[LTP] [PATCH 3/4] landlock: add landlock09 test
Cyril Hrubis
chrubis@suse.cz
Thu Mar 27 17:50:03 CET 2025
Hi!
> Create landlock09 test in order to verify that sandboxed processes
> enforced with LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET rule can't
> connect to any UNIX socket from non-sandboxed processes.
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
> testcases/kernel/syscalls/landlock/.gitignore | 1 +
> testcases/kernel/syscalls/landlock/landlock09.c | 132 +++++++++++++++++++++
> .../kernel/syscalls/landlock/landlock_common.h | 11 ++
> 3 files changed, 144 insertions(+)
Runtest entry?
> +/*\
> + * Verify that landlock's LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET rule reject any
> + * connect() coming from a client on a different server domain, but accept any
> + * connection.
> + */
> +
> +#include "tst_test.h"
> +#include "landlock_common.h"
> +
> +#define SOCKET_NAME "test.sock"
> +#define ABSTRACT_SOCKET_NAME "\0"SOCKET_NAME
> +#define SOCKET_LENGTH (offsetof(struct sockaddr_un, sun_path) + strlen(SOCKET_NAME) + 1)
^
SIZE
> +enum {
> + DOMAIN_CLIENT = 0,
> + DOMAIN_SERVER,
> + DOMAIN_BOTH,
> + DOMAIN_LENGTH,
^
CNT
Other than that:
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
--
Cyril Hrubis
chrubis@suse.cz
More information about the ltp
mailing list