fd = tc->parent_fd;
> +       }
> +
> +       TST_EXP_FAIL(tst_syscall(__NR_landlock_add_rule,
> +                       *tc->fd, tc->rule_type, *tc->attr, tc->flags),
> +               tc->exp_errno,
> +               "%s",
> +               tc->msg);
> +}
> +
> +static void setup(void)
> +{
> +       verify_landlock_is_enabled();
> +
> +       ruleset_attr->handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE;
> +
> +       ruleset_fd =
> TST_EXP_FD_SILENT(tst_syscall(__NR_landlock_create_ruleset,
> +               ruleset_attr, sizeof(struct landlock_ruleset_attr), 0));
> +}
> +
> +static void cleanup(void)
> +{
> +       if (ruleset_fd != -1)
> +               SAFE_CLOSE(ruleset_fd);
> +}
> +
> +static struct tst_test test = {
> +       .test = run,
> +       .tcnt = ARRAY_SIZE(tcases),
> +       .setup = setup,
> +       .cleanup = cleanup,
> +       .min_kver = "5.13",
> +       .needs_root = 1,
> +       .needs_kconfigs = (const char *[]) {
> +               "CONFIG_SECURITY_LANDLOCK=y",
> +               NULL
> +       },
> +       .bufs = (struct tst_buffers []) {
> +               {&ruleset_attr, .size = sizeof(struct
> landlock_ruleset_attr)},
> +               {&path_beneath_attr, .size = sizeof(struct
> landlock_path_beneath_attr)},
> +               {},
> +       },
> +       .caps = (struct tst_cap []) {
> +               TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
> +               {}
> +       },
> +};
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>
>

-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 05/10] Add landlock01 test

[Li Wang]

On Tue, Jul 2, 2024 at 4:34 PM Li Wang <liwang@redhat.com> wrote:

>
>
> On Mon, Jul 1, 2024 at 11:43 PM Andrea Cervesato <andrea.cervesato@suse.de>
> wrote:
>
>> From: Andrea Cervesato <andrea.cervesato@suse.com>
>>
>
> Reviewed-by: Li Wang <liwang@redhat.com>
>
> Mostly code is pretty good, but just a tiny issue comment inline below.
>
>
>> This test verifies that landlock_create_ruleset syscall fails with the
>> right error codes:
>>
>> - EINVAL Unknown flags, or unknown access, or too small size
>> - E2BIG size is too big
>> - EFAULT attr was not a valid address
>> - ENOMSG Empty accesses (i.e., attr->handled_access_fs is 0)
>>
>> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>> ---
>>  runtest/syscalls                                   |  2 +
>>  testcases/kernel/syscalls/landlock/.gitignore      |  1 +
>>  testcases/kernel/syscalls/landlock/Makefile        | 10 +++
>>  testcases/kernel/syscalls/landlock/landlock01.c    | 87
>> ++++++++++++++++++++++
>>  .../kernel/syscalls/landlock/landlock_common.h     | 74
>> ++++++++++++++++++
>>  5 files changed, 174 insertions(+)
>>
>> diff --git a/runtest/syscalls b/runtest/syscalls
>> index 44a577db3..4c566d95f 100644
>> --- a/runtest/syscalls
>> +++ b/runtest/syscalls
>> @@ -684,6 +684,8 @@ kill11 kill11
>>  kill12 kill12
>>  kill13 kill13
>>
>> +landlock01 landlock01
>> +
>>  lchown01 lchown01
>>  lchown01_16 lchown01_16
>>  lchown02  lchown02
>> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
>> b/testcases/kernel/syscalls/landlock/.gitignore
>> new file mode 100644
>> index 000000000..b69f9b94a
>> --- /dev/null
>> +++ b/testcases/kernel/syscalls/landlock/.gitignore
>> @@ -0,0 +1 @@
>> +landlock01
>> diff --git a/testcases/kernel/syscalls/landlock/Makefile
>> b/testcases/kernel/syscalls/landlock/Makefile
>> new file mode 100644
>> index 000000000..4b3e3fd8f
>> --- /dev/null
>> +++ b/testcases/kernel/syscalls/landlock/Makefile
>> @@ -0,0 +1,10 @@
>> +# SPDX-License-Identifier: GPL-2.0-or-later
>> +# Copyright (C) 2024 SUSE LLC Andrea Cervesato <
>> andrea.cervesato@suse.com>
>> +
>> +top_srcdir             ?= ../../../..
>> +
>> +include $(top_srcdir)/include/mk/testcases.mk
>> +
>> +LDLIBS += -lc
>> +
>> +include $(top_srcdir)/include/mk/generic_leaf_target.mk
>> diff --git a/testcases/kernel/syscalls/landlock/landlock01.c
>> b/testcases/kernel/syscalls/landlock/landlock01.c
>> new file mode 100644
>> index 000000000..9f8c6489c
>> --- /dev/null
>> +++ b/testcases/kernel/syscalls/landlock/landlock01.c
>> @@ -0,0 +1,87 @@
>> +// SPDX-License-Identifier: GPL-2.0-or-later
>> +/*
>> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <
>> andrea.cervesato@suse.com>
>> + */
>> +
>> +/*\
>> + * [Description]
>> + *
>> + * This test verifies that landlock_create_ruleset syscall fails with
>> the right
>> + * error codes:
>> + *
>> + * - EINVAL Unknown flags, or unknown access, or too small size
>> + * - E2BIG size is too big
>> + * - EFAULT attr was not a valid address
>> + * - ENOMSG Empty accesses (i.e., attr->handled_access_fs is 0)
>> + */
>> +
>> +#include "landlock_common.h"
>> +
>> +static struct landlock_ruleset_attr *ruleset_attr;
>> +static struct landlock_ruleset_attr *null_attr;
>> +static size_t rule_size;
>> +static size_t rule_small_size;
>> +static size_t rule_big_size;
>> +
>> +static struct tcase {
>> +       struct landlock_ruleset_attr **attr;
>> +       uint64_t access_fs;
>> +       size_t *size;
>> +       uint32_t flags;
>> +       int exp_errno;
>> +       char *msg;
>> +} tcases[] = {
>> +       {&ruleset_attr, -1, &rule_size, 0, EINVAL, "Unknown access"},
>> +       {&ruleset_attr, 0, &rule_small_size, 0, EINVAL, "Size is too
>> small"},
>> +       {&ruleset_attr, 0, &rule_size, -1, EINVAL, "Unknown flags"},
>> +       {&ruleset_attr, 0, &rule_big_size, 0, E2BIG, "Size is too big"},
>> +       {&null_attr,    0, &rule_size, 0, EFAULT, "Invalid attr address"},
>> +       {&ruleset_attr, 0, &rule_size, 0, ENOMSG, "Empty accesses"},
>> +};
>> +
>> +static void run(unsigned int n)
>> +{
>> +       struct tcase *tc = &tcases[n];
>> +
>> +       if (*tc->attr)
>> +               (*tc->attr)->handled_access_fs = tc->access_fs;
>> +
>> +       TST_EXP_FAIL(tst_syscall(__NR_landlock_create_ruleset,
>> +                       *tc->attr, *tc->size, tc->flags),
>> +               tc->exp_errno,
>> +               "%s",
>> +               tc->msg);
>> +
>> +       if (TST_RET >= 0)
>> +               SAFE_CLOSE(TST_RET);
>> +}
>> +
>> +static void setup(void)
>> +{
>> +       verify_landlock_is_enabled();
>> +
>> +       rule_size = sizeof(struct landlock_ruleset_attr);
>> +
>> +       rule_small_size = rule_size - 1;
>>
>
> Here minus 1 is not enough, we have to decrease more than 8
> otherwise it just returns ENOMSG.
>
>     landlock01.c:49: TFAIL: Size is too small expected EINVAL: ENOMSG (42)
>
>   rule_small_size = rule_size - 9;
>
> or, we use a small enough type:
>
>   rule_small_size = sizeof(int);
>
> my test kernel is 6.9.6-200.fc40.x86_64.
>
> I haven't figured out that's why, but maybe inside the
> landlock_create_ruleset()
> syscall compare the size unprecisely. Something like invoke the
> copy_min_struct_from_user.
>
> 199         err = copy_min_struct_from_user(&ruleset_attr,
> sizeof(ruleset_attr),
> 200
> offsetofend(typeof(ruleset_attr),
> 201                                          handled_access_fs),
> 202                                          attr, size);
>
> ...
>
> 32 #define offsetofend(TYPE, MEMBER) \
>  33         (offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER))
>
> This needs more investigation...
>

I guess I found the reason, kernel commit fff69fb03dde1df introducing a new
field 'handled_access_net' in the structure, but in the
landlock_create_ruleset(),
it still uses the first field 'handled_access_fs' to count min size, so
that why
decrease 1 is useless in your test.

