[LTP] [PATCH v3 09/11] Add landlock04 test

Li Wang liwang@redhat.com
Wed Jul 24 15:41:07 CEST 2024 

On Wed, Jul 24, 2024 at 9:37 PM Li Wang <liwang@redhat.com> wrote:

>
>
> On Wed, Jul 24, 2024 at 9:30 PM Petr Vorel <pvorel@suse.cz> wrote:
>
>> Hi Li, Andrea,
>>
>> > Hi Petr, Andrea,
>> ...
>> > > ...
>> > > tst_supported_fs_types.c:97: TINFO: Kernel supports tmpfs
>> > > tst_supported_fs_types.c:49: TINFO: mkfs is not needed for tmpfs
>> > > tst_test.c:1746: TINFO: === Testing on ext2 ===
>> > > tst_test.c:1111: TINFO: Formatting /dev/loop1 with ext2 opts='' extra
>> > > opts=''
>> > > mke2fs 1.47.0 (5-Feb-2023)
>> > > tst_test.c:1123: TINFO: Mounting /dev/loop1 to
>> /tmp/LTP_lant6WbKJ/sandbox
>> > > fstyp=ext2 flags=0
>> > > landlock_common.h:30: TINFO: Landlock ABI v3
>> > > landlock04.c:151: TINFO: Testing LANDLOCK_ACCESS_FS_EXECUTE
>> > > landlock04.c:123: TINFO: Enable read/exec permissions for
>> > > /usr/lib/i386-linux-gnu/libc.so.6
>> > > landlock04.c:131: TBROK: landlock_add_rule(3, 1, 0xf7f13ff4, 0):
>> EINVAL
>> > > (22)
>>
>>
>> > Possibly that's because the 'LANDLOCK_RULE_PATH_BENEATH'  was
>> > refactored from the v6.7 mainline kernel, so it can't add the rule
>> correctly
>> > with older kernels.
>>
>> > commit 0e0fc7e8eb4a11bd9f89a9c74bc7c0e144c56203
>> > Author: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
>> > Date:   Thu Oct 26 09:47:46 2023 +0800
>>
>> >     landlock: Refactor landlock_add_rule() syscall
>>
>> > But this is my guess (through reading the code), I didn't do more to
>> > verify that by installing such a kernel.
>>
>> Thanks, Li,  for a hint. Quick test shows that it's working on 6.9.9, but
>> broken
>> with with 6.6.x or 6.5.x, also reproduced on more distros. I'll verify
>> this
>> specific commit, I suppose we should require 6.7, right?
>>
>
And BTW, the below commit is another (on my suspicion list) that needs
check.

commit 13fc6455fa19b0859e1b9640bf09903bec8df4f4
Author: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Date:   Thu Oct 26 09:47:40 2023 +0800

    landlock: Make ruleset's access masks more generic


> I think YES, 6.7 includes some vital improvement on the landlock syscall.
>
>
> --
> Regards,
> Li Wang
>


-- 
Regards,
Li Wang

More information about the ltp mailing list