[PATCH] selftests/landlock: skip ptrace_test when YAMA is enabled

Jeff Xu jeffxu at google.com
Thu Jul 14 18:36:40 UTC 2022 

> > > Hmm, well, it is not related to Yama then. Could it be linked to other
> > > Chromium OS non-upstream patches?
> >
> >
> > fs_test.c 47 and 48 are failing in chromeOS because OVERLAYFS is not
> > enabled in chromeOS.
> > If there is a reliable way of detecting OVERLAYFS (checking mount
> > overlayfs is successful ? ), this is a good candidate to add SKIP.
> >

> IS_ENABLED(CONFIG_OVERLAY_FS) ?

Could be. Landlock selftest currently is a user space program though,
IS_ENABLED will depend on the kernel header during compile time.


On Wed, Jul 13, 2022 at 5:30 PM Guenter Roeck <groeck at google.com> wrote:
>
> On Wed, Jul 13, 2022 at 4:44 PM Jeff Xu <jeffxu at google.com> wrote:
> >
> > > > a correction:
> > > >
> > > >     =====================================
> > > >     case 0 - classic ptrace permissions: a process can PTRACE_ATTACH to
> > > >     any other
> > > >          process running under the same uid, as long as it is dumpable (i.e.
> > > >          did not transition uids, start privileged, or have called
> > > >          prctl(PR_SET_DUMPABLE...) already). Similarly, PTRACE_TRACEME is
> > > >          unchanged.
> > > >
> > > >     Test: All passing
> > > >
> > > > // Base_test: 7/7 pass.
> > > > // Fs_test 46/48 pass
> > > > //.   not ok 47 layout2_overlay.no_restriction
> > > > //.   not ok 48 layout2_overlay.same_content_different_file
> > > > //  Ptrace 8/8 pass
> >
> >
> > > Hmm, well, it is not related to Yama then. Could it be linked to other
> > > Chromium OS non-upstream patches?
> >
> >
> > fs_test.c 47 and 48 are failing in chromeOS because OVERLAYFS is not
> > enabled in chromeOS.
> > If there is a reliable way of detecting OVERLAYFS (checking mount
> > overlayfs is successful ? ), this is a good candidate to add SKIP.
> >
>
> IS_ENABLED(CONFIG_OVERLAY_FS) ?
>
> > Overall, all the failure of landlock selftest seen in chromeOS are
> > expected, we just need to modify the test.
> >
> > Thanks
> > Best Regards
> > Jeff
> >
> >
> >
> > On Thu, Jul 7, 2022 at 7:25 AM Mickaël Salaün <mic at digikod.net> wrote:
> > >
> > >
> > > On 07/07/2022 01:35, Jeff Xu wrote:
> > > > a correction:
> > > >
> > > >     =====================================
> > > >     case 0 - classic ptrace permissions: a process can PTRACE_ATTACH to
> > > >     any other
> > > >          process running under the same uid, as long as it is dumpable (i.e.
> > > >          did not transition uids, start privileged, or have called
> > > >          prctl(PR_SET_DUMPABLE...) already). Similarly, PTRACE_TRACEME is
> > > >          unchanged.
> > > >
> > > >     Test: All passing
> > > >
> > > > // Base_test: 7/7 pass.
> > > > // Fs_test 46/48 pass
> > > > //.   not ok 47 layout2_overlay.no_restriction
> > > > //.   not ok 48 layout2_overlay.same_content_different_file
> > > > //  Ptrace 8/8 pass
> > >
> > > Hmm, well, it is not related to Yama then. Could it be linked to other
> > > Chromium OS non-upstream patches?

More information about the Linux-security-module-archive mailing list