I will send out a RFC patch to LKML for that. Thanks!

--- a/security/landlock/syscalls.c
+++ b/security/landlock/syscalls.c
@@ -198,7 +198,7 @@ SYSCALL_DEFINE3(landlock_create_ruleset,
        /* Copies raw user space buffer. */
        err = copy_min_struct_from_user(&ruleset_attr, sizeof(ruleset_attr),
                                        offsetofend(typeof(ruleset_attr),
-                                                   handled_access_fs),
+                                                   handled_access_net),
                                        attr, size);
        if (err)
                return err;

>

-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 05/10] Add landlock01 test

[Andrea Cervesato via ltp]

Hi!

On 7/2/24 11:09, Li Wang wrote:
>
>
> On Tue, Jul 2, 2024 at 4:34 PM Li Wang <liwang@redhat.com> wrote:
>
>
>
>     On Mon, Jul 1, 2024 at 11:43 PM Andrea Cervesato
>     <andrea.cervesato@suse.de> wrote:
>
>         From: Andrea Cervesato <andrea.cervesato@suse.com>
>
>
>     Reviewed-by: Li Wang <liwang@redhat.com>
>
>     Mostly code is pretty good, but just a tiny issue comment inline
>     below.
>
>
>         This test verifies that landlock_create_ruleset syscall fails
>         with the
>         right error codes:
>
>         - EINVAL Unknown flags, or unknown access, or too small size
>         - E2BIG size is too big
>         - EFAULT attr was not a valid address
>         - ENOMSG Empty accesses (i.e., attr->handled_access_fs is 0)
>
>         Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>         ---
>          runtest/syscalls                                   | 2 +
>          testcases/kernel/syscalls/landlock/.gitignore      | 1 +
>          testcases/kernel/syscalls/landlock/Makefile        | 10 +++
>          testcases/kernel/syscalls/landlock/landlock01.c    | 87
>         ++++++++++++++++++++++
>          .../kernel/syscalls/landlock/landlock_common.h     | 74
>         ++++++++++++++++++
>          5 files changed, 174 insertions(+)
>
>         diff --git a/runtest/syscalls b/runtest/syscalls
>         index 44a577db3..4c566d95f 100644
>         --- a/runtest/syscalls
>         +++ b/runtest/syscalls
>         @@ -684,6 +684,8 @@ kill11 kill11
>          kill12 kill12
>          kill13 kill13
>
>         +landlock01 landlock01
>         +
>          lchown01 lchown01
>          lchown01_16 lchown01_16
>          lchown02  lchown02
>         diff --git a/testcases/kernel/syscalls/landlock/.gitignore
>         b/testcases/kernel/syscalls/landlock/.gitignore
>         new file mode 100644
>         index 000000000..b69f9b94a
>         --- /dev/null
>         +++ b/testcases/kernel/syscalls/landlock/.gitignore
>         @@ -0,0 +1 @@
>         +landlock01
>         diff --git a/testcases/kernel/syscalls/landlock/Makefile
>         b/testcases/kernel/syscalls/landlock/Makefile
>         new file mode 100644
>         index 000000000..4b3e3fd8f
>         --- /dev/null
>         +++ b/testcases/kernel/syscalls/landlock/Makefile
>         @@ -0,0 +1,10 @@
>         +# SPDX-License-Identifier: GPL-2.0-or-later
>         +# Copyright (C) 2024 SUSE LLC Andrea Cervesato
>         <andrea.cervesato@suse.com>
>         +
>         +top_srcdir             ?= ../../../..
>         +
>         +include $(top_srcdir)/include/mk/testcases.mk
>         <http://testcases.mk>
>         +
>         +LDLIBS += -lc
>         +
>         +include $(top_srcdir)/include/mk/generic_leaf_target.mk
>         <http://generic_leaf_target.mk>
>         diff --git a/testcases/kernel/syscalls/landlock/landlock01.c
>         b/testcases/kernel/syscalls/landlock/landlock01.c
>         new file mode 100644
>         index 000000000..9f8c6489c
>         --- /dev/null
>         +++ b/testcases/kernel/syscalls/landlock/landlock01.c
>         @@ -0,0 +1,87 @@
>         +// SPDX-License-Identifier: GPL-2.0-or-later
>         +/*
>         + * Copyright (C) 2024 SUSE LLC Andrea Cervesato
>         <andrea.cervesato@suse.com>
>         + */
>         +
>         +/*\
>         + * [Description]
>         + *
>         + * This test verifies that landlock_create_ruleset syscall
>         fails with the right
>         + * error codes:
>         + *
>         + * - EINVAL Unknown flags, or unknown access, or too small size
>         + * - E2BIG size is too big
>         + * - EFAULT attr was not a valid address
>         + * - ENOMSG Empty accesses (i.e., attr->handled_access_fs is 0)
>         + */
>         +
>         +#include "landlock_common.h"
>         +
>         +static struct landlock_ruleset_attr *ruleset_attr;
>         +static struct landlock_ruleset_attr *null_attr;
>         +static size_t rule_size;
>         +static size_t rule_small_size;
>         +static size_t rule_big_size;
>         +
>         +static struct tcase {
>         +       struct landlock_ruleset_attr **attr;
>         +       uint64_t access_fs;
>         +       size_t *size;
>         +       uint32_t flags;
>         +       int exp_errno;
>         +       char *msg;
>         +} tcases[] = {
>         +       {&ruleset_attr, -1, &rule_size, 0, EINVAL, "Unknown
>         access"},
>         +       {&ruleset_attr, 0, &rule_small_size, 0, EINVAL, "Size
>         is too small"},
>         +       {&ruleset_attr, 0, &rule_size, -1, EINVAL, "Unknown
>         flags"},
>         +       {&ruleset_attr, 0, &rule_big_size, 0, E2BIG, "Size is
>         too big"},
>         +       {&null_attr,    0, &rule_size, 0, EFAULT, "Invalid
>         attr address"},
>         +       {&ruleset_attr, 0, &rule_size, 0, ENOMSG, "Empty
>         accesses"},
>         +};
>         +
>         +static void run(unsigned int n)
>         +{
>         +       struct tcase *tc = &tcases[n];
>         +
>         +       if (*tc->attr)
>         +               (*tc->attr)->handled_access_fs = tc->access_fs;
>         +
>         +  TST_EXP_FAIL(tst_syscall(__NR_landlock_create_ruleset,
>         +                       *tc->attr, *tc->size, tc->flags),
>         +               tc->exp_errno,
>         +               "%s",
>         +               tc->msg);
>         +
>         +       if (TST_RET >= 0)
>         +               SAFE_CLOSE(TST_RET);
>         +}
>         +
>         +static void setup(void)
>         +{
>         +       verify_landlock_is_enabled();
>         +
>         +       rule_size = sizeof(struct landlock_ruleset_attr);
>         +
>         +       rule_small_size = rule_size - 1;
>
>
>     Here minus 1 is not enough, we have to decrease more than 8
>     otherwise it just returns ENOMSG.
>
>         landlock01.c:49: TFAIL: Size is too small expected EINVAL:
>     ENOMSG (42)
>
>     rule_small_size = rule_size - 9;
>
>     or, we use a small enough type:
>
>       rule_small_size = sizeof(int);
>
>     my test kernel is 6.9.6-200.fc40.x86_64.
>
>     I haven't figured out that's why, but maybe inside the
>     landlock_create_ruleset()
>     syscall compare the size unprecisely. Something like invoke the
>     copy_min_struct_from_user.
>
>     199         err = copy_min_struct_from_user(&ruleset_attr,
>     sizeof(ruleset_attr),
>     200 offsetofend(typeof(ruleset_attr),
>     201 handled_access_fs),
>     202                                          attr, size);
>
>     ...
>
>     32 #define offsetofend(TYPE, MEMBER) \
>      33         (offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER))
>
>     This needs more investigation...
>
>
> I guess I found the reason, kernel commit fff69fb03dde1df introducing 
> a new
> field 'handled_access_net' in the structure, but in the 
> landlock_create_ruleset(),
> it still uses the first field 'handled_access_fs' to count min size, 
> so that why
> decrease 1 is useless in your test.
>
> I will send out a RFC patch to LKML for that. Thanks!
>
> --- a/security/landlock/syscalls.c
> +++ b/security/landlock/syscalls.c
> @@ -198,7 +198,7 @@ SYSCALL_DEFINE3(landlock_create_ruleset,
>         /* Copies raw user space buffer. */
>         err = copy_min_struct_from_user(&ruleset_attr, 
> sizeof(ruleset_attr),
> offsetofend(typeof(ruleset_attr),
> - handled_access_fs),
> + handled_access_net),
>                                         attr, size);
>         if (err)
>                 return err;
>
>
>
> -- 
> Regards,
> Li Wang

First of all, thanks for the review. Super for the bug in the landlock code.

