[PATCH v6 7/9] landlock/selftests: Check that coredump sockets stay unrestricted
Mickaël Salaün
mic at digikod.net
Wed Mar 18 16:53:59 UTC 2026
On Sun, Mar 15, 2026 at 11:21:48PM +0100, Günther Noack wrote:
> Even when a process is restricted with the new
> LANDLOCK_ACCESS_FS_RESOLVE_SOCKET right, the kernel can continue
LANDLOCK_ACCESS_FS_RESOLVE_UNIX (twice)
> writing its coredump to the configured coredump socket.
>
> In the test, we create a local server and rewire the system to write
> coredumps into it. We then create a child process within a Landlock
> domain where LANDLOCK_ACCESS_FS_RESOLVE_SOCKET is restricted and make
> the process crash. The test uses SO_PEERCRED to check that the
> connecting client process is the expected one.
>
> Includes a fix by Mickaël Salaün for setting the EUID to 0 (see [1]).
>
> Link[1]: https://lore.kernel.org/all/20260218.ohth8theu8Yi@digikod.net/
> Suggested-by: Mickaël Salaün <mic at digikod.net>
> Signed-off-by: Günther Noack <gnoack3000 at gmail.com>
> ---
> tools/testing/selftests/landlock/fs_test.c | 141 +++++++++++++++++++++
> 1 file changed, 141 insertions(+)
More information about the Linux-security-module-archive
mailing list