diff options
| author | Mickaël Salaün <mic@linux.microsoft.com> | 2023-10-10 18:28:59 +0200 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2023-10-13 13:15:32 +0000 |
| commit | 2f3c16ff202947ee7671f5b36c2cd294449ff26f (patch) | |
| tree | 34284618dc5d7d58c946c2eae031cb80f3766651 /sys/linux/test/landlock_layers | |
| parent | 6388bc36373b7e4e4dbac9101b34007e839a74bd (diff) | |
sys/linux: add the Landlock network rule type and access rights
Add the new lanlock_net_port_attr struct and related
LANDLOCK_ACCESS_NET_{BIND,CONNECT}_TCP flags for TCP access control.
Add landlock_ruleset_attr's handled_access_net field and fix
handled_access_fs name.
Update tests with the new landlock_ruleset_attr's handled_access_net
field.
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Diffstat (limited to 'sys/linux/test/landlock_layers')
| -rw-r--r-- | sys/linux/test/landlock_layers | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/linux/test/landlock_layers b/sys/linux/test/landlock_layers index fdc044963..166a4a930 100644 --- a/sys/linux/test/landlock_layers +++ b/sys/linux/test/landlock_layers @@ -5,7 +5,7 @@ mkdirat(0xffffffffffffff9c, &AUTO='./file0/file0\x00', 0x1c0) # Creates a first ruleset to restrict file creation. -r0 = landlock_create_ruleset(&AUTO={0x100}, AUTO, 0x0) +r0 = landlock_create_ruleset(&AUTO={0x100, 0x0}, AUTO, 0x0) r1 = openat$dir(0xffffffffffffff9c, &AUTO='./file0\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, AUTO, &AUTO={0x100, r1}, 0x0) @@ -27,7 +27,7 @@ mknodat(0xffffffffffffff9c, &AUTO='./file1\x00', 0x81c0, 0x0) # EACCES # Creates a second ruleset to restrict file removal. -r2 = landlock_create_ruleset(&AUTO={0x20}, AUTO, 0x0) +r2 = landlock_create_ruleset(&AUTO={0x20, 0x0}, AUTO, 0x0) r3 = openat$dir(0xffffffffffffff9c, &AUTO='./file0/file0\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, AUTO, &AUTO={0x20, r3}, 0x0) |