Regards,
Andrea Cervesato

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 05/10] Add landlock01 test

[Li Wang]

Andrea Cervesato <andrea.cervesato@suse.com> wrote:


> +static void setup(void)
>>> +{
>>> +       verify_landlock_is_enabled();
>>> +
>>> +       rule_size = sizeof(struct landlock_ruleset_attr);
>>> +
>>> +       rule_small_size = rule_size - 1;
>>>
>>
>> Here minus 1 is not enough, we have to decrease more than 8
>> otherwise it just returns ENOMSG.
>>
>>     landlock01.c:49: TFAIL: Size is too small expected EINVAL: ENOMSG (42)
>>
>>   rule_small_size = rule_size - 9;
>>
>> or, we use a small enough type:
>>
>>   rule_small_size = sizeof(int);
>>
>> my test kernel is 6.9.6-200.fc40.x86_64.
>>
>> I haven't figured out that's why, but maybe inside the
>> landlock_create_ruleset()
>> syscall compare the size unprecisely. Something like invoke the
>> copy_min_struct_from_user.
>>
>> 199         err = copy_min_struct_from_user(&ruleset_attr,
>> sizeof(ruleset_attr),
>> 200
>> offsetofend(typeof(ruleset_attr),
>> 201                                          handled_access_fs),
>> 202                                          attr, size);
>>
>> ...
>>
>> 32 #define offsetofend(TYPE, MEMBER) \
>>  33         (offsetof(TYPE, MEMBER) + sizeof_field(TYPE, MEMBER))
>>
>> This needs more investigation...
>>
>
> I guess I found the reason, kernel commit fff69fb03dde1df introducing a new
> field 'handled_access_net' in the structure, but in the
> landlock_create_ruleset(),
> it still uses the first field 'handled_access_fs' to count min size, so
> that why
> decrease 1 is useless in your test.
>
> I will send out a RFC patch to LKML for that. Thanks!
>
> --- a/security/landlock/syscalls.c
> +++ b/security/landlock/syscalls.c
> @@ -198,7 +198,7 @@ SYSCALL_DEFINE3(landlock_create_ruleset,
>         /* Copies raw user space buffer. */
>         err = copy_min_struct_from_user(&ruleset_attr,
> sizeof(ruleset_attr),
>                                         offsetofend(typeof(ruleset_attr),
> -                                                   handled_access_fs),
> +                                                   handled_access_net),
>                                         attr, size);
>         if (err)
>                 return err;
>
>>
>
> --
> Regards,
> Li Wang
>
> First of all, thanks for the review. Super for the bug in the landlock
> code.
>
No problem, but that's maybe on purpose set only one field for
the structure's minimal size, if so, we have to adjust your testcase
to decrese 9.

Let's see what the author thinks about my proposal patch[1].

[1] https://lists.linux.it/pipermail/ltp/2024-July/039073.html


-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 07/10] Add landlock03 test

[Li Wang]

Reviewed-by: Li Wang <liwang@redhat.com>

On Mon, Jul 1, 2024 at 11:53 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> This test verifies that landlock_restrict_self syscall fails with the
> right error codes:
>
> - EINVAL flags is not 0
> - EBADF ruleset_fd is not a file descriptor for the current thread
> - EBADFD ruleset_fd is not a ruleset file descriptor
> - EPERM ruleset doesn't have CAP_SYS_ADMIN in its namespace
> - E2BIG The maximum number of stacked rulesets is reached for the
>   current thread
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  runtest/syscalls                                |   1 +
>  testcases/kernel/syscalls/landlock/.gitignore   |   1 +
>  testcases/kernel/syscalls/landlock/landlock03.c | 119
> ++++++++++++++++++++++++
>  3 files changed, 121 insertions(+)
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 7f9c83292..1e2d682e3 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -686,6 +686,7 @@ kill13 kill13
>
>  landlock01 landlock01
>  landlock02 landlock02
> +landlock03 landlock03
>
>  lchown01 lchown01
>  lchown01_16 lchown01_16
> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
> b/testcases/kernel/syscalls/landlock/.gitignore
> index ffed4abd2..f79cd090b 100644
> --- a/testcases/kernel/syscalls/landlock/.gitignore
> +++ b/testcases/kernel/syscalls/landlock/.gitignore
> @@ -1,2 +1,3 @@
>  landlock01
>  landlock02
> +landlock03
> diff --git a/testcases/kernel/syscalls/landlock/landlock03.c
> b/testcases/kernel/syscalls/landlock/landlock03.c
> new file mode 100644
> index 000000000..6511e24a7
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/landlock03.c
> @@ -0,0 +1,119 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <
> andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * This test verifies that landlock_restrict_self syscall fails with the
> right
> + * error codes:
> + *
> + * - EINVAL flags is not 0
> + * - EBADF ruleset_fd is not a file descriptor for the current thread
> + * - EBADFD ruleset_fd is not a ruleset file descriptor
> + * - EPERM ruleset doesn't have CAP_SYS_ADMIN in its namespace
> + * - E2BIG The maximum number of stacked rulesets is reached for the
> current
> + *   thread
> + */
> +
> +#include "landlock_common.h"
> +
> +#define MAX_STACKED_RULESETS 16
> +
> +static struct landlock_ruleset_attr *ruleset_attr;
> +static int ruleset_fd = -1;
> +static int ruleset_invalid = -1;
> +static int file_fd = -1;
> +
> +static struct tst_cap dropadmin = {
> +       .action = TST_CAP_DROP,
> +       .id = CAP_SYS_ADMIN,
> +       .name = "CAP_SYS_ADMIN",
> +};
> +
> +static struct tst_cap needadmin = {
> +       .action = TST_CAP_REQ,
> +       .id = CAP_SYS_ADMIN,
> +       .name = "CAP_SYS_ADMIN",
> +};
> +
> +static struct tcase {
> +       int *fd;
> +       uint32_t flags;
> +       int exp_errno;
> +       char *msg;
> +} tcases[] = {
> +       {&ruleset_fd, -1, EINVAL, "Invalid flags"},
> +       {&ruleset_invalid, 0, EBADF, "Invalid file descriptor"},
> +       {&file_fd, 0, EBADFD, "Not a ruleset file descriptor"},
> +       {&ruleset_fd, 0, EPERM, "File descriptor doesn't have
> CAP_SYS_ADMIN"},
> +       {&ruleset_fd, 0, E2BIG, "Maximum number of stacked rulesets is
> reached"},
> +};
> +
> +static void run(unsigned int n)
> +{
> +       struct tcase *tc = &tcases[n];
> +
> +       if (tc->exp_errno == EPERM)
> +               tst_cap_action(&dropadmin);
> +
> +       if (tc->exp_errno == E2BIG) {
> +               for (int i = 0; i < MAX_STACKED_RULESETS; i++) {
> +
>  TST_EXP_PASS_SILENT(tst_syscall(__NR_landlock_restrict_self,
> +                               *tc->fd, tc->flags));
> +                       if (TST_RET == -1)
> +                               return;
> +               }
> +       }
> +
> +       TST_EXP_FAIL(tst_syscall(__NR_landlock_restrict_self, *tc->fd,
> tc->flags),
> +               tc->exp_errno,
> +               "%s", tc->msg);
> +
> +       if (tc->exp_errno == EPERM)
> +               tst_cap_action(&needadmin);
> +}
> +
> +static void setup(void)
> +{
> +       verify_landlock_is_enabled();
> +
> +       ruleset_attr->handled_access_fs = LANDLOCK_ACCESS_FS_EXECUTE;
> +
> +       ruleset_fd =
> TST_EXP_FD_SILENT(tst_syscall(__NR_landlock_create_ruleset,
> +               ruleset_attr, sizeof(struct landlock_ruleset_attr), 0));
> +
> +       file_fd = SAFE_OPEN("junk.bin", O_CREAT, 0777);
> +}
> +
> +static void cleanup(void)
> +{
> +       if (ruleset_fd != -1)
> +               SAFE_CLOSE(ruleset_fd);
> +
> +       if (file_fd != -1)
> +               SAFE_CLOSE(file_fd);
> +}
> +
> +static struct tst_test test = {
> +       .test = run,
> +       .tcnt = ARRAY_SIZE(tcases),
> +       .setup = setup,
> +       .cleanup = cleanup,
> +       .min_kver = "5.13",
> +       .needs_tmpdir = 1,
> +       .needs_root = 1,
> +       .needs_kconfigs = (const char *[]) {
> +               "CONFIG_SECURITY_LANDLOCK=y",
> +               NULL
> +       },
> +       .bufs = (struct tst_buffers []) {
> +               {&ruleset_attr, .size = sizeof(struct
> landlock_ruleset_attr)},
> +               {},
> +       },
> +       .caps = (struct tst_cap []) {
> +               TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
> +               {}
> +       },
> +};
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>
>

