[PATCH] selftests/landlock: skip ptrace_test when YAMA is enabled

Jeff Xu jeffxu at google.com
Wed Jul 13 23:44:00 UTC 2022


> > a correction:
> >
> >     =====================================
> >     case 0 - classic ptrace permissions: a process can PTRACE_ATTACH to
> >     any other
> >          process running under the same uid, as long as it is dumpable (i.e.
> >          did not transition uids, start privileged, or have called
> >          prctl(PR_SET_DUMPABLE...) already). Similarly, PTRACE_TRACEME is
> >          unchanged.
> >
> >     Test: All passing
> >
> > // Base_test: 7/7 pass.
> > // Fs_test 46/48 pass
> > //.   not ok 47 layout2_overlay.no_restriction
> > //.   not ok 48 layout2_overlay.same_content_different_file
> > //  Ptrace 8/8 pass


> Hmm, well, it is not related to Yama then. Could it be linked to other
> Chromium OS non-upstream patches?


fs_test.c 47 and 48 are failing in chromeOS because OVERLAYFS is not
enabled in chromeOS.
If there is a reliable way of detecting OVERLAYFS (checking mount
overlayfs is successful ? ), this is a good candidate to add SKIP.

Overall, all the failure of landlock selftest seen in chromeOS are
expected, we just need to modify the test.

Thanks
Best Regards
Jeff



On Thu, Jul 7, 2022 at 7:25 AM Mickaël Salaün <mic at digikod.net> wrote:
>
>
> On 07/07/2022 01:35, Jeff Xu wrote:
> > a correction:
> >
> >     =====================================
> >     case 0 - classic ptrace permissions: a process can PTRACE_ATTACH to
> >     any other
> >          process running under the same uid, as long as it is dumpable (i.e.
> >          did not transition uids, start privileged, or have called
> >          prctl(PR_SET_DUMPABLE...) already). Similarly, PTRACE_TRACEME is
> >          unchanged.
> >
> >     Test: All passing
> >
> > // Base_test: 7/7 pass.
> > // Fs_test 46/48 pass
> > //.   not ok 47 layout2_overlay.no_restriction
> > //.   not ok 48 layout2_overlay.same_content_different_file
> > //  Ptrace 8/8 pass
>
> Hmm, well, it is not related to Yama then. Could it be linked to other
> Chromium OS non-upstream patches?



More information about the Linux-security-module-archive mailing list