[LTP] [PATCH 03/10] Add landlock SAFE_* macros
Li Wang
liwang@redhat.com
Tue Jul 2 09:47:18 CEST 2024
Reviewed-by: Li Wang <liwang@redhat.com>
On Mon, Jul 1, 2024 at 11:43 PM Andrea Cervesato <andrea.cervesato@suse.de>
wrote:
> From: Andrea Cervesato <andrea.cervesato@suse.com>
>
> Added three more SAFE_* macros for landlock sandbox:
>
> - SAFE_LANDLOCK_CREATE_RULESET
> - SAFE_LANDLOCK_ADD_RULE
> - SAFE_LANDLOCK_RESTRICT_SELF
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
> include/tst_safe_macros.h | 19 ++++++++++++++++++
> lib/tst_safe_macros.c | 50
> +++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 69 insertions(+)
>
> diff --git a/include/tst_safe_macros.h b/include/tst_safe_macros.h
> index 08b8e930a..7748bd34f 100644
> --- a/include/tst_safe_macros.h
> +++ b/include/tst_safe_macros.h
> @@ -14,6 +14,7 @@
> #include <sys/stat.h>
> #include <sys/vfs.h>
> #include <sys/sysinfo.h>
> +#include <linux/landlock.h>
> #include <fcntl.h>
> #include <libgen.h>
> #include <signal.h>
> @@ -503,4 +504,22 @@ int safe_sscanf(const char *file, const int lineno,
> const char *restrict buffer,
> #define SAFE_SSCANF(buffer, format, ...) \
> safe_sscanf(__FILE__, __LINE__, (buffer), (format),
> ##__VA_ARGS__)
>
> +int safe_landlock_create_ruleset(const char *file, const int lineno,
> + const struct landlock_ruleset_attr *attr,
> + size_t size , uint32_t flags);
> +#define SAFE_LANDLOCK_CREATE_RULESET(attr, size, flags) \
> + safe_landlock_create_ruleset(__FILE__, __LINE__, (attr), (size),
> (flags))
> +
> +int safe_landlock_add_rule(const char *file, const int lineno,
> + int ruleset_fd, enum landlock_rule_type rule_type,
> + const void *rule_attr, uint32_t flags);
> +#define SAFE_LANDLOCK_ADD_RULE(ruleset_fd, rule_type, rule_attr, flags) \
> + safe_landlock_add_rule(__FILE__, __LINE__, \
> + (ruleset_fd), (rule_type), (rule_attr), (flags))
> +
> +int safe_landlock_restrict_self(const char *file, const int lineno,
> + int ruleset_fd, int flags);
> +#define SAFE_LANDLOCK_RESTRICT_SELF(ruleset_fd, flags) \
> + safe_landlock_restrict_self(__FILE__, __LINE__, (ruleset_fd),
> (flags))
> +
> #endif /* TST_SAFE_MACROS_H__ */
> diff --git a/lib/tst_safe_macros.c b/lib/tst_safe_macros.c
> index 4e48c427b..ba997eb7c 100644
> --- a/lib/tst_safe_macros.c
> +++ b/lib/tst_safe_macros.c
> @@ -710,3 +710,53 @@ int safe_mprotect(const char *file, const int lineno,
>
> return rval;
> }
> +
> +
> +int safe_landlock_create_ruleset(const char *file, const int lineno,
> + const struct landlock_ruleset_attr *attr,
> + size_t size , uint32_t flags)
> +{
> + int rval;
> +
> + rval = tst_syscall(__NR_landlock_create_ruleset, attr, size,
> flags);
> + if (rval == -1) {
> + tst_brk_(file, lineno, TBROK | TERRNO,
> + "landlock_create_ruleset(%p, %lu, %u)",
> + attr, size, flags);
> + }
> +
> + return rval;
> +}
> +
> +int safe_landlock_add_rule(const char *file, const int lineno,
> + int ruleset_fd, enum landlock_rule_type rule_type,
> + const void *rule_attr, uint32_t flags)
> +{
> + int rval;
> +
> + rval = tst_syscall(__NR_landlock_add_rule,
> + ruleset_fd, rule_type, rule_attr, flags);
> +
> + if (rval == -1) {
> + tst_brk_(file, lineno, TBROK | TERRNO,
> + "landlock_add_rule(%d, %d, %p, %u)",
> + ruleset_fd, rule_type, rule_attr, flags);
> + }
> +
> + return rval;
> +}
> +
> +int safe_landlock_restrict_self(const char *file, const int lineno,
> + int ruleset_fd, int flags)
> +{
> + int rval;
> +
> + rval = tst_syscall(__NR_landlock_restrict_self, ruleset_fd, flags);
> + if (rval == -1) {
> + tst_brk_(file, lineno, TBROK | TERRNO,
> + "landlock_restrict_self(%d, %u)",
> + ruleset_fd, flags);
> + }
> +
> + return rval;
> +}
>
> --
> 2.43.0
>
>
> --
> Mailing list info: https://lists.linux.it/listinfo/ltp
>
>
--
Regards,
Li Wang
More information about the ltp
mailing list