-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 08/10] Add landlock04 test

[Li Wang]

On Tue, Jul 2, 2024 at 4:00 PM Li Wang <liwang@redhat.com> wrote:

>
>
> On Mon, Jul 1, 2024 at 11:44 PM Andrea Cervesato <andrea.cervesato@suse.de>
> wrote:
>
>> From: Andrea Cervesato <andrea.cervesato@suse.com>
>>
>> This test verifies that all landlock rules are working properly.
>> The way we do it is to verify that all disabled syscalls are not
>> working but the one we enabled via specifc landlock rules.
>>
>> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>> ---
>>  runtest/syscalls                                   |   1 +
>>  testcases/kernel/syscalls/landlock/.gitignore      |   2 +
>>  testcases/kernel/syscalls/landlock/Makefile        |   5 +
>>  testcases/kernel/syscalls/landlock/landlock04.c    | 143 +++++++++
>>  testcases/kernel/syscalls/landlock/landlock_exec.c |   9 +
>>  .../kernel/syscalls/landlock/landlock_tester.h     | 350
>> +++++++++++++++++++++
>>  6 files changed, 510 insertions(+)
>>
>> diff --git a/runtest/syscalls b/runtest/syscalls
>> index 1e2d682e3..9acdaf760 100644
>> --- a/runtest/syscalls
>> +++ b/runtest/syscalls
>> @@ -687,6 +687,7 @@ kill13 kill13
>>  landlock01 landlock01
>>  landlock02 landlock02
>>  landlock03 landlock03
>> +landlock04 landlock04
>>
>>  lchown01 lchown01
>>  lchown01_16 lchown01_16
>> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
>> b/testcases/kernel/syscalls/landlock/.gitignore
>> index f79cd090b..4fe8d7cba 100644
>> --- a/testcases/kernel/syscalls/landlock/.gitignore
>> +++ b/testcases/kernel/syscalls/landlock/.gitignore
>> @@ -1,3 +1,5 @@
>> +landlock_exec
>>  landlock01
>>  landlock02
>>  landlock03
>> +landlock04
>> diff --git a/testcases/kernel/syscalls/landlock/Makefile
>> b/testcases/kernel/syscalls/landlock/Makefile
>> index 4b3e3fd8f..bdc6bd2d4 100644
>> --- a/testcases/kernel/syscalls/landlock/Makefile
>> +++ b/testcases/kernel/syscalls/landlock/Makefile
>> @@ -8,3 +8,8 @@ include $(top_srcdir)/include/mk/testcases.mk
>>  LDLIBS += -lc
>>
>>  include $(top_srcdir)/include/mk/generic_leaf_target.mk
>> +
>> +# the reason why landlock_exec test binary is statically linked, is that
>> +# we can't read libc out of the sandboxed folder once
>> LANDLOCK_ACCESS_FS_EXECUTE
>> +# has been activated
>> +landlock_exec: LDLIBS += -static -fPIC
>>
>
And, if we decided to build the program as static, we'd better
adding glibc-static into the dependency list, otherwise it always
failed to link the binary on RHEL distributions.

--- a/ci/fedora.sh
+++ b/ci/fedora.sh
@@ -17,6 +17,7 @@ $yum \
        numactl-devel \
        libtirpc \
        libtirpc-devel \
+       libc-static \
        perl-JSON \
        perl-libwww-perl \
        pkg-config \



-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 09/10] Add landlock05 test

[Li Wang]

On Mon, Jul 1, 2024 at 11:45 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> This test verifies LANDLOCK_ACCESS_FS_REFER access in the
> landlock sandbox. The feature is available since kernel 5.19.
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>

Reviewed-by: Li Wang <liwang@redhat.com>

---
>  runtest/syscalls                                |   1 +
>  testcases/kernel/syscalls/landlock/.gitignore   |   1 +
>  testcases/kernel/syscalls/landlock/landlock05.c | 113
> ++++++++++++++++++++++++
>  3 files changed, 115 insertions(+)
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 9acdaf760..a3ade6dc1 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -688,6 +688,7 @@ landlock01 landlock01
>  landlock02 landlock02
>  landlock03 landlock03
>  landlock04 landlock04
> +landlock05 landlock05
>
>  lchown01 lchown01
>  lchown01_16 lchown01_16
> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
> b/testcases/kernel/syscalls/landlock/.gitignore
> index 4fe8d7cba..a7ea6be2e 100644
> --- a/testcases/kernel/syscalls/landlock/.gitignore
> +++ b/testcases/kernel/syscalls/landlock/.gitignore
> @@ -3,3 +3,4 @@ landlock01
>  landlock02
>  landlock03
>  landlock04
> +landlock05
> diff --git a/testcases/kernel/syscalls/landlock/landlock05.c
> b/testcases/kernel/syscalls/landlock/landlock05.c
> new file mode 100644
> index 000000000..57ed67e9f
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/landlock05.c
> @@ -0,0 +1,113 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <
> andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * This test verifies LANDLOCK_ACCESS_FS_REFER access in the
> + * landlock sandbox.
> + *
> + * [Algorithm]
> + *
> + * - apply LANDLOCK_ACCESS_FS_REFER in the folder1
> + * - apply LANDLOCK_ACCESS_FS_REFER in the folder2
> + * - create folder3
> + * - verify that file can be moved from folder1 to folder2
> + * - verify that file can't be moved from folder1 to folder3
> + */
> +
> +#include "landlock_common.h"
> +
> +#define MNTPOINT "sandbox"
> +#define DIR1 MNTPOINT"/folder1"
> +#define DIR2 MNTPOINT"/folder2"
> +#define DIR3 MNTPOINT"/folder3"
> +#define FILENAME1 DIR1"/file"
> +#define FILENAME2 DIR2"/file"
> +#define FILENAME3 DIR3"/file"
> +
> +static struct landlock_ruleset_attr *ruleset_attr;
> +static struct landlock_path_beneath_attr *path_beneath_attr;
> +
> +static void run(void)
> +{
> +       if (!SAFE_FORK()) {
>

Do we really need a fork and test in children here?




> +               TST_EXP_PASS(rename(FILENAME1, FILENAME2));
> +               if (TST_RET == -1)
> +                       return;
> +
> +               TST_EXP_FAIL(rename(FILENAME2, FILENAME3), EXDEV);
> +
> +               _exit(0);
> +       }
> +}
> +
> +static void setup(void)
> +{
> +       int ruleset_fd;
> +
> +       verify_landlock_is_enabled();
> +
> +       SAFE_MKDIR(DIR1, 0640);
> +       SAFE_MKDIR(DIR2, 0640);
> +       SAFE_MKDIR(DIR3, 0640);
> +       SAFE_TOUCH(FILENAME1, 0640, NULL);
> +
> +       tst_res(TINFO, "Applying LANDLOCK_ACCESS_FS_REFER");
> +
> +       ruleset_attr->handled_access_fs =
> +               LANDLOCK_ACCESS_FS_READ_FILE |
> +               LANDLOCK_ACCESS_FS_WRITE_FILE |
> +               LANDLOCK_ACCESS_FS_REFER;
> +
> +       ruleset_fd = SAFE_LANDLOCK_CREATE_RULESET(
> +               ruleset_attr, sizeof(struct landlock_ruleset_attr), 0);
> +
> +       apply_landlock_rule(
> +               path_beneath_attr,
> +               ruleset_fd,
> +               LANDLOCK_ACCESS_FS_REFER,
> +               DIR1);
> +
> +       apply_landlock_rule(
> +               path_beneath_attr,
> +               ruleset_fd,
> +               LANDLOCK_ACCESS_FS_REFER,
> +               DIR2);
> +
> +       enforce_ruleset(ruleset_fd);
> +
> +       SAFE_CLOSE(ruleset_fd);
> +}
> +
> +static struct tst_test test = {
> +       .test_all = run,
> +       .setup = setup,
> +       .min_kver = "5.19",
> +       .needs_tmpdir = 1,
> +       .needs_root = 1,
> +       .forks_child = 1,
> +       .needs_kconfigs = (const char *[]) {
> +               "CONFIG_SECURITY_LANDLOCK=y",
> +               NULL
> +       },
> +       .bufs = (struct tst_buffers []) {
> +               {&ruleset_attr, .size = sizeof(struct
> landlock_ruleset_attr)},
> +               {&path_beneath_attr, .size = sizeof(struct
> landlock_path_beneath_attr)},
> +               {},
> +       },
> +       .caps = (struct tst_cap []) {
> +               TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
> +               {}
> +       },
> +       .format_device = 1,
> +       .mount_device = 1,
> +       .mntpoint = MNTPOINT,
> +       .all_filesystems = 1,
> +       .skip_filesystems = (const char *[]) {
> +               "vfat",
> +               NULL
> +       },
> +};
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>
>

