From nobody Thu Jun 25 10:44:55 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FD1DC433F5 for ; Mon, 21 Feb 2022 15:43:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379473AbiBUPoI (ORCPT ); Mon, 21 Feb 2022 10:44:08 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:36674 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379410AbiBUPns (ORCPT ); Mon, 21 Feb 2022 10:43:48 -0500 Received: from smtp-42ad.mail.infomaniak.ch (smtp-42ad.mail.infomaniak.ch [IPv6:2001:1600:3:17::42ad]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E76EA22B0D for ; Mon, 21 Feb 2022 07:43:24 -0800 (PST) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4K2RQt32hnzMqC3X; Mon, 21 Feb 2022 16:43:18 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4K2RQt0P1xzlhMBj; Mon, 21 Feb 2022 16:43:18 +0100 (CET) From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: James Morris , "Serge E . Hallyn" Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Jann Horn , Kees Cook , Konstantin Meskhidze , Nathan Chancellor , Nick Desaulniers , Paul Moore , Shuah Khan , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH v1 1/7] landlock: Fix landlock_add_rule(2) documentation Date: Mon, 21 Feb 2022 16:53:05 +0100 Message-Id: <20220221155311.166278-2-mic@digikod.net> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221155311.166278-1-mic@digikod.net> References: <20220221155311.166278-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Micka=C3=ABl Sala=C3=BCn It is not mandatory to pass a file descriptor obtained with the O_PATH flag. Also, replace rule's accesses with ruleset's accesses. Signed-off-by: Micka=C3=ABl Sala=C3=BCn Link: https://lore.kernel.org/r/20220221155311.166278-2-mic@digikod.net --- include/uapi/linux/landlock.h | 5 +++-- security/landlock/syscalls.c | 7 +++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/uapi/linux/landlock.h b/include/uapi/linux/landlock.h index b3d952067f59..c0390e318a65 100644 --- a/include/uapi/linux/landlock.h +++ b/include/uapi/linux/landlock.h @@ -60,8 +60,9 @@ struct landlock_path_beneath_attr { */ __u64 allowed_access; /** - * @parent_fd: File descriptor, open with ``O_PATH``, which identifies - * the parent directory of a file hierarchy, or just a file. + * @parent_fd: File descriptor, preferably opened with ``O_PATH``, + * which identifies the parent directory of a file hierarchy, or just a + * file. */ __s32 parent_fd; /* diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c index 32396962f04d..fd4b24022a06 100644 --- a/security/landlock/syscalls.c +++ b/security/landlock/syscalls.c @@ -290,14 +290,13 @@ static int get_path_from_fd(const s32 fd, struct path= *const path) * * - EOPNOTSUPP: Landlock is supported by the kernel but disabled at boot = time; * - EINVAL: @flags is not 0, or inconsistent access in the rule (i.e. - * &landlock_path_beneath_attr.allowed_access is not a subset of the rul= e's - * accesses); + * &landlock_path_beneath_attr.allowed_access is not a subset of the + * ruleset handled accesses); * - ENOMSG: Empty accesses (e.g. &landlock_path_beneath_attr.allowed_acce= ss); * - EBADF: @ruleset_fd is not a file descriptor for the current thread, o= r a * member of @rule_attr is not a file descriptor as expected; * - EBADFD: @ruleset_fd is not a ruleset file descriptor, or a member of - * @rule_attr is not the expected file descriptor type (e.g. file open - * without O_PATH); + * @rule_attr is not the expected file descriptor type; * - EPERM: @ruleset_fd has no write access to the underlying ruleset; * - EFAULT: @rule_attr inconsistency. */ --=20 2.35.1 From nobody Thu Jun 25 10:44:55 