From 202b9abd57bf407ca295c2fd0027de3ac854c1df Mon Sep 17 00:00:00 2001
From: Mickaël Salaün <mic@linux.microsoft.com>
Date: Tue, 2 Feb 2021 10:23:50 +0000
Subject: sys/linux/test: add landlock_ptrace
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This test helps cover security/landlock/ptrace.c

Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
---
 sys/linux/test/landlock_ptrace | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 sys/linux/test/landlock_ptrace

(limited to 'sys')

diff --git a/sys/linux/test/landlock_ptrace b/sys/linux/test/landlock_ptrace
new file mode 100644
index 000000000..e3037386d
--- /dev/null
+++ b/sys/linux/test/landlock_ptrace
@@ -0,0 +1,40 @@
+# Creates independent Landlock hierarchies and try different tracer/tracee
+# schemas (without scheduling control).
+#
+# fork() is not available for the following architectures:
+# requires: -arch=arm64 -arch=riscv64
+
+capset(&AUTO={0x20080522, 0x0}, &AUTO={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
+prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
+
+r0 = fork()
+
+# PTRACE_ATTACH and PTRACE_DETACH
+
+ptrace(0x10, r0)
+ptrace(0x11, r0)
+
+r1 = landlock_create_ruleset(&AUTO={0x100}, AUTO, 0x0)
+landlock_restrict_self(r1, 0x0)
+
+r2 = fork()
+
+ptrace(0x10, r0)
+ptrace(0x11, r0)
+
+ptrace(0x10, r2)
+ptrace(0x11, r2)
+
+r3 = landlock_create_ruleset(&AUTO={0x100}, AUTO, 0x0)
+landlock_restrict_self(r3, 0x0)
+
+ptrace(0x10, r0)
+ptrace(0x11, r0)
+
+ptrace(0x10, r2)
+ptrace(0x11, r2)
+
+# For now, PTRACE_TRACEME is transformed to -1, which returns an error:
+# https://github.com/google/syzkaller/blob/cbd0445ec3b0b184db66966d8a47e6b37d13692e/sys/linux/init.go#L179-L182
+
+ptrace(0x0, 0x0)
-- 
cgit mrf-deployment