No subject

Dorine Tipo dorine.a.tipo at gmail.com
Thu Apr 4 12:16:21 UTC 2024 

Subject: [PATCH v3] selftests/landlock: Add tests for io_uring openat access control with Landlock rules

> What is tested exactly?

The test_ioring_op_openat() function is testing the enforcement of
Landlock rules for read-only access.
It's specifically checking whether the Landlock rules correctly allow or
deny read-only access to the specified file when using the openat system
call with io_uring. The test does this by preparing a submission queue
entry for the openat operation with io_uring_prep_openat(), submitting
this operation to the kernel via io_uring, and then checking the result.
If the operation is successful, it means that Landlock allowed the read-only
access as expected. If the operation fails, it means that Landlock correctly
denied the access.

> +static int test_ioring_op_openat(struct __test_metadata *const _metadata, const __u64 access, const char **paths)
> +{
> +     int ruleset_fd;
> +     int ret;
> +     struct io_uring ring;
> +     struct io_uring_sqe *sqe;
> +
> +     /* Test Allowed Access */
> +     const struct rule allowed_rule[] = {
> +             {
> +                     .path = paths[0],
> +                     .access = access,
> +             },
> +             {
> +                     .path = NULL,
> +             },
> +     };
> +
> +     ruleset_fd = create_ruleset(_metadata, allowed_rule[0].access, allowed_rule);
> +
> +     ASSERT_LE(0, ruleset_fd);
> +
> +     ret = io_uring_queue_init(32, &ring, 0);
> +
> +     ASSERT_EQ(0, ret);
> +
> +     /* Test allowed path */
> +     sqe = io_uring_get_sqe(&ring);
> +
> +     /* Prepare SQE  for the openat operation */
> +     io_uring_prep_openat(sqe, AT_FDCWD, paths[0], O_RDONLY, ruleset_fd);

> Can you please explain what this call to io_uring_prep_openat() do?

io_uring_prep_openat() prepares the submission queue entry for the openat
system call. In my tests the call to io_uring_prep_openat() is preparing
an openat operation to open a file at a certain path with read-only access.
This operation is then submitted to the kernel via io_uring, and the test
checks whether the operation is allowed or denied based on the define
Landlock rules.

More information about the Linux-security-module-archive mailing list