From: "Günther Noack" <gnoack@google.com>
To: linux-security-module@vger.kernel.org,
"Mickaël Salaün" <mic@digikod.net>
Cc: "Jeff Xu" <jeffxu@google.com>,
"Jorge Lucangeli Obes" <jorgelo@chromium.org>,
"Allen Webb" <allenwebb@google.com>,
"Dmitry Torokhov" <dtor@google.com>,
"Paul Moore" <paul@paul-moore.com>,
"Konstantin Meskhidze" <konstantin.meskhidze@huawei.com>,
"Matt Bobrowski" <repnop@google.com>,
linux-fsdevel@vger.kernel.org,
"Günther Noack" <gnoack@google.com>
Subject: [PATCH v3 2/5] selftests/landlock: Test ioctl support
Date: Mon, 14 Aug 2023 19:28:13 +0200 [thread overview]
Message-ID: <20230814172816.3907299-3-gnoack@google.com> (raw)
In-Reply-To: <20230814172816.3907299-1-gnoack@google.com>
Exercises Landlock's IOCTL feature: If the LANDLOCK_ACCESS_FS_IOCTL
right is restricted, the use of IOCTL fails with a freshly opened
file.
Irrespective of the LANDLOCK_ACCESS_FS_IOCTL right, IOCTL continues to
work with a selected set of known harmless IOCTL commands.
Signed-off-by: Günther Noack <gnoack@google.com>
---
tools/testing/selftests/landlock/fs_test.c | 96 +++++++++++++++++++++-
1 file changed, 93 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
index 09dd1eaac8a9..456bd681091d 100644
--- a/tools/testing/selftests/landlock/fs_test.c
+++ b/tools/testing/selftests/landlock/fs_test.c
@@ -3329,7 +3329,7 @@ TEST_F_FORK(layout1, truncate_unhandled)
LANDLOCK_ACCESS_FS_WRITE_FILE;
int ruleset_fd;
- /* Enable Landlock. */
+ /* Enables Landlock. */
ruleset_fd = create_ruleset(_metadata, handled, rules);
ASSERT_LE(0, ruleset_fd);
@@ -3412,7 +3412,7 @@ TEST_F_FORK(layout1, truncate)
LANDLOCK_ACCESS_FS_TRUNCATE;
int ruleset_fd;
- /* Enable Landlock. */
+ /* Enables Landlock. */
ruleset_fd = create_ruleset(_metadata, handled, rules);
ASSERT_LE(0, ruleset_fd);
@@ -3639,7 +3639,7 @@ TEST_F_FORK(ftruncate, open_and_ftruncate)
};
int fd, ruleset_fd;
- /* Enable Landlock. */
+ /* Enables Landlock. */
ruleset_fd = create_ruleset(_metadata, variant->handled, rules);
ASSERT_LE(0, ruleset_fd);
enforce_ruleset(_metadata, ruleset_fd);
@@ -3732,6 +3732,96 @@ TEST(memfd_ftruncate)
ASSERT_EQ(0, close(fd));
}
+/* Invokes the FIOQSIZE ioctl(2) and returns its errno or 0. */
+static int test_fioqsize_ioctl(int fd)
+{
+ loff_t size;
+
+ if (ioctl(fd, FIOQSIZE, &size) < 0)
+ return errno;
+ return 0;
+}
+
+/*
+ * Attempt ioctls on regular files, with file descriptors opened before and
+ * after landlocking.
+ */
+TEST_F_FORK(layout1, ioctl)
+{
+ const struct rule rules[] = {
+ {
+ .path = file1_s1d1,
+ .access = LANDLOCK_ACCESS_FS_IOCTL,
+ },
+ {
+ .path = dir_s2d1,
+ .access = LANDLOCK_ACCESS_FS_IOCTL,
+ },
+ {},
+ };
+ const __u64 handled = LANDLOCK_ACCESS_FS_IOCTL;
+ int ruleset_fd;
+ int dir_s1d1_fd, file1_s1d1_fd, dir_s2d1_fd;
+
+ /* Enables Landlock. */
+ ruleset_fd = create_ruleset(_metadata, handled, rules);
+ ASSERT_LE(0, ruleset_fd);
+ enforce_ruleset(_metadata, ruleset_fd);
+ ASSERT_EQ(0, close(ruleset_fd));
+
+ dir_s1d1_fd = open(dir_s1d1, O_RDONLY);
+ ASSERT_LE(0, dir_s1d1_fd);
+ file1_s1d1_fd = open(file1_s1d1, O_RDONLY);
+ ASSERT_LE(0, file1_s1d1_fd);
+ dir_s2d1_fd = open(dir_s2d1, O_RDONLY);
+ ASSERT_LE(0, dir_s2d1_fd);
+
+ /*
+ * Checks that FIOQSIZE works on files where LANDLOCK_ACCESS_FS_IOCTL is
+ * permitted.
+ */
+ EXPECT_EQ(EACCES, test_fioqsize_ioctl(dir_s1d1_fd));
+ EXPECT_EQ(0, test_fioqsize_ioctl(file1_s1d1_fd));
+ EXPECT_EQ(0, test_fioqsize_ioctl(dir_s2d1_fd));
+
+ /* Closes all file descriptors. */
+ ASSERT_EQ(0, close(dir_s1d1_fd));
+ ASSERT_EQ(0, close(file1_s1d1_fd));
+ ASSERT_EQ(0, close(dir_s2d1_fd));
+}
+
+TEST_F_FORK(layout1, ioctl_always_allowed)
+{
+ struct landlock_ruleset_attr attr = {
+ .handled_access_fs = LANDLOCK_ACCESS_FS_IOCTL,
+ };
+ int ruleset_fd, fd;
+ int flag = 0;
+ int n;
+
+ /* Enables Landlock. */
+ ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
+ ASSERT_LE(0, ruleset_fd);
+ enforce_ruleset(_metadata, ruleset_fd);
+ ASSERT_EQ(0, close(ruleset_fd));
+
+ fd = open(file1_s1d1, O_RDONLY);
+ ASSERT_LE(0, fd);
+
+ /* Checks that the restrictable FIOQSIZE is restricted. */
+ EXPECT_EQ(EACCES, test_fioqsize_ioctl(fd));
+
+ /* Checks that unrestrictable commands are unrestricted. */
+ EXPECT_EQ(0, ioctl(fd, FIOCLEX));
+ EXPECT_EQ(0, ioctl(fd, FIONCLEX));
+ EXPECT_EQ(0, ioctl(fd, FIONBIO, &flag));
+ EXPECT_EQ(0, ioctl(fd, FIOASYNC, &flag));
+ EXPECT_EQ(0, ioctl(fd, FIONREAD, &n));
+ EXPECT_EQ(0, n);
+
+ ASSERT_EQ(0, close(fd));
+}
+
/* clang-format off */
FIXTURE(layout1_bind) {};
/* clang-format on */
--
2.41.0.694.ge786442a9b-goog
next prev parent reply other threads:[~2023-08-14 17:29 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-14 17:28 [PATCH v3 0/5] Landlock: IOCTL support Günther Noack
2023-08-14 17:28 ` [PATCH v3 1/5] landlock: Add ioctl access right Günther Noack
2023-08-14 17:43 ` Günther Noack
2023-08-14 17:28 ` Günther Noack [this message]
2023-08-18 17:06 ` [PATCH v3 2/5] selftests/landlock: Test ioctl support Mickaël Salaün
2023-08-25 15:51 ` Günther Noack
2023-08-25 17:07 ` Mickaël Salaün
2023-09-01 13:35 ` Günther Noack
2023-09-01 20:24 ` Mickaël Salaün
2023-08-14 17:28 ` [PATCH v3 3/5] selftests/landlock: Test ioctl with memfds Günther Noack
2023-08-14 17:28 ` [PATCH v3 4/5] samples/landlock: Add support for LANDLOCK_ACCESS_FS_IOCTL Günther Noack
2023-08-14 17:28 ` [PATCH v3 5/5] landlock: Document ioctl support Günther Noack
2023-08-18 16:28 ` Mickaël Salaün
2023-08-25 11:55 ` Günther Noack
2023-08-18 13:26 ` [PATCH v3 0/5] Landlock: IOCTL support Mickaël Salaün
2023-08-18 13:39 ` Mickaël Salaün
2023-08-25 15:03 ` Günther Noack
2023-08-25 16:50 ` Mickaël Salaün
2023-08-26 18:26 ` Mickaël Salaün
2023-09-02 11:53 ` Günther Noack
2023-09-04 18:08 ` Mickaël Salaün
2023-09-11 10:02 ` Günther Noack
2023-09-11 15:25 ` Mickaël Salaün
2023-09-11 16:34 ` Mickaël Salaün
2023-10-19 22:09 ` Günther Noack
2023-10-20 14:57 ` Mickaël Salaün
2023-10-25 22:07 ` Günther Noack
2023-10-26 14:55 ` Mickaël Salaün
2023-11-03 13:06 ` Günther Noack
2023-11-03 15:12 ` Mickaël Salaün
2023-08-22 14:39 ` [PATCH v3 0/5] Landlock: IOCTL support - TTY restrictions RFC Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230814172816.3907299-3-gnoack@google.com \
--to=gnoack@google.com \
--cc=allenwebb@google.com \
--cc=dtor@google.com \
--cc=jeffxu@google.com \
--cc=jorgelo@chromium.org \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=repnop@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.