From patchwork Mon Aug 22 11:46:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiu Jianfeng X-Patchwork-Id: 12950559 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D05DC49EC0 for ; Mon, 22 Aug 2022 11:51:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234623AbiHVLvZ (ORCPT ); Mon, 22 Aug 2022 07:51:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52458 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234860AbiHVLuP (ORCPT ); Mon, 22 Aug 2022 07:50:15 -0400 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DBB5C1408A; Mon, 22 Aug 2022 04:50:13 -0700 (PDT) Received: from dggpeml500023.china.huawei.com (unknown [172.30.72.56]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4MB9ZD4818zlWK1; Mon, 22 Aug 2022 19:47:00 +0800 (CST) Received: from ubuntu1804.huawei.com (10.67.174.58) by dggpeml500023.china.huawei.com (7.185.36.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 22 Aug 2022 19:50:11 +0800 From: Xiu Jianfeng To: , , , , , CC: , , , Subject: [PATCH -next 1/5] landlock: expand access_mask_t to u32 type Date: Mon, 22 Aug 2022 19:46:57 +0800 Message-ID: <20220822114701.26975-2-xiujianfeng@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220822114701.26975-1-xiujianfeng@huawei.com> References: <20220822114701.26975-1-xiujianfeng@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.67.174.58] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To dggpeml500023.china.huawei.com (7.185.36.114) X-CFilter-Loop: Reflected Precedence: bulk List-ID: u16 is not enough to add more types of restritions, so expand it to u32 Signed-off-by: Xiu Jianfeng --- security/landlock/ruleset.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/landlock/ruleset.h b/security/landlock/ruleset.h index d43231b783e4..607b3dc0ef19 100644 --- a/security/landlock/ruleset.h +++ b/security/landlock/ruleset.h @@ -19,7 +19,7 @@ #include "limits.h" #include "object.h" -typedef u16 access_mask_t; +typedef u32 access_mask_t; /* Makes sure all filesystem access rights can be stored. */ static_assert(BITS_PER_TYPE(access_mask_t) >= LANDLOCK_NUM_ACCESS_FS); /* Makes sure for_each_set_bit() and for_each_clear_bit() calls are OK. */ From patchwork Mon Aug 22 11:46:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiu Jianfeng X-Patchwork-Id: 12950558 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C8C8C32772 for ; Mon, 22 Aug 2022 11:51:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232686AbiHVLvZ (ORCPT ); Mon, 22 Aug 2022 07:51:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234865AbiHVLuQ (ORCPT ); Mon, 22 Aug 2022 07:50:16 -0400 Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B74551834A; Mon, 22 Aug 2022 04:50:14 -0700 (PDT) Received: from dggpeml500023.china.huawei.com (unknown [172.30.72.55]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4MB9Yw6yWSzkWdb; Mon, 22 Aug 2022 19:46:44 +0800 (CST) Received: from ubuntu1804.huawei.com (10.67.174.58) by dggpeml500023.china.huawei.com (7.185.36.