github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/sys/linux/test/landlock_fs_accesses (about) 1 # Create and access multiple type of files 2 3 # Makes a character device /dev/null 4 5 mknodat(0xffffffffffffff9c, &AUTO='./file0\x00', 0x21c0, 0x103) 6 7 # Makes a directory. 8 9 mkdirat(0xffffffffffffff9c, &AUTO='./file1\x00', 0x1c0) 10 11 # Makes a regular file. 12 13 mknodat(0xffffffffffffff9c, &AUTO='./file2\x00', 0x81c0, 0x0) 14 15 # Makes a socket. 16 17 mknodat(0xffffffffffffff9c, &AUTO='./file3\x00', 0xc1c0, 0x0) 18 19 # Makes a fifo. 20 21 mknodat(0xffffffffffffff9c, &AUTO='./file4\x00', 0x11c0, 0x0) 22 23 # Makes a block device /dev/loop0 24 25 mknodat(0xffffffffffffff9c, &AUTO='./file5\x00', 0x61c0, 0x700) 26 27 # Makes a symlink. 28 29 symlinkat(&AUTO='./file2\x00', 0xffffffffffffff9c, &AUTO='./file6\x00') 30 31 # Creates a ruleset to restrict all kind of file creation. 32 33 r0 = landlock_create_ruleset(&AUTO={0x1fff, 0x0, 0x0}, AUTO, 0x0) 34 prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) 35 landlock_restrict_self(r0, 0x0) 36 37 # No need to close this FD for this test. 38 39 # Checks LANDLOCK_ACCESS_FS_EXECUTE. 40 41 execveat(0xffffffffffffff9c, &AUTO='./file2\x00', 0x0, 0x0, 0x0) # EACCES 42 43 # Checks LANDLOCK_ACCESS_FS_WRITE_FILE. 44 45 openat$dir(0xffffffffffffff9c, &AUTO='./file2\x00', 0x1, 0x0) # EACCES 46 47 # Checks LANDLOCK_ACCESS_FS_READ_FILE. 48 49 openat$dir(0xffffffffffffff9c, &AUTO='./file2\x00', 0x0, 0x0) # EACCES 50 51 # Checks LANDLOCK_ACCESS_FS_READ_DIR. 52 53 openat$dir(0xffffffffffffff9c, &AUTO='./file1\x00', 0x0, 0x0) # EACCES 54 55 # Checks LANDLOCK_ACCESS_FS_REMOVE_DIR. 56 57 unlinkat(0xffffffffffffff9c, &AUTO='./file1\x00', 0x200) # EACCES 58 59 # Checks LANDLOCK_ACCESS_FS_REMOVE_FILE. 60 61 unlinkat(0xffffffffffffff9c, &AUTO='./file2\x00', 0x0) # EACCES 62 63 # Checks LANDLOCK_ACCESS_FS_MAKE_CHAR. 64 65 mknodat(0xffffffffffffff9c, &AUTO='./file7\x00', 0x21c0, 0x103) # EACCES 66 renameat2(0xffffffffffffff9c, &AUTO='./file0\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 67 linkat(0xffffffffffffff9c, &AUTO='./file0\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 68 69 # Checks LANDLOCK_ACCESS_FS_MAKE_DIR. 70 71 mkdirat(0xffffffffffffff9c, &AUTO='./file7\x00', 0x1c0) # EACCES 72 renameat2(0xffffffffffffff9c, &AUTO='./file1\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 73 74 # Checks LANDLOCK_ACCESS_FS_MAKE_REG. 75 76 mknodat(0xffffffffffffff9c, &AUTO='./file7\x00', 0x81c0, 0x0) # EACCES 77 renameat2(0xffffffffffffff9c, &AUTO='./file2\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 78 linkat(0xffffffffffffff9c, &AUTO='./file2\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 79 80 # Checks LANDLOCK_ACCESS_FS_MAKE_SOCK. 81 82 mknodat(0xffffffffffffff9c, &AUTO='./file7\x00', 0xc1c0, 0x0) # EACCES 83 renameat2(0xffffffffffffff9c, &AUTO='./file3\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 84 linkat(0xffffffffffffff9c, &AUTO='./file3\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 85 86 # Checks LANDLOCK_ACCESS_FS_MAKE_FIFO. 87 88 mknodat(0xffffffffffffff9c, &AUTO='./file7\x00', 0x11c0, 0x0) # EACCES 89 renameat2(0xffffffffffffff9c, &AUTO='./file4\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 90 linkat(0xffffffffffffff9c, &AUTO='./file4\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 91 92 # Checks LANDLOCK_ACCESS_FS_MAKE_BLOCK. 93 94 mknodat(0xffffffffffffff9c, &AUTO='./file7\x00', 0x61c0, 0x700) # EACCES 95 renameat2(0xffffffffffffff9c, &AUTO='./file5\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 96 linkat(0xffffffffffffff9c, &AUTO='./file5\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 97 98 # Checks LANDLOCK_ACCESS_FS_MAKE_SYM. 99 100 symlinkat(&AUTO='./file2\x00', 0xffffffffffffff9c, &AUTO='./file7\x00') # EACCES 101 renameat2(0xffffffffffffff9c, &AUTO='./file6\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES 102 linkat(0xffffffffffffff9c, &AUTO='./file6\x00', 0xffffffffffffff9c, &AUTO='./file7\x00', 0x0) # EACCES