sys/linux/test: add landlock_ptrace

This test helps cover security/landlock/ptrace.c Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
author: Mickaël Salaün <mic@linux.microsoft.com> 2021-02-02 10:23:50 +0000
committer: Dmitry Vyukov <dvyukov@google.com> 2021-03-19 16:08:51 +0100
commit: 202b9abd57bf407ca295c2fd0027de3ac854c1df (patch)
tree: dff208d906372ac8f20a78fb4768bff7e30bec1e /sys/linux/test
parent: a2e1314e4dc6b1ae80dc161d947034813986999e (diff)
1 files changed, 40 insertions, 0 deletions
diff --git a/sys/linux/test/landlock_ptrace b/sys/linux/test/landlock_ptrace
new file mode 100644
index 000000000..e3037386d
--- /dev/null
+++ b/sys/linux/test/landlock_ptrace
@@ -0,0 +1,40 @@
+# Creates independent Landlock hierarchies and try different tracer/tracee
+# schemas (without scheduling control).
+#
+# fork() is not available for the following architectures:
+# requires: -arch=arm64 -arch=riscv64
+
+capset(&AUTO={0x20080522, 0x0}, &AUTO={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
+prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
+
+r0 = fork()
+
+# PTRACE_ATTACH and PTRACE_DETACH
+
+ptrace(0x10, r0)
+ptrace(0x11, r0)
+
+r1 = landlock_create_ruleset(&AUTO={0x100}, AUTO, 0x0)
+landlock_restrict_self(r1, 0x0)
+
+r2 = fork()
+
+ptrace(0x10, r0)
+ptrace(0x11, r0)
+
+ptrace(0x10, r2)
+ptrace(0x11, r2)
+
+r3 = landlock_create_ruleset(&AUTO={0x100}, AUTO, 0x0)
+landlock_restrict_self(r3, 0x0)
+
+ptrace(0x10, r0)
+ptrace(0x11, r0)
+
+ptrace(0x10, r2)
+ptrace(0x11, r2)
+
+# For now, PTRACE_TRACEME is transformed to -1, which returns an error:
+# https://github.com/google/syzkaller/blob/cbd0445ec3b0b184db66966d8a47e6b37d13692e/sys/linux/init.go#L179-L182
+
+ptrace(0x0, 0x0)
author	Mickaël Salaün <mic@linux.microsoft.com>	2021-02-02 10:23:50 +0000
committer	Dmitry Vyukov <dvyukov@google.com>	2021-03-19 16:08:51 +0100
commit	202b9abd57bf407ca295c2fd0027de3ac854c1df (patch)
tree	dff208d906372ac8f20a78fb4768bff7e30bec1e /sys/linux/test
parent	a2e1314e4dc6b1ae80dc161d947034813986999e (diff)