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 22 Aug 2022 19:50:12 +0800 From: Xiu Jianfeng To: , , , , , CC: , , , Subject: [PATCH -next 2/5] landlock: add chmod and chown support Date: Mon, 22 Aug 2022 19:46:58 +0800 Message-ID: <20220822114701.26975-3-xiujianfeng@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220822114701.26975-1-xiujianfeng@huawei.com> References: <20220822114701.26975-1-xiujianfeng@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.67.174.58] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To dggpeml500023.china.huawei.com (7.185.36.114) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Add two flags LANDLOCK_ACCESS_FS_CHMOD and LANDLOCK_ACCESS_FS_CHOWN to support restriction to chmod(2) and chown(2) with landlock. Also change the landlock ABI version from 3 to 4. Signed-off-by: Xiu Jianfeng --- include/uapi/linux/landlock.h | 8 ++++++-- security/landlock/fs.c | 16 +++++++++++++++- security/landlock/limits.h | 2 +- security/landlock/syscalls.c | 2 +- tools/testing/selftests/landlock/base_test.c | 2 +- tools/testing/selftests/landlock/fs_test.c | 6 ++++-- 6 files changed, 28 insertions(+), 8 deletions(-) diff --git a/include/uapi/linux/landlock.h b/include/uapi/linux/landlock.h index 735b1fe8326e..5ce633c92722 100644 --- a/include/uapi/linux/landlock.h +++ b/include/uapi/linux/landlock.h @@ -141,13 +141,15 @@ struct landlock_path_beneath_attr { * directory) parent. Otherwise, such actions are denied with errno set to * EACCES. The EACCES errno prevails over EXDEV to let user space * efficiently deal with an unrecoverable error. + * - %LANDLOCK_ACCESS_FS_CHMOD: Change the file mode bits of a file. + * - %LANDLOCK_ACCESS_FS_CHOWN: Change the owner and/or group of a file. * * .. warning:: * * It is currently not possible to restrict some file-related actions * accessible through these syscall families: :manpage:`chdir(2)`, - * :manpage:`stat(2)`, :manpage:`flock(2)`, :manpage:`chmod(2)`, - * :manpage:`chown(2)`, :manpage:`setxattr(2)`, :manpage:`utime(2)`, + * :manpage:`stat(2)`, :manpage:`flock(2)`, + * :manpage:`setxattr(2)`, :manpage:`utime(2)`, * :manpage:`ioctl(2)`, :manpage:`fcntl(2)`, :manpage:`access(2)`. * Future Landlock evolutions will enable to restrict them. */ @@ -167,6 +169,8 @@ struct landlock_path_beneath_attr { #define LANDLOCK_ACCESS_FS_MAKE_SYM (1ULL << 12) #define LANDLOCK_ACCESS_FS_REFER (1ULL << 13) #define LANDLOCK_ACCESS_FS_TRUNCATE (1ULL << 14) +#define LANDLOCK_ACCESS_FS_CHMOD (1ULL << 15) +#define LANDLOCK_ACCESS_FS_CHOWN (1ULL << 16) /* clang-format on */ #endif /* _UAPI_LINUX_LANDLOCK_H */ diff --git a/security/landlock/fs.c b/security/landlock/fs.c index c57f581a9cd5..c25d5f89c8be 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -147,7 +147,9 @@ static struct landlock_object *get_inode_object(struct inode *const inode) LANDLOCK_ACCESS_FS_EXECUTE | \ LANDLOCK_ACCESS_FS_WRITE_FILE | \ LANDLOCK_ACCESS_FS_READ_FILE | \ - LANDLOCK_ACCESS_FS_TRUNCATE) + LANDLOCK_ACCESS_FS_TRUNCATE | \ + LANDLOCK_ACCESS_FS_CHMOD | \ + LANDLOCK_ACCESS_FS_CHOWN) /* clang-format on */ /* @@ -1146,6 +1148,16 @@ static int hook_path_truncate(const struct path *const path) return current_check_access_path(path, LANDLOCK_ACCESS_FS_TRUNCATE); } +static int hook_path_chmod(const struct path *const dir, umode_t mode) +{ + return current_check_access_path(dir, LANDLOCK_ACCESS_FS_CHMOD); +} + +static int hook_path_chown(const struct path *const dir, kuid_t uid, kgid_t gid) +{ + return current_check_access_path(dir, LANDLOCK_ACCESS_FS_CHOWN); +} + /* File hooks */ static inline access_mask_t get_file_access(const struct file *const file) @@ -1199,6 +1211,8 @@ static struct security_hook_list landlock_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(path_unlink, hook_path_unlink), LSM_HOOK_INIT(path_rmdir, hook_path_rmdir), LSM_HOOK_INIT(path_truncate, hook_path_truncate), + LSM_HOOK_INIT(path_chmod, hook_path_chmod), + LSM_HOOK_INIT(path_chown, hook_path_chown), LSM_HOOK_INIT(file_open, hook_file_open), }; diff --git a/security/landlock/limits.h b/security/landlock/limits.h index 82288f0e9e5e..08858da7fb4f 100644 --- a/security/landlock/limits.h +++ b/security/landlock/limits.h @@ -18,7 +18,7 @@ #define LANDLOCK_MAX_NUM_LAYERS 16 #define LANDLOCK_MAX_NUM_RULES U32_MAX -#define LANDLOCK_LAST_ACCESS_FS LANDLOCK_ACCESS_FS_TRUNCATE +#define LANDLOCK_LAST_ACCESS_FS LANDLOCK_ACCESS_FS_CHOWN #define LANDLOCK_MASK_ACCESS_FS ((LANDLOCK_LAST_ACCESS_FS << 1) - 1) #define LANDLOCK_NUM_ACCESS_FS __const_hweight64(LANDLOCK_MASK_ACCESS_FS) diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c index f4d6fc7ed17f..469e0e11735c 100644 --- a/security/landlock/syscalls.c +++ b/security/landlock/syscalls.c @@ -129,7 +129,7 @@ static const struct file_operations ruleset_fops = { .write = fop_dummy_write, }; -#define LANDLOCK_ABI_VERSION 3 +#define LANDLOCK_ABI_VERSION 4 /** * sys_landlock_create_ruleset - Create a new ruleset diff --git a/tools/testing/selftests/landlock/base_test.c b/tools/testing/selftests/landlock/base_test.c index 72cdae277b02..9f00582f639c 100644 --- a/tools/testing/selftests/landlock/base_test.c +++ b/tools/testing/selftests/landlock/base_test.c @@ -75,7 +75,7 @@ TEST(abi_version) const struct landlock_ruleset_attr ruleset_attr = { .handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE, }; - ASSERT_EQ(3, landlock_create_ruleset(NULL, 0, + ASSERT_EQ(4, landlock_create_ruleset(NULL, 0, LANDLOCK_CREATE_RULESET_VERSION)); ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, 0, diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c index debe2d9ea6cf..5b55b93b5570 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -404,9 +404,11 @@ TEST_F_FORK(layout1, inval) LANDLOCK_ACCESS_FS_EXECUTE | \ LANDLOCK_ACCESS_FS_WRITE_FILE | \ LANDLOCK_ACCESS_FS_READ_FILE | \ - LANDLOCK_ACCESS_FS_TRUNCATE) + LANDLOCK_ACCESS_FS_TRUNCATE | \ + LANDLOCK_ACCESS_FS_CHMOD | \ + LANDLOCK_ACCESS_FS_CHOWN) -#define ACCESS_LAST LANDLOCK_ACCESS_FS_TRUNCATE +#define ACCESS_LAST LANDLOCK_ACCESS_FS_CHOWN #define ACCESS_ALL ( \ ACCESS_FILE | \ From patchwork Mon Aug 22 11:46:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiu Jianfeng X-Patchwork-Id: 12950560 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB279C49EC1 for ; Mon, 22 Aug 2022 11:51:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234797AbiHVLvY (ORCPT ); Mon, 22 Aug 2022 07:51:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52532 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234866AbiHVLuR (ORCPT ); Mon, 22 Aug 2022 07:50:17 -0400 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C34CE18E2D; Mon, 22 Aug 2022 04:50:15 -0700 (PDT) Received: from dggpeml500023.china.huawei.com (unknown [172.30.72.55]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4MB9c35BfHzGpmK; Mon, 22 Aug 2022 19:48:35 +0800 (CST) Received: from ubuntu1804.huawei.com (10.67.174.58) by dggpeml500023.china.huawei.com (7.185.36.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 22 Aug 2022 19:50:13 +0800 From: Xiu Jianfeng To: , , , , , CC: , , , Subject: [PATCH -next 3/5] landlock/selftests: add selftests for chmod and chown Date: Mon, 22 Aug 2022 19:46:59 +0800 Message-ID: <20220822114701.26975-4-xiujianfeng@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220822114701.26975-1-xiujianfeng@huawei.com> References: <20220822114701.26975-1-xiujianfeng@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.67.174.58] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To dggpeml500023.china.huawei.com (7.185.36.114) X-CFilter-Loop: Reflected Precedence: bulk List-ID: Add the following simple testcases: 1. chmod/fchmod: remove S_IWUSR and restore S_IWUSR with or without restriction. 2. chown/fchown: set original uid and gid with or without restriction, because chown needs CAP_CHOWN and testcase framework don't have this capability, setting original uid and gid is ok to cover landlock function. Signed-off-by: Xiu Jianfeng --- tools/testing/selftests/landlock/fs_test.c | 228 +++++++++++++++++++++ 1 file changed, 228 insertions(+) diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c index 5b55b93b5570..f47b4ccd2b26 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -59,6 +59,9 @@ static const char file2_s2d3[] = TMP_DIR "/s2d1/s2d2/s2d3/f2"; static const char dir_s3d1[] = TMP_DIR "/s3d1"; static const char file1_s3d1[] = TMP_DIR "/s3d1/f1"; +static const char file2_s3d1[] = TMP_DIR "/s3d1/f2"; +static const char file3_s3d1[] = TMP_DIR "/s3d1/f3"; + /* dir_s3d2 is a mount point. */ static const char dir_s3d2[] = TMP_DIR "/s3d1/s3d2"; static const char dir_s3d3[] = TMP_DIR "/s3d1/s3d2/s3d3"; @@ -211,6 +214,8 @@ static void create_layout1(struct __test_metadata *const _metadata) create_file(_metadata, file2_s2d3); create_file(_metadata, file1_s3d1); + create_file(_metadata, file2_s3d1); + create_file(_metadata, file3_s3d1); create_directory(_metadata, dir_s3d2); set_cap(_metadata, CAP_SYS_ADMIN); ASSERT_EQ(0, mount("tmp", dir_s3d2, "tmpfs", 0, "size=4m,mode=700")); @@ -234,6 +239,8 @@ static void remove_layout1(struct __test_metadata *const _metadata) EXPECT_EQ(0, remove_path(file1_s2d1)); EXPECT_EQ(0, remove_path(file1_s3d1)); + EXPECT_EQ(0, remove_path(file2_s3d1)); + EXPECT_EQ(0, remove_path(file3_s3d1)); EXPECT_EQ(0, remove_path(dir_s3d3)); set_cap(_metadata, CAP_SYS_ADMIN); umount(dir_s3d2); @@ -3272,6 +3279,227 @@ TEST_F_FORK(layout1, truncate) EXPECT_EQ(0, test_creat(file_in_dir_w)); } +static int test_chmod(const char *path) +{ + int ret; + struct stat st; + mode_t mode; + + ret = stat(path, &st); + if (ret < 0) + return errno; + /* save original mode in order to restore */ + mode = st.st_mode & 0777; + /* remove S_IWUSR */ + ret = chmod(path, mode & ~0200); + if (ret < 0) + return errno; + ret = stat(path, &st); + if (ret < 0) + return errno; + /* check if still has S_IWUSR */ + if (st.st_mode & 0200) + return -EFAULT; + /* restore the original mode */ + ret = chmod(path, mode); + if (ret < 0) + return errno; + return 0; +} + +static int test_fchmod(const char *path) +{ + int ret, fd; + struct stat st; + mode_t mode; + + ret = stat(path, &st); + if (ret < 0) + return errno; + /* save original mode in order to restore */ + mode = st.st_mode & 0777; + + fd = openat(AT_FDCWD, path, O_RDWR | O_CLOEXEC); + if (fd < 0) + return errno; + /* remove S_IWUSR */ + ret = fchmod(fd, mode & ~0200); + if (ret < 0) + goto err; + ret = stat(path, &st); + if (ret < 0) + goto err; + /* check if still has S_IWUSR */ + if (st.st_mode & 0200) { + ret = -1; + errno = -EFAULT; + goto err; + } + /* restore the original mode */ + ret = fchmod(fd, mode); +err: + if (close(fd) < 0) + return errno; + return ret ? errno : 0; +} + +static int test_chown(const char *path) +{ + int ret; + struct stat st; + + ret = stat(path, &st); + if (ret < 0) + return errno; + /* + * chown needs CAP_CHOWN to modify uid and/or gid, however + * there is no such capability when the testcases framework + * setup, so just chown to original uid/gid, which can also + * cover the function in landlock. + */ + ret = chown(path, st.st_uid, st.st_gid); + if (ret < 0) + return errno; + return 0; +} + +static int test_fchown(const char *path) +{ + int ret, fd; + struct stat st; + + ret = stat(path, &st); + if (ret < 0) + return errno; + fd = openat(AT_FDCWD, path, O_RDWR | O_CLOEXEC); + if (fd < 0) + return errno; + /* + * fchown needs CAP_CHOWN to modify uid and/or gid, however + * there is no such capability when the testcases framework + * setup, so just fchown to original uid/gid, which can also + * cover the function in landlock. + */ + ret = fchown(fd, st.st_uid, st.st_gid); + if (close(fd) < 0) + return errno; + return ret ? errno : 0; +} + +TEST_F_FORK(layout1, unhandled_chmod) +{ + const struct rule rules[] = { + { + .path = file2_s3d1, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + { + .path = file3_s3d1, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + {}, + }; + const int ruleset_fd = + create_ruleset(_metadata, ACCESS_RW, rules); + + ASSERT_LE(0, ruleset_fd); + enforce_ruleset(_metadata, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); + + ASSERT_EQ(0, test_chmod(file2_s3d1)); + ASSERT_EQ(0, test_fchmod(file2_s3d1)); + ASSERT_EQ(0, test_chmod(file3_s3d1)); + ASSERT_EQ(0, test_chmod(dir_s3d1)); +} + +TEST_F_FORK(layout1, chmod) +{ + const struct rule rules[] = { + { + .path = file2_s3d1, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE | + LANDLOCK_ACCESS_FS_CHMOD, + }, + { + .path = file3_s3d1, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + {}, + }; + const int ruleset_fd = + create_ruleset(_metadata, ACCESS_RW | LANDLOCK_ACCESS_FS_CHMOD, rules); + + ASSERT_LE(0, ruleset_fd); + enforce_ruleset(_metadata, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); + + ASSERT_EQ(0, test_chmod(file2_s3d1)); + ASSERT_EQ(0, test_fchmod(file2_s3d1)); + ASSERT_EQ(EACCES, test_chmod(file3_s3d1)); + ASSERT_EQ(EACCES, test_chmod(dir_s3d1)); +} + +TEST_F_FORK(layout1, no_chown) +{ + const struct rule rules[] = { + { + .path = file2_s3d1, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + { + .path = file3_s3d1, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + {}, + }; + const int ruleset_fd = + create_ruleset(_metadata, ACCESS_RW, rules); + + ASSERT_LE(0, ruleset_fd); + enforce_ruleset(_metadata, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); + + ASSERT_EQ(0, test_chown(file2_s3d1)); + ASSERT_EQ(0, test_fchown(file2_s3d1)); + ASSERT_EQ(0, test_chown(file3_s3d1)); + ASSERT_EQ(0, test_chown(dir_s3d1)); +} + +TEST_F_FORK(layout1, chown) +{ + const struct rule rules[] = { + { + .path = file2_s3d1, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE | + LANDLOCK_ACCESS_FS_CHOWN, + }, + { + .path = file3_s3d1, + .access = LANDLOCK_ACCESS_FS_READ_FILE | + LANDLOCK_ACCESS_FS_WRITE_FILE, + }, + {}, + }; + const int ruleset_fd = + create_ruleset(_metadata, ACCESS_RW | LANDLOCK_ACCESS_FS_CHOWN, rules); + + ASSERT_LE(0, ruleset_fd); + enforce_ruleset(_metadata, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); + + ASSERT_EQ(0, test_chown(file2_s3d1)); + ASSERT_EQ(0, test_fchown(file2_s3d1)); + ASSERT_EQ(EACCES, test_chown(file3_s3d1)); + ASSERT_EQ(EACCES, test_chown(dir_s3d1)); +} + /* clang-format off */ FIXTURE(layout1_bind) {}; /* clang-format on */ From patchwork Mon Aug 22 11:47:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiu Jianfeng X-Patchwork-Id: 12950562 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9822DC49EC2 for ; Mon, 22 Aug 2022 11:51:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234776AbiHVLvY (ORCPT ); Mon, 22 Aug 2022 07:51:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52526 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234867AbiHVLuR (ORCPT ); Mon, 22 Aug 2022 07:50:17 -0400 Received: from szxga03-in.huawei.com (szxga03-in.huawei.com [45.249.212.189]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0432E19C2B; Mon, 22 Aug 2022 04:50:16 -0700 (PDT) Received: from dggpeml500023.china.huawei.com (unknown [172.30.72.53]) by szxga03-in.huawei.com (SkyGuard) with ESMTP id 4MB9c4383BzGpmR; Mon, 22 Aug 2022 19:48:36 +0800 (CST) Received: from ubuntu1804.huawei.com (10.67.174.58) by dggpeml500023.china.huawei.com (7.185.36.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 22 Aug 2022 19:50:14 +0800 From: Xiu Jianfeng To: , , , , , CC: , , , Subject: [PATCH -next 4/5] landlock/samples: add chmod and chown support Date: Mon, 22 Aug 2022 19:47:00 +0800 Message-ID: <20220822114701.26975-5-xiujianfeng@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220822114701.26975-1-xiujianfeng@huawei.com> References: <20220822114701.26975-1-xiujianfeng@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.67.174.58] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To dggpeml500023.china.huawei.com (7.185.36.114) X-CFilter-Loop: Reflected Precedence: bulk List-ID: update landlock sample to support the new flags LANDLOCK_ACCESS_FS_{CHMOD, CHOWN} Signed-off-by: Xiu Jianfeng --- samples/landlock/sandboxer.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c index 771b6b10d519..8c9da47e8b19 100644 --- a/samples/landlock/sandboxer.c +++ b/samples/landlock/sandboxer.c @@ -77,7 +77,9 @@ static int parse_path(char *env_path, const char ***const path_list) LANDLOCK_ACCESS_FS_EXECUTE | \ LANDLOCK_ACCESS_FS_WRITE_FILE | \ LANDLOCK_ACCESS_FS_READ_FILE | \ - LANDLOCK_ACCESS_FS_TRUNCATE) + LANDLOCK_ACCESS_FS_TRUNCATE | \ + LANDLOCK_ACCESS_FS_CHMOD | \ + LANDLOCK_ACCESS_FS_CHOWN) /* clang-format on */ @@ -162,7 +164,9 @@ static int populate_ruleset(const char *const env_var, const int ruleset_fd, LANDLOCK_ACCESS_FS_MAKE_BLOCK | \ LANDLOCK_ACCESS_FS_MAKE_SYM | \ LANDLOCK_ACCESS_FS_REFER | \ - LANDLOCK_ACCESS_FS_TRUNCATE) + LANDLOCK_ACCESS_FS_TRUNCATE | \ + LANDLOCK_ACCESS_FS_CHMOD | \ + LANDLOCK_ACCESS_FS_CHOWN) /* clang-format on */ @@ -233,6 +237,10 @@ int main(const int argc, char *const argv[], char *const *const envp) case 2: /* Removes LANDLOCK_ACCESS_FS_TRUNCATE for ABI < 3 */ ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_TRUNCATE; + case 3: + /* Removes LANDLOCK_ACCESS_FS_{CHMOD, CHOWN} for ABI < 4 */ + ruleset_attr.handled_access_fs &= ~(LANDLOCK_ACCESS_FS_CHMOD | + LANDLOCK_ACCESS_FS_CHOWN); } access_fs_ro &= ruleset_attr.handled_access_fs; access_fs_rw &= ruleset_attr.handled_access_fs; From patchwork Mon Aug 22 11:47:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Xiu Jianfeng X-Patchwork-Id: 12950561 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5118DC32789 for ; Mon, 22 Aug 2022 11:51:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232988AbiHVLv0 (ORCPT ); Mon, 22 Aug 2022 07:51:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52544 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234870AbiHVLuR (ORCPT ); Mon, 22 Aug 2022 07:50:17 -0400 Received: from szxga08-in.huawei.com (szxga08-in.huawei.com [45.249.212.255]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11F34B862; Mon, 22 Aug 2022 04:50:17 -0700 (PDT) Received: from dggpeml500023.china.huawei.com (unknown [172.30.72.53]) by szxga08-in.huawei.com (SkyGuard) with ESMTP id 4MB9Yz4dSfz1N7Tt; Mon, 22 Aug 2022 19:46:47 +0800 (CST) Received: from ubuntu1804.huawei.com (10.67.174.58) by dggpeml500023.china.huawei.com (7.185.36.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Mon, 22 Aug 2022 19:50:14 +0800 From: Xiu Jianfeng To: , , , , , CC: , , , Subject: [PATCH -next 5/5] landlock: update chmod and chown support in document Date: Mon, 22 Aug 2022 19:47:01 +0800 Message-ID: <20220822114701.26975-6-xiujianfeng@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220822114701.26975-1-xiujianfeng@huawei.com> References: <20220822114701.26975-1-xiujianfeng@huawei.com> MIME-Version: 1.0 X-Originating-IP: [10.67.174.58] X-ClientProxiedBy: dggems706-chm.china.huawei.com (10.3.19.183) To dggpeml500023.china.huawei.com (7.185.36.114) X-CFilter-Loop: Reflected Precedence: bulk List-ID: update LANDLOCK_ACCESS_FS_{CHMOD, CHOWN} support and add abi change in the document. Signed-off-by: Xiu Jianfeng --- Documentation/userspace-api/landlock.rst | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Documentation/userspace-api/landlock.rst b/Documentation/userspace-api/landlock.rst index 2509c2fbf98f..05ab338db529 100644 --- a/Documentation/userspace-api/landlock.rst +++ b/Documentation/userspace-api/landlock.rst @@ -61,7 +61,9 @@ the need to be explicit about the denied-by-default access rights. LANDLOCK_ACCESS_FS_MAKE_BLOCK | LANDLOCK_ACCESS_FS_MAKE_SYM | LANDLOCK_ACCESS_FS_REFER | - LANDLOCK_ACCESS_FS_TRUNCATE, + LANDLOCK_ACCESS_FS_TRUNCATE | + LANDLOCK_ACCESS_FS_CHMOD | + LANDLOCK_ACCESS_FS_CHOWN }; Because we may not know on which kernel version an application will be @@ -90,6 +92,10 @@ the ABI. case 2: /* Removes LANDLOCK_ACCESS_FS_TRUNCATE for ABI < 3 */ ruleset_attr.handled_access_fs &= ~LANDLOCK_ACCESS_FS_TRUNCATE; + case 3: + /* Removes LANDLOCK_ACCESS_FS_{CHMOD, CHOWN} for ABI < 4 */ + ruleset_attr.handled_access_fs &= ~(LANDLOCK_ACCESS_FS_CHMOD | + LANDLOCK_ACCESS_FS_CHOWN); } This enables to create an inclusive ruleset that will contain our rules.