[PATCH] selftests/landlock: skip ptrace_test when YAMA is enabled

Guenter Roeck groeck at google.com
Thu Jul 14 00:30:28 UTC 2022 

On Wed, Jul 13, 2022 at 4:44 PM Jeff Xu <jeffxu at google.com> wrote:
>
> > > a correction:
> > >
> > >     =====================================
> > >     case 0 - classic ptrace permissions: a process can PTRACE_ATTACH to
> > >     any other
> > >          process running under the same uid, as long as it is dumpable (i.e.
> > >          did not transition uids, start privileged, or have called
> > >          prctl(PR_SET_DUMPABLE...) already). Similarly, PTRACE_TRACEME is
> > >          unchanged.
> > >
> > >     Test: All passing
> > >
> > > // Base_test: 7/7 pass.
> > > // Fs_test 46/48 pass
> > > //.   not ok 47 layout2_overlay.no_restriction
> > > //.   not ok 48 layout2_overlay.same_content_different_file
> > > //  Ptrace 8/8 pass
>
>
> > Hmm, well, it is not related to Yama then. Could it be linked to other
> > Chromium OS non-upstream patches?
>
>
> fs_test.c 47 and 48 are failing in chromeOS because OVERLAYFS is not
> enabled in chromeOS.
> If there is a reliable way of detecting OVERLAYFS (checking mount
> overlayfs is successful ? ), this is a good candidate to add SKIP.
>

IS_ENABLED(CONFIG_OVERLAY_FS) ?

> Overall, all the failure of landlock selftest seen in chromeOS are
> expected, we just need to modify the test.
>
> Thanks
> Best Regards
> Jeff
>
>
>
> On Thu, Jul 7, 2022 at 7:25 AM Mickaël Salaün <mic at digikod.net> wrote:
> >
> >
> > On 07/07/2022 01:35, Jeff Xu wrote:
> > > a correction:
> > >
> > >     =====================================
> > >     case 0 - classic ptrace permissions: a process can PTRACE_ATTACH to
> > >     any other
> > >          process running under the same uid, as long as it is dumpable (i.e.
> > >          did not transition uids, start privileged, or have called
> > >          prctl(PR_SET_DUMPABLE...) already). Similarly, PTRACE_TRACEME is
> > >          unchanged.
> > >
> > >     Test: All passing
> > >
> > > // Base_test: 7/7 pass.
> > > // Fs_test 46/48 pass
> > > //.   not ok 47 layout2_overlay.no_restriction
> > > //.   not ok 48 layout2_overlay.same_content_different_file
> > > //  Ptrace 8/8 pass
> >
> > Hmm, well, it is not related to Yama then. Could it be linked to other
> > Chromium OS non-upstream patches?

More information about the Linux-security-module-archive mailing list