-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 09/10] Add landlock05 test

[Andrea Cervesato via ltp]

On 7/3/24 09:32, Li Wang wrote:
>
>
> On Mon, Jul 1, 2024 at 11:45 PM Andrea Cervesato 
> <andrea.cervesato@suse.de> wrote:
>
>     From: Andrea Cervesato <andrea.cervesato@suse.com>
>
>     This test verifies LANDLOCK_ACCESS_FS_REFER access in the
>     landlock sandbox. The feature is available since kernel 5.19.
>
>     Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>
>
> Reviewed-by: Li Wang <liwang@redhat.com>
>
>     ---
>      runtest/syscalls                                |   1 +
>      testcases/kernel/syscalls/landlock/.gitignore   |   1 +
>      testcases/kernel/syscalls/landlock/landlock05.c | 113
>     ++++++++++++++++++++++++
>      3 files changed, 115 insertions(+)
>
>     diff --git a/runtest/syscalls b/runtest/syscalls
>     index 9acdaf760..a3ade6dc1 100644
>     --- a/runtest/syscalls
>     +++ b/runtest/syscalls
>     @@ -688,6 +688,7 @@ landlock01 landlock01
>      landlock02 landlock02
>      landlock03 landlock03
>      landlock04 landlock04
>     +landlock05 landlock05
>
>      lchown01 lchown01
>      lchown01_16 lchown01_16
>     diff --git a/testcases/kernel/syscalls/landlock/.gitignore
>     b/testcases/kernel/syscalls/landlock/.gitignore
>     index 4fe8d7cba..a7ea6be2e 100644
>     --- a/testcases/kernel/syscalls/landlock/.gitignore
>     +++ b/testcases/kernel/syscalls/landlock/.gitignore
>     @@ -3,3 +3,4 @@ landlock01
>      landlock02
>      landlock03
>      landlock04
>     +landlock05
>     diff --git a/testcases/kernel/syscalls/landlock/landlock05.c
>     b/testcases/kernel/syscalls/landlock/landlock05.c
>     new file mode 100644
>     index 000000000..57ed67e9f
>     --- /dev/null
>     +++ b/testcases/kernel/syscalls/landlock/landlock05.c
>     @@ -0,0 +1,113 @@
>     +// SPDX-License-Identifier: GPL-2.0-or-later
>     +/*
>     + * Copyright (C) 2024 SUSE LLC Andrea Cervesato
>     <andrea.cervesato@suse.com>
>     + */
>     +
>     +/*\
>     + * [Description]
>     + *
>     + * This test verifies LANDLOCK_ACCESS_FS_REFER access in the
>     + * landlock sandbox.
>     + *
>     + * [Algorithm]
>     + *
>     + * - apply LANDLOCK_ACCESS_FS_REFER in the folder1
>     + * - apply LANDLOCK_ACCESS_FS_REFER in the folder2
>     + * - create folder3
>     + * - verify that file can be moved from folder1 to folder2
>     + * - verify that file can't be moved from folder1 to folder3
>     + */
>     +
>     +#include "landlock_common.h"
>     +
>     +#define MNTPOINT "sandbox"
>     +#define DIR1 MNTPOINT"/folder1"
>     +#define DIR2 MNTPOINT"/folder2"
>     +#define DIR3 MNTPOINT"/folder3"
>     +#define FILENAME1 DIR1"/file"
>     +#define FILENAME2 DIR2"/file"
>     +#define FILENAME3 DIR3"/file"
>     +
>     +static struct landlock_ruleset_attr *ruleset_attr;
>     +static struct landlock_path_beneath_attr *path_beneath_attr;
>     +
>     +static void run(void)
>     +{
>     +       if (!SAFE_FORK()) {
>
>
> Do we really need a fork and test in children here?
>
Yeah, the reason is that sandbox is activated for the entire process. 
That means temporary folder cleanup might be affected when we force 
read-only rule.
>
>     +               TST_EXP_PASS(rename(FILENAME1, FILENAME2));
>     +               if (TST_RET == -1)
>     +                       return;
>     +
>     +               TST_EXP_FAIL(rename(FILENAME2, FILENAME3), EXDEV);
>     +
>     +               _exit(0);
>     +       }
>     +}
>     +
>     +static void setup(void)
>     +{
>     +       int ruleset_fd;
>     +
>     +       verify_landlock_is_enabled();
>     +
>     +       SAFE_MKDIR(DIR1, 0640);
>     +       SAFE_MKDIR(DIR2, 0640);
>     +       SAFE_MKDIR(DIR3, 0640);
>     +       SAFE_TOUCH(FILENAME1, 0640, NULL);
>     +
>     +       tst_res(TINFO, "Applying LANDLOCK_ACCESS_FS_REFER");
>     +
>     +       ruleset_attr->handled_access_fs =
>     +               LANDLOCK_ACCESS_FS_READ_FILE |
>     +               LANDLOCK_ACCESS_FS_WRITE_FILE |
>     +               LANDLOCK_ACCESS_FS_REFER;
>     +
>     +       ruleset_fd = SAFE_LANDLOCK_CREATE_RULESET(
>     +               ruleset_attr, sizeof(struct
>     landlock_ruleset_attr), 0);
>     +
>     +       apply_landlock_rule(
>     +               path_beneath_attr,
>     +               ruleset_fd,
>     +               LANDLOCK_ACCESS_FS_REFER,
>     +               DIR1);
>     +
>     +       apply_landlock_rule(
>     +               path_beneath_attr,
>     +               ruleset_fd,
>     +               LANDLOCK_ACCESS_FS_REFER,
>     +               DIR2);
>     +
>     +       enforce_ruleset(ruleset_fd);
>     +
>     +       SAFE_CLOSE(ruleset_fd);
>     +}
>     +
>     +static struct tst_test test = {
>     +       .test_all = run,
>     +       .setup = setup,
>     +       .min_kver = "5.19",
>     +       .needs_tmpdir = 1,
>     +       .needs_root = 1,
>     +       .forks_child = 1,
>     +       .needs_kconfigs = (const char *[]) {
>     +               "CONFIG_SECURITY_LANDLOCK=y",
>     +               NULL
>     +       },
>     +       .bufs = (struct tst_buffers []) {
>     +               {&ruleset_attr, .size = sizeof(struct
>     landlock_ruleset_attr)},
>     +               {&path_beneath_attr, .size = sizeof(struct
>     landlock_path_beneath_attr)},
>     +               {},
>     +       },
>     +       .caps = (struct tst_cap []) {
>     +               TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
>     +               {}
>     +       },
>     +       .format_device = 1,
>     +       .mount_device = 1,
>     +       .mntpoint = MNTPOINT,
>     +       .all_filesystems = 1,
>     +       .skip_filesystems = (const char *[]) {
>     +               "vfat",
>     +               NULL
>     +       },
>     +};
>
>     -- 
>     2.43.0
>
>
>     -- 
>     Mailing list info: https://lists.linux.it/listinfo/ltp
>
>
>
> -- 
> Regards,
> Li Wang

Andrea

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 09/10] Add landlock05 test

[Li Wang]

On Wed, Jul 3, 2024 at 3:37 PM Andrea Cervesato <andrea.cervesato@suse.com>
wrote:

