github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/test/landlock_fs_reparent

github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/test/landlock_fs_reparent (about)

     1  # Creates a file hierarchy with a mount point.
     2  
     3  mkdirat(0xffffffffffffff9c, &AUTO='./file0\x00', 0x1c0)
     4  mkdirat(0xffffffffffffff9c, &AUTO='./file1\x00', 0x1c0)
     5  mknodat(0xffffffffffffff9c, &AUTO='./file1/file2\x00', 0x81c0, 0x0)
     6  mkdirat(0xffffffffffffff9c, &AUTO='./file1/file3\x00', 0x1c0)
     7  mkdirat(0xffffffffffffff9c, &AUTO='./file1/file4\x00', 0x1c0)
     8  mount$tmpfs(0x0, &AUTO='./file1/file4\x00', &AUTO='tmpfs\x00', 0x0, 0x0)
     9  mknodat(0xffffffffffffff9c, &AUTO='./file1/file4/file5\x00', 0x81c0, 0x0)
    10  mkdirat(0xffffffffffffff9c, &AUTO='./file1/file4/file6\x00', 0x1c0)
    11  mkdirat(0xffffffffffffff9c, &AUTO='./file1/file4/file7\x00', 0x1c0)
    12  
    13  # Creates a ruleset to restrict file linking/renaming and execution (to get an extra access right).
    14  
    15  r0 = landlock_create_ruleset(&AUTO={0x2001, 0x0}, AUTO, 0x0)
    16  
    17  # Allows link and rename from and to file1.
    18  
    19  r1 = openat$dir(0xffffffffffffff9c, &AUTO='./file1\x00', 0x200000, 0x0)
    20  landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, AUTO, &AUTO={0x2000, r1}, 0x0)
    21  
    22  # No need to close FDs for this test.
    23  
    24  # Enforces the first ruleset.
    25  
    26  prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
    27  landlock_restrict_self(r0, 0x0)
    28  
    29  # Denied link, rename and exchange.
    30  
    31  linkat(0xffffffffffffff9c, &AUTO='./file1/file2\x00', 0xffffffffffffff9c, &AUTO='./file0/file2\x00', 0x0) # EXDEV
    32  renameat2(0xffffffffffffff9c, &AUTO='./file1/file3\x00', 0xffffffffffffff9c, &AUTO='./file0/file3\x00', 0x0) # EXDEV
    33  renameat2(0xffffffffffffff9c, &AUTO='./file1/file2\x00', 0xffffffffffffff9c, &AUTO='./file0\x00', 0x2) # EXDEV
    34  
    35  # Allowed link, rename and exchange with access right beneath the mount point.
    36  
    37  linkat(0xffffffffffffff9c, &AUTO='./file1/file4/file5\x00', 0xffffffffffffff9c, &AUTO='./file1/file4/file7/file5\x00', 0x0)
    38  renameat2(0xffffffffffffff9c, &AUTO='./file1/file4/file6\x00', 0xffffffffffffff9c, &AUTO='./file1/file4/file7/file6\x00', 0x0)
    39  renameat2(0xffffffffffffff9c, &AUTO='./file1/file4/file5\x00', 0xffffffffffffff9c, &AUTO='./file1/file4/file7/file6\x00', 0x2)