[PATCH v10 7/9] selftests/landlock: Check IOCTL restrictions for named UNIX domain sockets
Mickaël Salaün
mic at digikod.net
Fri Mar 22 07:57:18 UTC 2024
On Sat, Mar 09, 2024 at 07:53:18AM +0000, Günther Noack wrote:
> Suggested-by: Mickaël Salaün <mic at digikod.net>
> Signed-off-by: Günther Noack <gnoack at google.com>
> ---
> tools/testing/selftests/landlock/fs_test.c | 53 ++++++++++++++++++++++
> 1 file changed, 53 insertions(+)
>
> diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
> index d991f44875bc..941e6f9702b7 100644
> --- a/tools/testing/selftests/landlock/fs_test.c
> +++ b/tools/testing/selftests/landlock/fs_test.c
> @@ -20,8 +20,10 @@
> #include <sys/mount.h>
> #include <sys/prctl.h>
> #include <sys/sendfile.h>
> +#include <sys/socket.h>
> #include <sys/stat.h>
> #include <sys/sysmacros.h>
> +#include <sys/un.h>
> #include <sys/vfs.h>
> #include <unistd.h>
>
> @@ -3976,6 +3978,57 @@ TEST_F_FORK(layout1, named_pipe_ioctl)
> ASSERT_EQ(child_pid, waitpid(child_pid, NULL, 0));
> }
>
> +/* For named UNIX domain sockets, no IOCTL restrictions apply. */
> +TEST_F_FORK(layout1, named_unix_domain_socket_ioctl)
> +{
> + const char *const path = file1_s1d1;
> + int srv_fd, cli_fd, ruleset_fd;
> + socklen_t size;
> + struct sockaddr_un srv_un, cli_un;
> + const struct landlock_ruleset_attr attr = {
> + .handled_access_fs = LANDLOCK_ACCESS_FS_IOCTL_DEV,
> + };
> +
> + /* Sets up a server */
> + srv_un.sun_family = AF_UNIX;
> + strncpy(srv_un.sun_path, path, sizeof(srv_un.sun_path));
> +
> + ASSERT_EQ(0, unlink(path));
> + ASSERT_LE(0, (srv_fd = socket(AF_UNIX, SOCK_STREAM, 0)));
> +
> + size = offsetof(struct sockaddr_un, sun_path) + strlen(srv_un.sun_path);
> + ASSERT_EQ(0, bind(srv_fd, (struct sockaddr *)&srv_un, size));
> + ASSERT_EQ(0, listen(srv_fd, 10 /* qlen */));
> +
> + /* Enables Landlock. */
> + ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
> + ASSERT_LE(0, ruleset_fd);
> + enforce_ruleset(_metadata, ruleset_fd);
> + ASSERT_EQ(0, close(ruleset_fd));
> +
> + /* Sets up a client connection to it */
> + cli_un.sun_family = AF_UNIX;
> + snprintf(cli_un.sun_path, sizeof(cli_un.sun_path), "%s%ld", path,
> + (long)getpid());
I don't think it is useful to have a unique sun_path for a named unix
socket, that's the purpose of naming it right?
> +
> + ASSERT_LE(0, (cli_fd = socket(AF_UNIX, SOCK_STREAM, 0)));
> +
> + size = offsetof(struct sockaddr_un, sun_path) + strlen(cli_un.sun_path);
> + ASSERT_EQ(0, bind(cli_fd, (struct sockaddr *)&cli_un, size));
> +
> + bzero(&cli_un, sizeof(cli_un));
> + cli_un.sun_family = AF_UNIX;
> + strncpy(cli_un.sun_path, path, sizeof(cli_un.sun_path));
> + size = offsetof(struct sockaddr_un, sun_path) + strlen(cli_un.sun_path);
> +
> + ASSERT_EQ(0, connect(cli_fd, (struct sockaddr *)&cli_un, size));
> +
> + /* FIONREAD and other IOCTLs should not be forbidden. */
> + EXPECT_EQ(0, test_fionread_ioctl(cli_fd));
> +
> + ASSERT_EQ(0, close(cli_fd));
> +}
> +
> /* clang-format off */
> FIXTURE(ioctl) {};
>
> --
> 2.44.0.278.ge034bb2e1d-goog
>
>
More information about the Linux-security-module-archive
mailing list