> On 7/3/24 09:32, Li Wang wrote:
>
>
>
> On Mon, Jul 1, 2024 at 11:45 PM Andrea Cervesato <andrea.cervesato@suse.de>
> wrote:
>
>> From: Andrea Cervesato <andrea.cervesato@suse.com>
>>
>> This test verifies LANDLOCK_ACCESS_FS_REFER access in the
>> landlock sandbox. The feature is available since kernel 5.19.
>>
>> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>>
>
> Reviewed-by: Li Wang <liwang@redhat.com>
>
> ---
>>  runtest/syscalls                                |   1 +
>>  testcases/kernel/syscalls/landlock/.gitignore   |   1 +
>>  testcases/kernel/syscalls/landlock/landlock05.c | 113
>> ++++++++++++++++++++++++
>>  3 files changed, 115 insertions(+)
>>
>> diff --git a/runtest/syscalls b/runtest/syscalls
>> index 9acdaf760..a3ade6dc1 100644
>> --- a/runtest/syscalls
>> +++ b/runtest/syscalls
>> @@ -688,6 +688,7 @@ landlock01 landlock01
>>  landlock02 landlock02
>>  landlock03 landlock03
>>  landlock04 landlock04
>> +landlock05 landlock05
>>
>>  lchown01 lchown01
>>  lchown01_16 lchown01_16
>> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
>> b/testcases/kernel/syscalls/landlock/.gitignore
>> index 4fe8d7cba..a7ea6be2e 100644
>> --- a/testcases/kernel/syscalls/landlock/.gitignore
>> +++ b/testcases/kernel/syscalls/landlock/.gitignore
>> @@ -3,3 +3,4 @@ landlock01
>>  landlock02
>>  landlock03
>>  landlock04
>> +landlock05
>> diff --git a/testcases/kernel/syscalls/landlock/landlock05.c
>> b/testcases/kernel/syscalls/landlock/landlock05.c
>> new file mode 100644
>> index 000000000..57ed67e9f
>> --- /dev/null
>> +++ b/testcases/kernel/syscalls/landlock/landlock05.c
>> @@ -0,0 +1,113 @@
>> +// SPDX-License-Identifier: GPL-2.0-or-later
>> +/*
>> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <
>> andrea.cervesato@suse.com>
>> + */
>> +
>> +/*\
>> + * [Description]
>> + *
>> + * This test verifies LANDLOCK_ACCESS_FS_REFER access in the
>> + * landlock sandbox.
>> + *
>> + * [Algorithm]
>> + *
>> + * - apply LANDLOCK_ACCESS_FS_REFER in the folder1
>> + * - apply LANDLOCK_ACCESS_FS_REFER in the folder2
>> + * - create folder3
>> + * - verify that file can be moved from folder1 to folder2
>> + * - verify that file can't be moved from folder1 to folder3
>> + */
>> +
>> +#include "landlock_common.h"
>> +
>> +#define MNTPOINT "sandbox"
>> +#define DIR1 MNTPOINT"/folder1"
>> +#define DIR2 MNTPOINT"/folder2"
>> +#define DIR3 MNTPOINT"/folder3"
>> +#define FILENAME1 DIR1"/file"
>> +#define FILENAME2 DIR2"/file"
>> +#define FILENAME3 DIR3"/file"
>> +
>> +static struct landlock_ruleset_attr *ruleset_attr;
>> +static struct landlock_path_beneath_attr *path_beneath_attr;
>> +
>> +static void run(void)
>> +{
>> +       if (!SAFE_FORK()) {
>>
>
> Do we really need a fork and test in children here?
>
> Yeah, the reason is that sandbox is activated for the entire process. That
> means temporary folder cleanup might be affected when we force read-only
> rule.
>

I see, thanks!

>
>
>
>> +               TST_EXP_PASS(rename(FILENAME1, FILENAME2));
>> +               if (TST_RET == -1)
>> +                       return;
>> +
>> +               TST_EXP_FAIL(rename(FILENAME2, FILENAME3), EXDEV);
>>
>
And here I guess we can move the file2 back to file1 to make the "-i 2"
parameter work normally.

  TST_EXP_PASS(rename(FILENAME2, FILENAME1));

+
>> +               _exit(0);
>> +       }
>> +}
>> +
>> +static void setup(void)
>> +{
>> +       int ruleset_fd;
>> +
>> +       verify_landlock_is_enabled();
>> +
>> +       SAFE_MKDIR(DIR1, 0640);
>> +       SAFE_MKDIR(DIR2, 0640);
>> +       SAFE_MKDIR(DIR3, 0640);
>> +       SAFE_TOUCH(FILENAME1, 0640, NULL);
>> +
>> +       tst_res(TINFO, "Applying LANDLOCK_ACCESS_FS_REFER");
>> +
>> +       ruleset_attr->handled_access_fs =
>> +               LANDLOCK_ACCESS_FS_READ_FILE |
>> +               LANDLOCK_ACCESS_FS_WRITE_FILE |
>> +               LANDLOCK_ACCESS_FS_REFER;
>> +
>> +       ruleset_fd = SAFE_LANDLOCK_CREATE_RULESET(
>> +               ruleset_attr, sizeof(struct landlock_ruleset_attr), 0);
>> +
>> +       apply_landlock_rule(
>> +               path_beneath_attr,
>> +               ruleset_fd,
>> +               LANDLOCK_ACCESS_FS_REFER,
>> +               DIR1);
>> +
>> +       apply_landlock_rule(
>> +               path_beneath_attr,
>> +               ruleset_fd,
>> +               LANDLOCK_ACCESS_FS_REFER,
>> +               DIR2);
>> +
>> +       enforce_ruleset(ruleset_fd);
>> +
>> +       SAFE_CLOSE(ruleset_fd);
>> +}
>> +
>> +static struct tst_test test = {
>> +       .test_all = run,
>> +       .setup = setup,
>> +       .min_kver = "5.19",
>> +       .needs_tmpdir = 1,
>> +       .needs_root = 1,
>> +       .forks_child = 1,
>> +       .needs_kconfigs = (const char *[]) {
>> +               "CONFIG_SECURITY_LANDLOCK=y",
>> +               NULL
>> +       },
>> +       .bufs = (struct tst_buffers []) {
>> +               {&ruleset_attr, .size = sizeof(struct
>> landlock_ruleset_attr)},
>> +               {&path_beneath_attr, .size = sizeof(struct
>> landlock_path_beneath_attr)},
>> +               {},
>> +       },
>> +       .caps = (struct tst_cap []) {
>> +               TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
>> +               {}
>> +       },
>> +       .format_device = 1,
>> +       .mount_device = 1,
>> +       .mntpoint = MNTPOINT,
>> +       .all_filesystems = 1,
>> +       .skip_filesystems = (const char *[]) {
>> +               "vfat",
>> +               NULL
>> +       },
>> +};
>>
>> --
>> 2.43.0
>>
>>
>> --
>> Mailing list info: https://lists.linux.it/listinfo/ltp
>>
>>
>
> --
> Regards,
> Li Wang
>
> Andrea
>


-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 08/10] Add landlock04 test

[Li Wang]

I got some failures when this test was performed with exfat FS, but haven't
figured out the reason, FYI:

# uname -r
6.9.6-200.fc40.aarch64

# LTP_SINGLE_FS_TYPE=exfat ./landlock04
...
tst_test.c:1694: TINFO: === Testing on exfat ===
tst_test.c:1106: TINFO: Formatting /dev/loop0 with exfat opts='' extra
opts=''
tst_test.c:1120: TINFO: Mounting /dev/loop0 to /tmp/LTP_lantEvE2G/sandbox
fstyp=exfat flags=0
landlock_common.h:30: TINFO: Landlock ABI v4
landlock04.c:98: TINFO: Testing LANDLOCK_ACCESS_FS_MAKE_CHAR
landlock_tester.h:237: TINFO: Test normal or special files creation
landlock_tester.h:240: TFAIL: mknod(path, type | 0400, dev) failed: EPERM
(1)
landlock_tester.h:120: TINFO: Test binary execution
landlock_tester.h:131: TPASS: execve(FILE_EXEC, args, NULL) : EACCES (13)
landlock_tester.h:146: TINFO: Test writing file
landlock_tester.h:151: TPASS: open(FILE_WRITE, O_WRONLY, PERM_MODE) :
EACCES (13)
landlock_tester.h:159: TINFO: Test reading file
...
tst_test.c:1694: TINFO: === Testing on exfat ===
tst_test.c:1106: TINFO: Formatting /dev/loop0 with exfat opts='' extra
opts=''
tst_test.c:1120: TINFO: Mounting /dev/loop0 to /tmp/LTP_lantEvE2G/sandbox
fstyp=exfat flags=0
landlock_common.h:30: TINFO: Landlock ABI v4
landlock04.c:98: TINFO: Testing LANDLOCK_ACCESS_FS_MAKE_BLOCK
landlock_tester.h:237: TINFO: Test normal or special files creation
landlock_tester.h:240: TFAIL: mknod(path, type | 0400, dev) failed: EPERM
(1)
...
tst_test.c:1694: TINFO: === Testing on exfat ===
tst_test.c:1106: TINFO: Formatting /dev/loop0 with exfat opts='' extra
opts=''
tst_test.c:1120: TINFO: Mounting /dev/loop0 to /tmp/LTP_lantEvE2G/sandbox
fstyp=exfat flags=0
landlock_common.h:30: TINFO: Landlock ABI v4
landlock04.c:98: TINFO: Testing LANDLOCK_ACCESS_FS_MAKE_SOCK
landlock_tester.h:237: TINFO: Test normal or special files creation
landlock_tester.h:240: TFAIL: mknod(path, type | 0400, dev) failed: EPERM
(1)
...


Regard,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 08/10] Add landlock04 test

[Andrea Cervesato via ltp]

Hi Li,

thanks for catching it. I had to install exfat in my VM in order to test it.
Indeed, I think exfat doesn't support char/block/sock devices, since its 
focus is mainly SD cards and USB drives.

We can easily skip that specific FS from the test, as I already done for 
vfat.

