github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/sys/linux/test/landlock_fs_forbidden

github.com/google/syzkaller@v0.0.0-20251211124644-a066d2bc4b02/sys/linux/test/landlock_fs_forbidden (about)

     1  # Access denied to whole syscalls, which return EPERM.
     2  
     3  # Makes a private mount point for MS_MOVE.
     4  
     5  mkdirat(0xffffffffffffff9c, &AUTO='./file0\x00', 0x1c0)
     6  mount$tmpfs(0x0, &AUTO='./file0\x00', &AUTO='tmpfs\x00', 0x0, 0x0)
     7  mount$bind(&AUTO='\x00', &AUTO='./file0\x00', &AUTO='pipefs\x00', 0x40000, 0x0)
     8  mkdirat(0xffffffffffffff9c, &AUTO='./file0/file0\x00', 0x1c0)
     9  mount$tmpfs(0x0, &AUTO='./file0/file0\x00', &AUTO='tmpfs\x00', 0x0, 0x0)
    10  mkdirat(0xffffffffffffff9c, &AUTO='./file0/file1\x00', 0x1c0)
    11  
    12  # Creates a first ruleset to restrict execution.
    13  
    14  r0 = landlock_create_ruleset(&AUTO={0x1, 0x0, 0x0}, AUTO, 0x0)
    15  prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
    16  landlock_restrict_self(r0, 0x0)
    17  
    18  # Checks hook_sb_mount().
    19  
    20  mount$tmpfs(0x0, &AUTO='./file0/file1\x00', &AUTO='tmpfs\x00', 0x0, 0x0) # EPERM
    21  
    22  # Checks hook_sb_umount().
    23  
    24  umount2(&AUTO='./file0/file0\x00', 0x0) # EPERM
    25  
    26  # Checks hook_move_mount().
    27  
    28  move_mount(0xffffffffffffff9c, &AUTO='./file0/file0\x00', 0xffffffffffffff9c, &AUTO='./file0/file0\x00', 0x0) # EPERM
    29  
    30  # Checks hook_sb_remount().
    31  
    32  mount$bind(&AUTO='\x00', &AUTO='./file0/file0\x00', &AUTO='pipefs\x00', 0x21, 0x0) # EPERM
    33  
    34  # Checks hook_sb_pivotroot().
    35  
    36  pivot_root(&AUTO='./file0\x00', &AUTO='./file0/file0\x00') # EPERM