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 49ED2C433FE for ; Mon, 21 Feb 2022 15:43:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379419AbiBUPnu (ORCPT ); Mon, 21 Feb 2022 10:43:50 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:36600 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379403AbiBUPnr (ORCPT ); Mon, 21 Feb 2022 10:43:47 -0500 Received: from smtp-8fa9.mail.infomaniak.ch (smtp-8fa9.mail.infomaniak.ch [IPv6:2001:1600:3:17::8fa9]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD03322511 for ; Mon, 21 Feb 2022 07:43:20 -0800 (PST) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4K2RQv034TzMptrY; Mon, 21 Feb 2022 16:43:19 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4K2RQt5MDgzlhMBw; Mon, 21 Feb 2022 16:43:18 +0100 (CET) From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: James Morris , "Serge E . Hallyn" Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Jann Horn , Kees Cook , Konstantin Meskhidze , Nathan Chancellor , Nick Desaulniers , Paul Moore , Shuah Khan , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Alejandro Colomar , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH v1 2/7] landlock: Fix landlock_add_rule(2) signature Date: Mon, 21 Feb 2022 16:53:06 +0100 Message-Id: <20220221155311.166278-3-mic@digikod.net> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221155311.166278-1-mic@digikod.net> References: <20220221155311.166278-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Micka=C3=ABl Sala=C3=BCn Replace the enum landlock_rule_type with an int in the syscall signature of landlock_add_rule to avoid an implementation-defined size. In practice an enum type is like an int (at least with GCC and clang), but compilers may accept options (e.g. -fshort-enums) that would have an impact on that [1]. This change is mostly a cosmetic fix according to the current kernel compilers and used options. Link: https://lore.kernel.org/r/8a22a3c2-468c-e96c-6516-22a0f029aa34@gmail.= com/ [1] Reported-by: Alejandro Colomar Cc: Nathan Chancellor Cc: Nick Desaulniers Signed-off-by: Micka=C3=ABl Sala=C3=BCn Link: https://lore.kernel.org/r/20220221155311.166278-3-mic@digikod.net --- include/linux/syscalls.h | 3 +-- security/landlock/syscalls.c | 7 ++++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index 819c0cb00b6d..a5956f91caf2 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -71,7 +71,6 @@ struct clone_args; struct open_how; struct mount_attr; struct landlock_ruleset_attr; -enum landlock_rule_type; =20 #include #include @@ -1053,7 +1052,7 @@ asmlinkage long sys_pidfd_send_signal(int pidfd, int = sig, asmlinkage long sys_pidfd_getfd(int pidfd, int fd, unsigned int flags); asmlinkage long sys_landlock_create_ruleset(const struct landlock_ruleset_= attr __user *attr, size_t size, __u32 flags); -asmlinkage long sys_landlock_add_rule(int ruleset_fd, enum landlock_rule_t= ype rule_type, +asmlinkage long sys_landlock_add_rule(int ruleset_fd, int rule_type, const void __user *rule_attr, __u32 flags); asmlinkage long sys_landlock_restrict_self(int ruleset_fd, __u32 flags); asmlinkage long sys_memfd_secret(unsigned int flags); diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c index fd4b24022a06..3b40fc5d0216 100644 --- a/security/landlock/syscalls.c +++ b/security/landlock/syscalls.c @@ -277,8 +277,9 @@ static int get_path_from_fd(const s32 fd, struct path *= const path) * * @ruleset_fd: File descriptor tied to the ruleset that should be extended * with the new rule. - * @rule_type: Identify the structure type pointed to by @rule_attr (only - * LANDLOCK_RULE_PATH_BENEATH for