Andrea

On 7/3/24 10:20, Li Wang wrote:
>
> I got some failures when this test was performed with exfat FS, but 
> haven't figured out the reason, FYI:
>
> # uname -r
> 6.9.6-200.fc40.aarch64
>
> # LTP_SINGLE_FS_TYPE=exfat ./landlock04
> ...
> tst_test.c:1694: TINFO: === Testing on exfat ===
> tst_test.c:1106: TINFO: Formatting /dev/loop0 with exfat opts='' extra 
> opts=''
> tst_test.c:1120: TINFO: Mounting /dev/loop0 to 
> /tmp/LTP_lantEvE2G/sandbox fstyp=exfat flags=0
> landlock_common.h:30: TINFO: Landlock ABI v4
> landlock04.c:98: TINFO: Testing LANDLOCK_ACCESS_FS_MAKE_CHAR
> landlock_tester.h:237: TINFO: Test normal or special files creation
> landlock_tester.h:240: TFAIL: mknod(path, type | 0400, dev) failed: 
> EPERM (1)
> landlock_tester.h:120: TINFO: Test binary execution
> landlock_tester.h:131: TPASS: execve(FILE_EXEC, args, NULL) : EACCES (13)
> landlock_tester.h:146: TINFO: Test writing file
> landlock_tester.h:151: TPASS: open(FILE_WRITE, O_WRONLY, PERM_MODE) : 
> EACCES (13)
> landlock_tester.h:159: TINFO: Test reading file
> ...
> tst_test.c:1694: TINFO: === Testing on exfat ===
> tst_test.c:1106: TINFO: Formatting /dev/loop0 with exfat opts='' extra 
> opts=''
> tst_test.c:1120: TINFO: Mounting /dev/loop0 to 
> /tmp/LTP_lantEvE2G/sandbox fstyp=exfat flags=0
> landlock_common.h:30: TINFO: Landlock ABI v4
> landlock04.c:98: TINFO: Testing LANDLOCK_ACCESS_FS_MAKE_BLOCK
> landlock_tester.h:237: TINFO: Test normal or special files creation
> landlock_tester.h:240: TFAIL: mknod(path, type | 0400, dev) failed: 
> EPERM (1)
> ...
> tst_test.c:1694: TINFO: === Testing on exfat ===
> tst_test.c:1106: TINFO: Formatting /dev/loop0 with exfat opts='' extra 
> opts=''
> tst_test.c:1120: TINFO: Mounting /dev/loop0 to 
> /tmp/LTP_lantEvE2G/sandbox fstyp=exfat flags=0
> landlock_common.h:30: TINFO: Landlock ABI v4
> landlock04.c:98: TINFO: Testing LANDLOCK_ACCESS_FS_MAKE_SOCK
> landlock_tester.h:237: TINFO: Test normal or special files creation
> landlock_tester.h:240: TFAIL: mknod(path, type | 0400, dev) failed: 
> EPERM (1)
> ...
>
>
> Regard,
> Li Wang


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 10/10] Add landlock06 test

[Li Wang]

Nice work on those landlock syscalls test.

Reviewed-by: Li Wang <liwang@redhat.com>

On Mon, Jul 1, 2024 at 11:45 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:

> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> This test verifies LANDLOCK_ACCESS_FS_IOCTL_DEV access in the
> landlock sandbox by creating a pipe and testing that ioctl() can
> be executed on it. The test is also verifying that some of the I/O
> operations can be always executed no matter the sandbox rules.
> This feature is available since kernel 6.10.
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
>  runtest/syscalls                                |   1 +
>  testcases/kernel/syscalls/landlock/.gitignore   |   1 +
>  testcases/kernel/syscalls/landlock/landlock06.c | 110
> ++++++++++++++++++++++++
>  3 files changed, 112 insertions(+)
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index a3ade6dc1..ebaf8dea4 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -689,6 +689,7 @@ landlock02 landlock02
>  landlock03 landlock03
>  landlock04 landlock04
>  landlock05 landlock05
> +landlock06 landlock06
>
>  lchown01 lchown01
>  lchown01_16 lchown01_16
> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
> b/testcases/kernel/syscalls/landlock/.gitignore
> index a7ea6be2e..315ac1dca 100644
> --- a/testcases/kernel/syscalls/landlock/.gitignore
> +++ b/testcases/kernel/syscalls/landlock/.gitignore
> @@ -4,3 +4,4 @@ landlock02
>  landlock03
>  landlock04
>  landlock05
> +landlock06
> diff --git a/testcases/kernel/syscalls/landlock/landlock06.c
> b/testcases/kernel/syscalls/landlock/landlock06.c
> new file mode 100644
> index 000000000..3281c2d2d
> --- /dev/null
> +++ b/testcases/kernel/syscalls/landlock/landlock06.c
> @@ -0,0 +1,110 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <
> andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * [Description]
> + *
> + * This test verifies LANDLOCK_ACCESS_FS_IOCTL_DEV access in the
> + * landlock sandbox by creating a pipe and testing that ioctl() can be
> executed
> + * on it. The test is also verifying that some of the I/O operations can
> be
> + * always executed no matter the sandbox rules.
> + */
> +
> +#include "landlock_common.h"
> +#include <sys/ioctl.h>
> +
> +#define MNTPOINT "sandbox"
> +#define FILENAME MNTPOINT"/fifo"
> +
> +static struct landlock_ruleset_attr *ruleset_attr;
> +static struct landlock_path_beneath_attr *path_beneath_attr;
> +static int file_fd;
> +static int dev_fd;
> +
> +static void run(void)
> +{
> +       if (!SAFE_FORK()) {
> +               int flag;
> +               size_t sz = 0;
> +
> +               TST_EXP_PASS(ioctl(file_fd, FIONREAD, &sz));
> +
> +               /* check unrestrictable commands */
> +               TST_EXP_PASS(ioctl(dev_fd, FIOCLEX));
> +               TST_EXP_PASS(ioctl(dev_fd, FIONCLEX));
> +               TST_EXP_PASS(ioctl(dev_fd, FIONBIO, &flag));
> +               TST_EXP_PASS(ioctl(dev_fd, FIOASYNC, &flag));
> +
> +               _exit(0);
> +       }
> +}
> +
> +static void setup(void)
> +{
> +       int ruleset_fd;
> +
> +       verify_landlock_is_enabled();
> +
> +       SAFE_MKFIFO(FILENAME, 0640);
> +
> +       file_fd = SAFE_OPEN(FILENAME, O_RDONLY | O_NONBLOCK, 0640);
> +       dev_fd = SAFE_OPEN("/dev/zero", O_RDONLY | O_NONBLOCK, 0640);
> +
> +       tst_res(TINFO, "Applying LANDLOCK_ACCESS_FS_IOCTL_DEV");
> +
> +       ruleset_attr->handled_access_fs = LANDLOCK_ACCESS_FS_IOCTL_DEV;
> +
> +       ruleset_fd = SAFE_LANDLOCK_CREATE_RULESET(
> +               ruleset_attr, sizeof(struct landlock_ruleset_attr), 0);
> +
> +       apply_landlock_layer(
> +               ruleset_attr,
> +               path_beneath_attr,
> +               MNTPOINT,
> +               LANDLOCK_ACCESS_FS_IOCTL_DEV
> +       );
> +
> +       SAFE_CLOSE(ruleset_fd);
> +}
> +
> +static void cleanup(void)
> +{
> +       if (dev_fd != -1)
> +               SAFE_CLOSE(dev_fd);
> +
> +       if (file_fd != -1)
> +               SAFE_CLOSE(file_fd);
> +}
> +
> +static struct tst_test test = {
> +       .test_all = run,
> +       .setup = setup,
> +       .cleanup = cleanup,
> +       .min_kver = "6.10",
> +       .needs_tmpdir = 1,
> +       .needs_root = 1,
> +       .forks_child = 1,
> +       .needs_kconfigs = (const char *[]) {
> +               "CONFIG_SECURITY_LANDLOCK=y",
> +               NULL
> +       },
> +       .bufs = (struct tst_buffers []) {
> +               {&ruleset_attr, .size = sizeof(struct
> landlock_ruleset_attr)},
> +               {&path_beneath_attr, .size = sizeof(struct
> landlock_path_beneath_attr)},
> +               {},
> +       },
> +       .caps = (struct tst_cap []) {
> +               TST_CAP(TST_CAP_REQ, CAP_SYS_ADMIN),
> +               {}
> +       },
> +       .format_device = 1,
> +       .mount_device = 1,
> +       .mntpoint = MNTPOINT,
> +       .all_filesystems = 1,
> +       .skip_filesystems = (const char *[]) {
> +               "vfat",
> +               NULL
> +       },
> +};
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>
>

-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 08/10] Add landlock04 test

[Andrea Cervesato via ltp]

Comments below.

