From patchwork Mon Jun 12 19:14:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 13277210 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3350C88CB6 for ; Mon, 12 Jun 2023 19:22:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235438AbjFLTWx (ORCPT ); Mon, 12 Jun 2023 15:22:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46440 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238104AbjFLTOw (ORCPT ); Mon, 12 Jun 2023 15:14:52 -0400 Received: from smtp-42ae.mail.infomaniak.ch (smtp-42ae.mail.infomaniak.ch [IPv6:2001:1600:4:17::42ae]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AEE38E5F for ; Mon, 12 Jun 2023 12:14:46 -0700 (PDT) Received: from smtp-3-0000.mail.infomaniak.ch (unknown [10.4.36.107]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4Qg1b81s3LzMqCyZ; Mon, 12 Jun 2023 19:14:44 +0000 (UTC) Received: from unknown by smtp-3-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4Qg1b75Tf7z1WQB; Mon, 12 Jun 2023 21:14:43 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net; s=20191114; t=1686597284; bh=rdq7EKwH+l6EhCxvoupgKx8qdCnnuE3Os8siRpqviNw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Aj6RUB32YFovramb9TLjqqZlUyMhPrODkprhKMa2gNJOB5yCe3nk0/Q+cJ0nS93Za o44bVYwF5zkBAKig0VZO37R6v7p2lg9tUq45TXjF1v1tfiavqA0brzv2CXQaj0PbBI 5F3+Hctn70LtjlTYCg+XNXutHIDkeJ5/DPFMB4EI= From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: Anton Ivanov , Johannes Berg , Richard Weinberger Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , Christopher Obbard , Guenter Roeck , =?utf-8?q?G=C3=BCnther_Noack?= , Jakub Kicinski , James Morris , Jeff Xu , Kees Cook , Paul Moore , Ritesh Raj Sarraf , Roberto Sassu , "Serge E . Hallyn" , Shuah Khan , Sjoerd Simons , Willem de Bruijn , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v2 6/6] selftests/landlock: Add hostfs tests Date: Mon, 12 Jun 2023 21:14:30 +0200 Message-ID: <20230612191430.339153-7-mic@digikod.net> In-Reply-To: <20230612191430.339153-1-mic@digikod.net> References: <20230612191430.339153-1-mic@digikod.net> MIME-Version: 1.0 X-Infomaniak-Routing: alpha Precedence: bulk List-ID: X-Mailing-List: linux-kselftest@vger.kernel.org Add tests for the hostfs filesystems to make sure it has a consistent inode management, which is required for Landlock's file hierarchy identification. This adds 5 new tests for layout3_fs with the hostfs variant. Add hostfs to the new (architecture-specific) config.um file. The hostfs filesystem, only available for an User-Mode Linux kernel, is special because we cannot explicitly mount it. The layout3_fs.hostfs variant tests are skipped if the current test directory is not backed by this filesystem. The layout3_fs.hostfs.tag_inode_dir_child and layout3_fs.hostfs.tag_inode_file tests pass thanks to a previous commit fixing hostfs inode management. Without this fix, the deny-by-default policy would apply and all access requests would be denied. Signed-off-by: Mickaël Salaün --- tools/testing/selftests/landlock/config.um | 1 + tools/testing/selftests/landlock/fs_test.c | 28 +++++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 tools/testing/selftests/landlock/config.um diff --git a/tools/testing/selftests/landlock/config.um b/tools/testing/selftests/landlock/config.um new file mode 100644 index 000000000000..40937c0395d6 --- /dev/null +++ b/tools/testing/selftests/landlock/config.um @@ -0,0 +1 @@ +CONFIG_HOSTFS=y diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c index 2911b5241583..83d565569512 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -10,6 +10,7 @@ #define _GNU_SOURCE #include #include +#include #include #include #include @@ -19,6 +20,7 @@ #include #include #include +#include #include #include "common.h" @@ -135,6 +137,19 @@ static bool supports_filesystem(const char *const filesystem) return res; } +static bool cwd_matches_fs(unsigned int fs_magic) +{ + struct statfs statfs_buf; + + if (!fs_magic) + return true; + + if (statfs(".", &statfs_buf)) + return true; + + return statfs_buf.f_type == fs_magic; +} + static void mkdir_parents(struct __test_metadata *const _metadata, const char *const path) { @@ -4500,6 +4515,7 @@ FIXTURE_VARIANT(layout3_fs) { const struct mnt_opt mnt; const char *const file_path; + unsigned int cwd_fs_magic; }; /* clang-format off */ @@ -4538,13 +4554,23 @@ FIXTURE_VARIANT_ADD(layout3_fs, sysfs) { .file_path = TMP_DIR "/kernel/notes", }; +FIXTURE_VARIANT_ADD(layout3_fs, hostfs) { + .mnt = { + .source = TMP_DIR, + .flags = MS_BIND, + }, + .file_path = TMP_DIR "/dir/file", + .cwd_fs_magic = HOSTFS_SUPER_MAGIC, +}; + FIXTURE_SETUP(layout3_fs) { struct stat statbuf; const char *slash; size_t dir_len; - if (!supports_filesystem(variant->mnt.type)) { + if (!supports_filesystem(variant->mnt.type) || + !cwd_matches_fs(variant->cwd_fs_magic)) { self->skip_test = true; SKIP(return, "this filesystem is not supported (setup)"); }