now). + * @rule_type: Identify the structure type pointed to by @rule_attr as def= ined + * by enum landlock_rule_type (only LANDLOCK_RULE_PATH_BENEATH= for + * now). * @rule_attr: Pointer to a rule (only of type &struct * landlock_path_beneath_attr for now). * @flags: Must be 0. @@ -301,7 +302,7 @@ static int get_path_from_fd(const s32 fd, struct path *= const path) * - EFAULT: @rule_attr inconsistency. */ SYSCALL_DEFINE4(landlock_add_rule, - const int, ruleset_fd, const enum landlock_rule_type, rule_type, + const int, ruleset_fd, const int, rule_type, const void __user *const, rule_attr, const __u32, flags) { struct landlock_path_beneath_attr path_beneath_attr; --=20 2.35.1 From nobody Thu Jun 25 10:44:55 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2273C433FE for ; Mon, 21 Feb 2022 15:43:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379444AbiBUPn6 (ORCPT ); Mon, 21 Feb 2022 10:43:58 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:36614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242205AbiBUPnr (ORCPT ); Mon, 21 Feb 2022 10:43:47 -0500 Received: from smtp-bc0f.mail.infomaniak.ch (smtp-bc0f.mail.infomaniak.ch [IPv6:2001:1600:3:17::bc0f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C998E2253B for ; Mon, 21 Feb 2022 07:43:21 -0800 (PST) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4K2RQv3tJKzMqBYZ; Mon, 21 Feb 2022 16:43:19 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4K2RQv2Bs5zlhMCD; Mon, 21 Feb 2022 16:43:19 +0100 (CET) From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: James Morris , "Serge E . Hallyn" Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Jann Horn , Kees Cook , Konstantin Meskhidze , Nathan Chancellor , Nick Desaulniers , Paul Moore , Shuah Khan , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH v1 3/7] selftest/landlock: Make tests build with old libc Date: Mon, 21 Feb 2022 16:53:07 +0100 Message-Id: <20220221155311.166278-4-mic@digikod.net> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221155311.166278-1-mic@digikod.net> References: <20220221155311.166278-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Micka=C3=ABl Sala=C3=BCn Replace SYS_ with __NR_. Using the __NR_ notation, provided by UAPI, is useful to build tests on systems without the SYS_ definitions. Replace SYS_pivot_root with __NR_pivot_root, and SYS_move_mount with __NR_move_mount. Define renameat2() and RENAME_EXCHANGE if they are unknown to old build systems. Cc: Shuah Khan Signed-off-by: Micka=C3=ABl Sala=C3=BCn Link: https://lore.kernel.org/r/20220221155311.166278-4-mic@digikod.net --- tools/testing/selftests/landlock/fs_test.c | 23 +++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/sel= ftests/landlock/fs_test.c index 10c9a1e4ebd9..699cda25a12a 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -22,6 +22,19 @@ =20 #include "common.h" =20 +#ifndef renameat2 +int renameat2(int olddirfd, const char *oldpath, int newdirfd, + const char *newpath, unsigned int flags) +{ + return syscall(__NR_renameat2, olddirfd, oldpath, newdirfd, newpath, + flags); +} +#endif + +#ifndef RENAME_EXCHANGE +#define RENAME_EXCHANGE (1 << 1) +#endif + #define TMP_DIR "tmp" #define BINARY_PATH "./true" =20 @@ -1249,7 +1262,7 @@ TEST_F_FORK(layout1, rule_inside_mount_ns) int ruleset_fd; =20 set_cap(_metadata, CAP_SYS_ADMIN); - ASSERT_EQ(0, syscall(SYS_pivot_root, dir_s3d2, dir_s3d3)) { + ASSERT_EQ(0, syscall(__NR_pivot_root, dir_s3d2, dir_s3d3)) { TH_LOG("Failed to pivot root: %s", strerror(errno)); }; ASSERT_EQ(0, chdir("/")); @@ -1282,7 +1295,7 @@ TEST_F_FORK(layout1, mount_and_pivot) set_cap(_metadata, CAP_SYS_ADMIN); ASSERT_EQ(-1, mount(NULL, dir_s3d2, NULL, MS_RDONLY, NULL)); ASSERT_EQ(EPERM, errno); - ASSERT_EQ(-1, syscall(SYS_pivot_root, dir_s3d2, dir_s3d3)); + ASSERT_EQ(-1, syscall(__NR_pivot_root, dir_s3d2, dir_s3d3)); ASSERT_EQ(EPERM, errno); clear_cap(_metadata, CAP_SYS_ADMIN); } @@ -1301,12 +1314,12 @@ TEST_F_FORK(layout1, move_mount) ASSERT_LE(0, ruleset_fd); =20 set_cap(_metadata, CAP_SYS_ADMIN); - ASSERT_EQ(0, syscall(SYS_move_mount, AT_FDCWD, dir_s3d2, AT_FDCWD, + ASSERT_EQ(0, syscall(__NR_move_mount, AT_FDCWD, dir_s3d2, AT_FDCWD, dir_s1d2, 0)) { TH_LOG("Failed to move mount: %s", strerror(errno)); } =20 - ASSERT_EQ(0, syscall(SYS_move_mount, AT_FDCWD, dir_s1d2, AT_FDCWD, + ASSERT_EQ(0, syscall(__NR_move_mount, AT_FDCWD, dir_s1d2, AT_FDCWD, dir_s3d2, 0)); clear_cap(_metadata, CAP_SYS_ADMIN); =20 @@ -1314,7 +1327,7 @@ TEST_F_FORK(layout1, move_mount) ASSERT_EQ(0, close(ruleset_fd)); =20 set_cap(_metadata, CAP_SYS_ADMIN); - ASSERT_EQ(-1, syscall(SYS_move_mount, AT_FDCWD, dir_s3d2, AT_FDCWD, + ASSERT_EQ(-1, syscall(__NR_move_mount, AT_FDCWD, dir_s3d2, AT_FDCWD, dir_s1d2, 0)); ASSERT_EQ(EPERM, errno); clear_cap(_metadata, CAP_SYS_ADMIN); --=20 2.35.1 From nobody Thu Jun 25 10:44:55 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4570BC433F5 for ; Mon, 21 Feb 2022 15:43:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379436AbiBUPoO (ORCPT ); Mon, 21 Feb 2022 10:44:14 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:36672 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379411AbiBUPns (ORCPT ); Mon, 21 Feb 2022 10:43:48 -0500 Received: from smtp-bc09.mail.infomaniak.ch (smtp-bc09.mail.infomaniak.ch [IPv6:2001:1600:3:17::bc09]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 232D222B0E; Mon, 21 Feb 2022 07:43:24 -0800 (PST) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4K2RQw1BKKzMptrW; Mon, 21 Feb 2022 16:43:20 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4K2RQv6CdXzlhMCD; Mon, 21 Feb 2022 16:43:19 +0100 (CET) From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: James Morris , "Serge E . Hallyn" Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Jann Horn , Kees Cook , Konstantin Meskhidze , Nathan Chancellor , Nick Desaulniers , Paul Moore , Shuah Khan , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH v1 4/7] selftest/landlock: Extend tests for minimal valid attribute size Date: Mon, 21 Feb 2022 16:53:08 +0100 Message-Id: <20220221155311.166278-5-mic@digikod.net> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221155311.166278-1-mic@digikod.net> References: <20220221155311.166278-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Micka=C3=ABl Sala=C3=BCn This might be useful when the struct landlock_ruleset_attr will get more fields. Cc: Shuah Khan Signed-off-by: Micka=C3=ABl Sala=C3=BCn Link: https://lore.kernel.org/r/20220221155311.166278-5-mic@digikod.net --- tools/testing/selftests/landlock/base_test.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/testing/selftests/landlock/base_test.c b/tools/testing/s= elftests/landlock/base_test.c index ca40abe9daa8..38fa1e0dfa33 100644 --- a/tools/testing/selftests/landlock/base_test.c +++ b/tools/testing/selftests/landlock/base_test.c @@ -34,6 +34,8 @@ TEST(inconsistent_attr) { ASSERT_EQ(EINVAL, errno); ASSERT_EQ(-1, landlock_create_ruleset(ruleset_attr, 1, 0)); ASSERT_EQ(EINVAL, errno); + ASSERT_EQ(-1, landlock_create_ruleset(ruleset_attr, 7, 0)); + ASSERT_EQ(EINVAL, errno); =20 ASSERT_EQ(-1, landlock_create_ruleset(NULL, 1, 0)); /* The size if less than sizeof(struct landlock_attr_enforce). */ @@ -46,6 +48,9 @@ TEST(inconsistent_attr) { ASSERT_EQ(-1, landlock_create_ruleset(ruleset_attr, page_size + 1, 0)); ASSERT_EQ(E2BIG, errno); =20 + /* Checks minimal valid attribute size. */ + ASSERT_EQ(-1, landlock_create_ruleset(ruleset_attr, 8, 0)); + ASSERT_EQ(ENOMSG, errno); ASSERT_EQ(-1, landlock_create_ruleset(ruleset_attr, sizeof(struct landlock_ruleset_attr), 0)); ASSERT_EQ(ENOMSG, errno); --=20 2.35.1 From nobody Thu Jun 25 10:44:55 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8EF4C433EF for ; Mon, 21 Feb 2022 15:43:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379448AbiBUPoB (ORCPT ); Mon, 21 Feb 2022 10:44:01 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:36650 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379406AbiBUPns (ORCPT ); Mon, 21 Feb 2022 10:43:48 -0500 Received: from smtp-bc0b.mail.infomaniak.ch (smtp-bc0b.mail.infomaniak.ch [IPv6:2001:1600:3:17::bc0b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2D33A22B07 for ; Mon, 21 Feb 2022 07:43:21 -0800 (PST) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4K2RQw5LQRzMqDZD; Mon, 21 Feb 2022 16:43:20 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4K2RQw3YT6zlhMCG; Mon, 21 Feb 2022 16:43:20 +0100 (CET) From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: James Morris , "Serge E . Hallyn" Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Jann Horn , Kees Cook , Konstantin Meskhidze , Nathan Chancellor , Nick Desaulniers , Paul Moore , Shuah Khan , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH v1 5/7] selftest/landlock: Add tests for unknown access rights Date: Mon, 21 Feb 2022 16:53:09 +0100 Message-Id: <20220221155311.166278-6-mic@digikod.net> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221155311.166278-1-mic@digikod.net> References: <20220221155311.166278-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Micka=C3=ABl Sala=C3=BCn Make sure that trying to use unknown access rights returns an error. Cc: Shuah Khan Signed-off-by: Micka=C3=ABl Sala=C3=BCn Link: https://lore.kernel.org/r/20220221155311.166278-6-mic@digikod.net --- tools/testing/selftests/landlock/fs_test.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/sel= ftests/landlock/fs_test.c index 699cda25a12a..5506472a46ce 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -439,6 +439,22 @@ TEST_F_FORK(layout1, file_access_rights) ASSERT_EQ(0, close(path_beneath.parent_fd)); } =20 +TEST_F_FORK(layout1, unknown_access_rights) +{ + __u64 access_mask; + + for (access_mask =3D 1ULL << 63; access_mask !=3D ACCESS_LAST; + access_mask >>=3D 1) { + struct landlock_ruleset_attr ruleset_attr =3D { + .handled_access_fs =3D access_mask, + }; + + ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, + sizeof(ruleset_attr), 0)); + ASSERT_EQ(EINVAL, errno); + } +} + static void add_path_beneath(struct __test_metadata *const _metadata, const int ruleset_fd, const __u64 allowed_access, const char *const path) --=20 2.35.1 From nobody Thu Jun 25 10:44:55 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9495C433F5 for ; Mon, 21 Feb 2022 15:43:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379451AbiBUPoF (ORCPT ); Mon, 21 Feb 2022 10:44:05 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:36654 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379407AbiBUPns (ORCPT ); Mon, 21 Feb 2022 10:43:48 -0500 Received: from smtp-8fa9.mail.infomaniak.ch (smtp-8fa9.mail.infomaniak.ch [IPv6:2001:1600:3:17::8fa9]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3420622B0A for ; Mon, 21 Feb 2022 07:43:22 -0800 (PST) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4K2RQx2KwzzMqF1t; Mon, 21 Feb 2022 16:43:21 