github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/test/landlock_sb_delete (about) 1 # Creates a new mount point. 2 # 3 # Mounting requires some privileges: 4 # requires: -sandbox=setuid 5 6 mkdirat(0xffffffffffffff9c, &AUTO='./file0\x00', 0x1c0) 7 mount$tmpfs(0x0, &AUTO='./file0\x00', &AUTO='tmpfs\x00', 0x0, 0x0) 8 mkdirat(0xffffffffffffff9c, &AUTO='./file0/file0\x00', 0x1c0) 9 10 # Creates a simple directory. 11 12 mkdirat(0xffffffffffffff9c, &AUTO='./file1\x00', 0x1c0) 13 14 # Creates a ruleset with a reference to this mount point. 15 16 r0 = landlock_create_ruleset(&AUTO={0x100, 0x0}, AUTO, 0x0) 17 r1 = openat$dir(0xffffffffffffff9c, &AUTO='./file0\x00', 0x200000, 0x0) 18 landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, AUTO, &AUTO={0x100, r1}, 0x0) 19 20 # Add a second inode to cover both iput() calls. 21 22 r2 = openat$dir(0xffffffffffffff9c, &AUTO='./file0/file0\x00', 0x200000, 0x0) 23 landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, AUTO, &AUTO={0x100, r2}, 0x0) 24 25 # Removes other references to the mount point. 26 27 close(r2) 28 close(r1) 29 umount2(&AUTO='./file0\x00', 0x0) 30 31 # Extends this ruleset with a reference to a simple directory. 32 33 r3 = openat$dir(0xffffffffffffff9c, &AUTO='./file1\x00', 0x200000, 0x0) 34 landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, AUTO, &AUTO={0x100, r3}, 0x0) 35 36 # No need to close r3 for this test. 37 38 # Enforces the ruleset tied to a deleted superblock. 39 40 prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) 41 landlock_restrict_self(r0, 0x0) 42 close(r0) 43 44 # Creates a file: allowed by the ruleset. 45 46 mknodat(0xffffffffffffff9c, &AUTO='./file1/file0\x00', 0x81c0, 0x0) 47 48 # Tries to create a file: denied by the ruleset. 49 50 mknodat(0xffffffffffffff9c, &AUTO='./file2\x00', 0x81c0, 0x0) # EACCES