aboutsummaryrefslogtreecommitdiffstats
path: root/sys/linux
diff options
context:
space:
mode:
Diffstat (limited to 'sys/linux')
-rw-r--r--sys/linux/test/landlock_fs_ioctl26
1 files changed, 26 insertions, 0 deletions
diff --git a/sys/linux/test/landlock_fs_ioctl b/sys/linux/test/landlock_fs_ioctl
new file mode 100644
index 000000000..bfdb3e916
--- /dev/null
+++ b/sys/linux/test/landlock_fs_ioctl
@@ -0,0 +1,26 @@
+# Makes a regular file.
+
+mknodat(0xffffffffffffff9c, &AUTO='./file0\x00', 0x81c0, 0x0)
+
+# Creates a ruleset to restrict most filesystem IOCTLs: LANDLOCK_ACCESS_FS_IOCTL.
+
+r0 = landlock_create_ruleset(&AUTO={0x8000, 0x0}, AUTO, 0x0)
+
+# No need to close FDs for this test.
+
+# Enforces the first ruleset.
+
+prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
+landlock_restrict_self(r0, 0x0)
+
+# Opens file in read-write mode after sandboxing.
+
+r1 = openat$dir(0xffffffffffffff9c, &AUTO='./file0\x00', 0x2, 0x0)
+
+# Denied FIOQSIZE IOCTL.
+
+ioctl(r1, 0x5460, 0x0) # EACCES
+
+# Allowed FIOCLEX IOCTL.
+
+ioctl(r1, 0x5451, 0x0)
generated by ggit (джигит) mrf-deployment (git 2.46.0) at 2026-03-29 22:45:16 +0000