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4K2RQx0Wf1zlhMCT; Mon, 21 Feb 2022 16:43:21 +0100 (CET) From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: James Morris , "Serge E . Hallyn" Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Jann Horn , Kees Cook , Konstantin Meskhidze , Nathan Chancellor , Nick Desaulniers , Paul Moore , Shuah Khan , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH v1 6/7] selftest/landlock: Extend access right tests to directories Date: Mon, 21 Feb 2022 16:53:10 +0100 Message-Id: <20220221155311.166278-7-mic@digikod.net> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221155311.166278-1-mic@digikod.net> References: <20220221155311.166278-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Micka=C3=ABl Sala=C3=BCn Make sure that all filesystem access rights can be tied to directories. Rename layout1/file_access_rights to layout1/file_and_dir_access_rights to reflect this change. Cc: Shuah Khan Signed-off-by: Micka=C3=ABl Sala=C3=BCn Link: https://lore.kernel.org/r/20220221155311.166278-7-mic@digikod.net --- tools/testing/selftests/landlock/fs_test.c | 29 ++++++++++++++++------ 1 file changed, 21 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/sel= ftests/landlock/fs_test.c index 5506472a46ce..3736253c9582 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -409,11 +409,12 @@ TEST_F_FORK(layout1, inval) LANDLOCK_ACCESS_FS_MAKE_BLOCK | \ ACCESS_LAST) =20 -TEST_F_FORK(layout1, file_access_rights) +TEST_F_FORK(layout1, file_and_dir_access_rights) { __u64 access; int err; - struct landlock_path_beneath_attr path_beneath =3D {}; + struct landlock_path_beneath_attr path_beneath_file =3D {}, + path_beneath_dir =3D {}; struct landlock_ruleset_attr ruleset_attr =3D { .handled_access_fs =3D ACCESS_ALL, }; @@ -423,20 +424,32 @@ TEST_F_FORK(layout1, file_access_rights) ASSERT_LE(0, ruleset_fd); =20 /* Tests access rights for files. */ - path_beneath.parent_fd =3D open(file1_s1d2, O_PATH | O_CLOEXEC); - ASSERT_LE(0, path_beneath.parent_fd); + path_beneath_file.parent_fd =3D open(file1_s1d2, O_PATH | O_CLOEXEC); + ASSERT_LE(0, path_beneath_file.parent_fd); + + /* Tests access rights for directories. */ + path_beneath_dir.parent_fd =3D open(dir_s1d2, O_PATH | O_DIRECTORY | + O_CLOEXEC); + ASSERT_LE(0, path_beneath_dir.parent_fd); + for (access =3D 1; access <=3D ACCESS_LAST; access <<=3D 1) { - path_beneath.allowed_access =3D access; + path_beneath_dir.allowed_access =3D access; + ASSERT_EQ(0, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, + &path_beneath_dir, 0)); + + path_beneath_file.allowed_access =3D access; err =3D landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, - &path_beneath, 0); - if ((access | ACCESS_FILE) =3D=3D ACCESS_FILE) { + &path_beneath_file, 0); + if (access & ACCESS_FILE) { ASSERT_EQ(0, err); } else { ASSERT_EQ(-1, err); ASSERT_EQ(EINVAL, errno); } } - ASSERT_EQ(0, close(path_beneath.parent_fd)); + ASSERT_EQ(0, close(path_beneath_file.parent_fd)); + ASSERT_EQ(0, close(path_beneath_dir.parent_fd)); + ASSERT_EQ(0, close(ruleset_fd)); } =20 TEST_F_FORK(layout1, unknown_access_rights) --=20 2.35.1 From nobody Thu Jun 25 10:44:55 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8940AC433EF for ; Mon, 21 Feb 2022 15:43:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1379454AbiBUPoT (ORCPT ); Mon, 21 Feb 2022 10:44:19 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:36700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379417AbiBUPnt (ORCPT ); Mon, 21 Feb 2022 10:43:49 -0500 Received: from smtp-42af.mail.infomaniak.ch (smtp-42af.mail.infomaniak.ch [IPv6:2001:1600:3:17::42af]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 50EDB22B15 for ; Mon, 21 Feb 2022 07:43:24 -0800 (PST) Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4K2RQx6PqBzMqBHW; Mon, 21 Feb 2022 16:43:21 +0100 (CET) Received: from localhost (unknown [23.97.221.149]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4K2RQx4nTWzlhMCN; Mon, 21 Feb 2022 16:43:21 +0100 (CET) From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: James Morris , "Serge E . Hallyn" Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Jann Horn , Kees Cook , Konstantin Meskhidze , Nathan Chancellor , Nick Desaulniers , Paul Moore , Shuah Khan , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH v1 7/7] selftest/landlock: Fully test file rename with "remove" access Date: Mon, 21 Feb 2022 16:53:11 +0100 Message-Id: <20220221155311.166278-8-mic@digikod.net> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220221155311.166278-1-mic@digikod.net> References: <20220221155311.166278-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Micka=C3=ABl Sala=C3=BCn These tests were missing to check the check_access_path() call with all combinations of maybe_remove(old_dentry) and maybe_remove(new_dentry). Extend layout1/link with a new complementary test. Cc: Shuah Khan Signed-off-by: Micka=C3=ABl Sala=C3=BCn Link: https://lore.kernel.org/r/20220221155311.166278-8-mic@digikod.net --- tools/testing/selftests/landlock/fs_test.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/sel= ftests/landlock/fs_test.c index 3736253c9582..62b88406419d 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -1640,11 +1640,14 @@ TEST_F_FORK(layout1, link) =20 ASSERT_EQ(-1, link(file2_s1d1, file1_s1d1)); ASSERT_EQ(EACCES, errno); + /* Denies linking because of reparenting. */ ASSERT_EQ(-1, link(file1_s2d1, file1_s1d2)); ASSERT_EQ(EXDEV, errno); ASSERT_EQ(-1, link(file2_s1d2, file1_s1d3)); ASSERT_EQ(EXDEV, errno); + ASSERT_EQ(-1, link(file2_s1d3, file1_s1d2)); + ASSERT_EQ(EXDEV, errno); =20 ASSERT_EQ(0, link(file2_s1d2, file1_s1d2)); ASSERT_EQ(0, link(file2_s1d3, file1_s1d3)); @@ -1668,7 +1671,6 @@ TEST_F_FORK(layout1, rename_file) =20 ASSERT_LE(0, ruleset_fd); =20 - ASSERT_EQ(0, unlink(file1_s1d1)); ASSERT_EQ(0, unlink(file1_s1d2)); =20 enforce_ruleset(_metadata, ruleset_fd); @@ -1704,9 +1706,15 @@ TEST_F_FORK(layout1, rename_file) ASSERT_EQ(-1, renameat2(AT_FDCWD, dir_s2d2, AT_FDCWD, file1_s2d1, RENAME_EXCHANGE)); ASSERT_EQ(EACCES, errno); + /* Checks that file1_s2d1 cannot be removed (instead of ENOTDIR). */ + ASSERT_EQ(-1, rename(dir_s2d2, file1_s2d1)); + ASSERT_EQ(EACCES, errno); ASSERT_EQ(-1, renameat2(AT_FDCWD, file1_s2d1, AT_FDCWD, dir_s2d2, RENAME_EXCHANGE)); ASSERT_EQ(EACCES, errno); + /* Checks that file1_s1d1 cannot be removed (instead of EISDIR). */ + ASSERT_EQ(-1, rename(file1_s1d1, dir_s1d2)); + ASSERT_EQ(EACCES, errno); =20 /* Renames files with different parents. */ ASSERT_EQ(-1, rename(file1_s2d2, file1_s1d2)); @@ -1769,9 +1777,15 @@ TEST_F_FORK(layout1, rename_dir) ASSERT_EQ(-1, renameat2(AT_FDCWD, dir_s1d1, AT_FDCWD, dir_s2d1, RENAME_EXCHANGE)); ASSERT_EQ(EACCES, errno); + /* Checks that dir_s1d2 cannot be removed (instead of ENOTDIR). */ + ASSERT_EQ(-1, rename(dir_s1d2, file1_s1d1)); + ASSERT_EQ(EACCES, errno); ASSERT_EQ(-1, renameat2(AT_FDCWD, file1_s1d1, AT_FDCWD, dir_s1d2, RENAME_EXCHANGE)); ASSERT_EQ(EACCES, errno); + /* Checks that dir_s1d2 cannot be removed (instead of EISDIR). */ + ASSERT_EQ(-1, rename(file1_s1d1, dir_s1d2)); + ASSERT_EQ(EACCES, errno); =20 /* * Exchanges and renames directory to the same parent, which allows --=20 2.35.1