github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/test/landlock_fs_truncate (about)

     1  # Makes regular files.
     2  
     3  mknodat(0xffffffffffffff9c, &AUTO='./file0\x00', 0x81c0, 0x0)
     4  mknodat(0xffffffffffffff9c, &AUTO='./file1\x00', 0x81c0, 0x0)
     5  
     6  # Opens each file in write mode before sandboxing.
     7  
     8  r0 = openat$dir(0xffffffffffffff9c, &AUTO='./file0\x00', 0x1, 0x0)
     9  r1 = openat$dir(0xffffffffffffff9c, &AUTO='./file1\x00', 0x1, 0x0)
    10  
    11  # Creates a ruleset to restrict file truncation: LANDLOCK_ACCESS_FS_TRUNCATE.
    12  
    13  r2 = landlock_create_ruleset(&AUTO={0x4000, 0x0}, AUTO, 0x0)
    14  
    15  # Allows truncation of file1.
    16  
    17  landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, AUTO, &AUTO={0x4000, r1}, 0x0)
    18  
    19  # No need to close FDs for this test.
    20  
    21  # Enforces the first ruleset.
    22  
    23  prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
    24  landlock_restrict_self(r2, 0x0)
    25  
    26  # Opens each file in write mode after sandboxing.
    27  
    28  r3 = openat$dir(0xffffffffffffff9c, &AUTO='./file0\x00', 0x1, 0x0)
    29  r4 = openat$dir(0xffffffffffffff9c, &AUTO='./file1\x00', 0x1, 0x0)
    30  
    31  # Denied truncation.
    32  
    33  truncate(&AUTO='./file0\x00', 0x1) # EACCES
    34  ftruncate(r3, 0x1) # EACCES
    35  
    36  # Allowed truncation.
    37  
    38  truncate(&AUTO='./file1\x00', 0x1)
    39  ftruncate(r0, 0x1)
    40  ftruncate(r1, 0x1)
    41  ftruncate(r4, 0x1)