On 7/2/24 14:22, Li Wang wrote:
>
>
> On Tue, Jul 2, 2024 at 4:00 PM Li Wang <liwang@redhat.com> wrote:
>
>
>
>     On Mon, Jul 1, 2024 at 11:44 PM Andrea Cervesato
>     <andrea.cervesato@suse.de> wrote:
>
>         From: Andrea Cervesato <andrea.cervesato@suse.com>
>
>         This test verifies that all landlock rules are working properly.
>         The way we do it is to verify that all disabled syscalls are not
>         working but the one we enabled via specifc landlock rules.
>
>         Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>         ---
>          runtest/syscalls                                   |  1 +
>          testcases/kernel/syscalls/landlock/.gitignore      |  2 +
>          testcases/kernel/syscalls/landlock/Makefile        |  5 +
>          testcases/kernel/syscalls/landlock/landlock04.c    | 143
>         +++++++++
>          testcases/kernel/syscalls/landlock/landlock_exec.c |  9 +
>          .../kernel/syscalls/landlock/landlock_tester.h     | 350
>         +++++++++++++++++++++
>          6 files changed, 510 insertions(+)
>
>         diff --git a/runtest/syscalls b/runtest/syscalls
>         index 1e2d682e3..9acdaf760 100644
>         --- a/runtest/syscalls
>         +++ b/runtest/syscalls
>         @@ -687,6 +687,7 @@ kill13 kill13
>          landlock01 landlock01
>          landlock02 landlock02
>          landlock03 landlock03
>         +landlock04 landlock04
>
>          lchown01 lchown01
>          lchown01_16 lchown01_16
>         diff --git a/testcases/kernel/syscalls/landlock/.gitignore
>         b/testcases/kernel/syscalls/landlock/.gitignore
>         index f79cd090b..4fe8d7cba 100644
>         --- a/testcases/kernel/syscalls/landlock/.gitignore
>         +++ b/testcases/kernel/syscalls/landlock/.gitignore
>         @@ -1,3 +1,5 @@
>         +landlock_exec
>          landlock01
>          landlock02
>          landlock03
>         +landlock04
>         diff --git a/testcases/kernel/syscalls/landlock/Makefile
>         b/testcases/kernel/syscalls/landlock/Makefile
>         index 4b3e3fd8f..bdc6bd2d4 100644
>         --- a/testcases/kernel/syscalls/landlock/Makefile
>         +++ b/testcases/kernel/syscalls/landlock/Makefile
>         @@ -8,3 +8,8 @@ include $(top_srcdir)/include/mk/testcases.mk
>         <http://testcases.mk>
>          LDLIBS += -lc
>
>          include $(top_srcdir)/include/mk/generic_leaf_target.mk
>         <http://generic_leaf_target.mk>
>         +
>         +# the reason why landlock_exec test binary is statically
>         linked, is that
>         +# we can't read libc out of the sandboxed folder once
>         LANDLOCK_ACCESS_FS_EXECUTE
>         +# has been activated
>         +landlock_exec: LDLIBS += -static -fPIC
>
>
> And, if we decided to build the program as static, we'd better
> adding glibc-static into the dependency list, otherwise it always
> failed to link the binary on RHEL distributions.
>
We found a solution for this. We compile landlock_exec with dynamic 
linking, then we apply READ + EXEC rules to /lib and /lib64.
In this way we can easily execute the binary and we don't need more LTP 
dependences.
> --- a/ci/fedora.sh
> +++ b/ci/fedora.sh
> @@ -17,6 +17,7 @@ $yum \
>         numactl-devel \
>         libtirpc \
>         libtirpc-devel \
> +       libc-static \
>         perl-JSON \
>         perl-libwww-perl \
>         pkg-config \
>
>
>
> -- 
> Regards,
> Li Wang

Andrea

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 08/10] Add landlock04 test

[Li Wang]

Andrea Cervesato <andrea.cervesato@suse.com> wrote:


> +# the reason why landlock_exec test binary is statically linked, is that
>>> +# we can't read libc out of the sandboxed folder once
>>> LANDLOCK_ACCESS_FS_EXECUTE
>>> +# has been activated
>>> +landlock_exec: LDLIBS += -static -fPIC
>>>
>>
> And, if we decided to build the program as static, we'd better
> adding glibc-static into the dependency list, otherwise it always
> failed to link the binary on RHEL distributions.
>
> We found a solution for this. We compile landlock_exec with dynamic
> linking, then we apply READ + EXEC rules to /lib and /lib64.
> In this way we can easily execute the binary and we don't need more LTP
> dependences.
>

Sounds good.

-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 04/10] Add SAFE_PRCTL macro

[Petr Vorel]

Hi Andrea, Li,

...
> +int safe_prctl(const char *file, const int lineno,
> +	int option, unsigned long arg2, unsigned long arg3,
> +	unsigned long arg4, unsigned long arg5)
> +{
> +	int rval;
> +
> +	rval = prctl(option, arg2, arg3, arg4, arg5);
> +	if (rval == -1) {
> +		tst_brk_(file, lineno, TBROK | TERRNO,
> +			"prctl(%d, %lu, %lu, %lu, %lu)",
> +			option, arg2, arg3, arg4, arg5);
If I understand man prctl(2) correctly, valid values are >= 0, -1 is for error.
Shouldn't we check for invalid return value, e.g. else if (rval < 0) should
TBROK (see other uses safe_dup)? If yes, this applies to landlock SAFE_* macros
as well.

Also, some modes are for new kernels: PR_SET_IO_FLUSHER (since Linux 5.6), but I
would solve it once needed.

Otherwise LGTM.

Reviewed-by: Petr Vorel <pvorel@suse.cz>

> +	}
> +
> +	return rval;
> +}

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 03/10] Add landlock SAFE_* macros

[Petr Vorel]

Hi Andrea, Li,

...
> +++ b/include/tst_safe_macros.h
> @@ -14,6 +14,7 @@
>  #include <sys/stat.h>
>  #include <sys/vfs.h>
>  #include <sys/sysinfo.h>
> +#include <linux/landlock.h>

This will break build for more than half of the distros:

https://github.com/pevik/ltp/actions/runs/9876952862

It's mostly due missing <linux/landlock.h> on old distros, but there were also
redefinition of 'landlock_net_port_attr' at least on Fedora.

You even have some fixed version in your CI where only Leap 42 fails due
different problem), please send it (or post a diff here).
https://github.com/acerv/ltp/actions/runs/9778823237

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 03/10] Add landlock SAFE_* macros

[Andrea Cervesato via ltp]

Hi Petr,

this is already done in the v2 which has not been sent yet.

On 7/10/24 17:53, Petr Vorel wrote:
> Hi Andrea, Li,
>
> ...
>> +++ b/include/tst_safe_macros.h
>> @@ -14,6 +14,7 @@
>>   #include <sys/stat.h>
>>   #include <sys/vfs.h>
>>   #include <sys/sysinfo.h>
>> +#include <linux/landlock.h>
> This will break build for more than half of the distros:
>
> https://github.com/pevik/ltp/actions/runs/9876952862
>
> It's mostly due missing <linux/landlock.h> on old distros, but there were also
> redefinition of 'landlock_net_port_attr' at least on Fedora.
>
> You even have some fixed version in your CI where only Leap 42 fails due
> different problem), please send it (or post a diff here).
> https://github.com/acerv/ltp/actions/runs/9778823237
>
> Kind regards,
> Petr

Andrea


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 03/10] Add landlock SAFE_* macros

[Petr Vorel]

> Hi Petr,

> this is already done in the v2 which has not been sent yet.

Thanks for info, this was not obvious until I check github actions in your fork
(or I miss some message). I keep patches with NEW state so that other can have
look until you send v2.

Kind regards,
Petr

> On 7/10/24 17:53, Petr Vorel wrote:
> > Hi Andrea, Li,

> > ...
> > > +++ b/include/tst_safe_macros.h
> > > @@ -14,6 +14,7 @@
> > >   #include <sys/stat.h>
> > >   #include <sys/vfs.h>
> > >   #include <sys/sysinfo.h>
> > > +#include <linux/landlock.h>
> > This will break build for more than half of the distros:

> > https://github.com/pevik/ltp/actions/runs/9876952862

> > It's mostly due missing <linux/landlock.h> on old distros, but there were also
> > redefinition of 'landlock_net_port_attr' at least on Fedora.

> > You even have some fixed version in your CI where only Leap 42 fails due
> > different problem), please send it (or post a diff here).
> > https://github.com/acerv/ltp/actions/runs/9778823237

> > Kind regards,
> > Petr

> Andrea


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH 03/10] Add landlock SAFE_* macros

[Li Wang]

Petr Vorel <pvorel@suse.cz> wrote:



> > this is already done in the v2 which has not been sent yet.
>
> Thanks for info, this was not obvious until I check github actions in your
> fork
> (or I miss some message). I keep patches with NEW state so that other can
> have
> look until you send v2.
>

V2 has been posted, FYI:
https://lists.linux.it/pipermail/ltp/2024-July/039236.html


-- 
Regards,
Li Wang

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp