| Message ID | 20240701-landlock-v1-3-58e9af649a72@suse.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | landlock testing suite | expand |
Reviewed-by: Li Wang <liwang@redhat.com> On Mon, Jul 1, 2024 at 11:43 PM Andrea Cervesato <andrea.cervesato@suse.de> wrote: > From: Andrea Cervesato <andrea.cervesato@suse.com> > > Added three more SAFE_* macros for landlock sandbox: > > - SAFE_LANDLOCK_CREATE_RULESET > - SAFE_LANDLOCK_ADD_RULE > - SAFE_LANDLOCK_RESTRICT_SELF > > Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com> > --- > include/tst_safe_macros.h | 19 ++++++++++++++++++ > lib/tst_safe_macros.c | 50 > +++++++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 69 insertions(+) > > diff --git a/include/tst_safe_macros.h b/include/tst_safe_macros.h > index 08b8e930a..7748bd34f 100644 > --- a/include/tst_safe_macros.h > +++ b/include/tst_safe_macros.h > @@ -14,6 +14,7 @@ > #include <sys/stat.h> > #include <sys/vfs.h> > #include <sys/sysinfo.h> > +#include <linux/landlock.h> > #include <fcntl.h> > #include <libgen.h> > #include <signal.h> > @@ -503,4 +504,22 @@ int safe_sscanf(const char *file, const int lineno, > const char *restrict buffer, > #define SAFE_SSCANF(buffer, format, ...) \ > safe_sscanf(__FILE__, __LINE__, (buffer), (format), > ##__VA_ARGS__) > > +int safe_landlock_create_ruleset(const char *file, const int lineno, > + const struct landlock_ruleset_attr *attr, > + size_t size , uint32_t flags); > +#define SAFE_LANDLOCK_CREATE_RULESET(attr, size, flags) \ > + safe_landlock_create_ruleset(__FILE__, __LINE__, (attr), (size), > (flags)) > + > +int safe_landlock_add_rule(const char *file, const int lineno, > + int ruleset_fd, enum landlock_rule_type rule_type, > + const void *rule_attr, uint32_t flags); > +#define SAFE_LANDLOCK_ADD_RULE(ruleset_fd, rule_type, rule_attr, flags) \ > + safe_landlock_add_rule(__FILE__, __LINE__, \ > + (ruleset_fd), (rule_type), (rule_attr), (flags)) > + > +int safe_landlock_restrict_self(const char *file, const int lineno, > + int ruleset_fd, int flags); > +#define SAFE_LANDLOCK_RESTRICT_SELF(ruleset_fd, flags) \ > + safe_landlock_restrict_self(__FILE__, __LINE__, (ruleset_fd), > (flags)) > + > #endif /* TST_SAFE_MACROS_H__ */ > diff --git a/lib/tst_safe_macros.c b/lib/tst_safe_macros.c > index 4e48c427b..ba997eb7c 100644 > --- a/lib/tst_safe_macros.c > +++ b/lib/tst_safe_macros.c > @@ -710,3 +710,53 @@ int safe_mprotect(const char *file, const int lineno, > > return rval; > } > + > + > +int safe_landlock_create_ruleset(const char *file, const int lineno, > + const struct landlock_ruleset_attr *attr, > + size_t size , uint32_t flags) > +{ > + int rval; > + > + rval = tst_syscall(__NR_landlock_create_ruleset, attr, size, > flags); > + if (rval == -1) { > + tst_brk_(file, lineno, TBROK | TERRNO, > + "landlock_create_ruleset(%p, %lu, %u)", > + attr, size, flags); > + } > + > + return rval; > +} > + > +int safe_landlock_add_rule(const char *file, const int lineno, > + int ruleset_fd, enum landlock_rule_type rule_type, > + const void *rule_attr, uint32_t flags) > +{ > + int rval; > + > + rval = tst_syscall(__NR_landlock_add_rule, > + ruleset_fd, rule_type, rule_attr, flags); > + > + if (rval == -1) { > + tst_brk_(file, lineno, TBROK | TERRNO, > + "landlock_add_rule(%d, %d, %p, %u)", > + ruleset_fd, rule_type, rule_attr, flags); > + } > + > + return rval; > +} > + > +int safe_landlock_restrict_self(const char *file, const int lineno, > + int ruleset_fd, int flags) > +{ > + int rval; > + > + rval = tst_syscall(__NR_landlock_restrict_self, ruleset_fd, flags); > + if (rval == -1) { > + tst_brk_(file, lineno, TBROK | TERRNO, > + "landlock_restrict_self(%d, %u)", > + ruleset_fd, flags); > + } > + > + return rval; > +} > > -- > 2.43.0 > > > -- > Mailing list info: https://lists.linux.it/listinfo/ltp > >
Hi Andrea, Li, ... > +++ b/include/tst_safe_macros.h > @@ -14,6 +14,7 @@ > #include <sys/stat.h> > #include <sys/vfs.h> > #include <sys/sysinfo.h> > +#include <linux/landlock.h> This will break build for more than half of the distros: https://github.com/pevik/ltp/actions/runs/9876952862 It's mostly due missing <linux/landlock.h> on old distros, but there were also redefinition of 'landlock_net_port_attr' at least on Fedora. You even have some fixed version in your CI where only Leap 42 fails due different problem), please send it (or post a diff here). https://github.com/acerv/ltp/actions/runs/9778823237 Kind regards, Petr
Hi Petr, this is already done in the v2 which has not been sent yet. On 7/10/24 17:53, Petr Vorel wrote: > Hi Andrea, Li, > > ... >> +++ b/include/tst_safe_macros.h >> @@ -14,6 +14,7 @@ >> #include <sys/stat.h> >> #include <sys/vfs.h> >> #include <sys/sysinfo.h> >> +#include <linux/landlock.h> > This will break build for more than half of the distros: > > https://github.com/pevik/ltp/actions/runs/9876952862 > > It's mostly due missing <linux/landlock.h> on old distros, but there were also > redefinition of 'landlock_net_port_attr' at least on Fedora. > > You even have some fixed version in your CI where only Leap 42 fails due > different problem), please send it (or post a diff here). > https://github.com/acerv/ltp/actions/runs/9778823237 > > Kind regards, > Petr Andrea
> Hi Petr, > this is already done in the v2 which has not been sent yet. Thanks for info, this was not obvious until I check github actions in your fork (or I miss some message). I keep patches with NEW state so that other can have look until you send v2. Kind regards, Petr > On 7/10/24 17:53, Petr Vorel wrote: > > Hi Andrea, Li, > > ... > > > +++ b/include/tst_safe_macros.h > > > @@ -14,6 +14,7 @@ > > > #include <sys/stat.h> > > > #include <sys/vfs.h> > > > #include <sys/sysinfo.h> > > > +#include <linux/landlock.h> > > This will break build for more than half of the distros: > > https://github.com/pevik/ltp/actions/runs/9876952862 > > It's mostly due missing <linux/landlock.h> on old distros, but there were also > > redefinition of 'landlock_net_port_attr' at least on Fedora. > > You even have some fixed version in your CI where only Leap 42 fails due > > different problem), please send it (or post a diff here). > > https://github.com/acerv/ltp/actions/runs/9778823237 > > Kind regards, > > Petr > Andrea
Petr Vorel <pvorel@suse.cz> wrote: > > this is already done in the v2 which has not been sent yet. > > Thanks for info, this was not obvious until I check github actions in your > fork > (or I miss some message). I keep patches with NEW state so that other can > have > look until you send v2. > V2 has been posted, FYI: https://lists.linux.it/pipermail/ltp/2024-July/039236.html
diff --git a/include/tst_safe_macros.h b/include/tst_safe_macros.h index 08b8e930a..7748bd34f 100644 --- a/include/tst_safe_macros.h +++ b/include/tst_safe_macros.h @@ -14,6 +14,7 @@ #include <sys/stat.h> #include <sys/vfs.h> #include <sys/sysinfo.h> +#include <linux/landlock.h> #include <fcntl.h> #include <libgen.h> #include <signal.h> @@ -503,4 +504,22 @@ int safe_sscanf(const char *file, const int lineno, const char *restrict buffer, #define SAFE_SSCANF(buffer, format, ...) \ safe_sscanf(__FILE__, __LINE__, (buffer), (format), ##__VA_ARGS__) +int safe_landlock_create_ruleset(const char *file, const int lineno, + const struct landlock_ruleset_attr *attr, + size_t size , uint32_t flags); +#define SAFE_LANDLOCK_CREATE_RULESET(attr, size, flags) \ + safe_landlock_create_ruleset(__FILE__, __LINE__, (attr), (size), (flags)) + +int safe_landlock_add_rule(const char *file, const int lineno, + int ruleset_fd, enum landlock_rule_type rule_type, + const void *rule_attr, uint32_t flags); +#define SAFE_LANDLOCK_ADD_RULE(ruleset_fd, rule_type, rule_attr, flags) \ + safe_landlock_add_rule(__FILE__, __LINE__, \ + (ruleset_fd), (rule_type), (rule_attr), (flags)) + +int safe_landlock_restrict_self(const char *file, const int lineno, + int ruleset_fd, int flags); +#define SAFE_LANDLOCK_RESTRICT_SELF(ruleset_fd, flags) \ + safe_landlock_restrict_self(__FILE__, __LINE__, (ruleset_fd), (flags)) + #endif /* TST_SAFE_MACROS_H__ */ diff --git a/lib/tst_safe_macros.c b/lib/tst_safe_macros.c index 4e48c427b..ba997eb7c 100644 --- a/lib/tst_safe_macros.c +++ b/lib/tst_safe_macros.c @@ -710,3 +710,53 @@ int safe_mprotect(const char *file, const int lineno, return rval; } + + +int safe_landlock_create_ruleset(const char *file, const int lineno, + const struct landlock_ruleset_attr *attr, + size_t size , uint32_t flags) +{ + int rval; + + rval = tst_syscall(__NR_landlock_create_ruleset, attr, size, flags); + if (rval == -1) { + tst_brk_(file, lineno, TBROK | TERRNO, + "landlock_create_ruleset(%p, %lu, %u)", + attr, size, flags); + } + + return rval; +} + +int safe_landlock_add_rule(const char *file, const int lineno, + int ruleset_fd, enum landlock_rule_type rule_type, + const void *rule_attr, uint32_t flags) +{ + int rval; + + rval = tst_syscall(__NR_landlock_add_rule, + ruleset_fd, rule_type, rule_attr, flags); + + if (rval == -1) { + tst_brk_(file, lineno, TBROK | TERRNO, + "landlock_add_rule(%d, %d, %p, %u)", + ruleset_fd, rule_type, rule_attr, flags); + } + + return rval; +} + +int safe_landlock_restrict_self(const char *file, const int lineno, + int ruleset_fd, int flags) +{ + int rval; + + rval = tst_syscall(__NR_landlock_restrict_self, ruleset_fd, flags); + if (rval == -1) { + tst_brk_(file, lineno, TBROK | TERRNO, + "landlock_restrict_self(%d, %u)", + ruleset_fd, flags); + } + + return rval; +}