From patchwork Fri May  6 16:08:10 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>
X-Patchwork-Id: 12841362
Return-Path: <linux-security-module-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4EBBFC433F5
	for <linux-security-module@archiver.kernel.org>;
 Fri,  6 May 2022 16:07:07 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1443449AbiEFQKs (ORCPT
        <rfc822;linux-security-module@archiver.kernel.org>);
        Fri, 6 May 2022 12:10:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43002 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1443432AbiEFQKm (ORCPT
        <rfc822;linux-security-module@vger.kernel.org>);
        Fri, 6 May 2022 12:10:42 -0400
Received: from smtp-bc0b.mail.infomaniak.ch (smtp-bc0b.mail.infomaniak.ch
 [45.157.188.11])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 714DC37BFD
        for <linux-security-module@vger.kernel.org>;
 Fri,  6 May 2022 09:06:59 -0700 (PDT)
Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108])
        by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id
 4KvwS14sS9zMqpmv;
        Fri,  6 May 2022 18:06:57 +0200 (CEST)
Received: from localhost (unknown [23.97.221.149])
        by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id
 4KvwS05F2nzlhMBg;
        Fri,  6 May 2022 18:06:56 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net;
        s=20191114; t=1651853217;
        bh=+g6nltvqYNf1CZKZic5eqqeCIzlw7XGV0BEiW9ZEQ80=;
        h=From:To:Cc:Subject:Date:From;
        b=Z2fF1yW2U0IXfjgHxAffPLaWEtBpl7E9tuO99BpdDQsBtPy3tYzbF7JvW1ckSMkwT
         S158RLiD1+HeLu/ewGy2lH2+VoVjfCK4Kc9B3HUT3LIq4fbLKT+PrS8cLL+IhNZssy
         3D+ddN+4+RpU+hMlGtCKQFrdvfh0069sREXUGhKg=
From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>
To: James Morris <jmorris@namei.org>,
        "Serge E . Hallyn" <serge@hallyn.com>
Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>,
 Jann Horn <jannh@google.com>, Kees Cook <keescook@chromium.org>,
 Konstantin Meskhidze <konstantin.meskhidze@huawei.com>,
 Nathan Chancellor <nathan@kernel.org>,
 Nick Desaulniers <ndesaulniers@google.com>, Paul Moore <paul@paul-moore.com>,
 Shuah Khan <shuah@kernel.org>, linux-api@vger.kernel.org,
 linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: [PATCH v2 00/10] Minor Landlock fixes and new tests
Date: Fri,  6 May 2022 18:08:10 +0200
Message-Id: <20220506160820.524344-1-mic@digikod.net>
MIME-Version: 1.0
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>

Hi,

This series contains some minor code and documentation fixes.  There is
also some miscellaneous new tests to improve coverage and that may help
for future access types (e.g. networking).

The important new patches are the last three ones.  They change the
landlock_add_rule(2) and landlock_restrict_self(2) check orderings to
make them more consistent according to future Landlock rule types (e.g.
networking).

As suggested by Alejandro Colomar [1], I removed the
landlock_add_rule(2) signature fix.  I added a new patch to test O_PATH
behavior.

Test coverage for security/landlock was 94.4% of 500 lines, and it is
now 94.4% of 504 lines according to gcc/gcov-11.

I also fixed some typos and formatted the code with clang-format.  This
series can be applied on top of
https://lore.kernel.org/r/20220506160513.523257-1-mic@digikod.net

[1] https://lore.kernel.org/r/ae52c028-05c7-c22e-fc47-d97ee4a2f6c7@gmail.com

Previous version:
https://lore.kernel.org/r/20220221155311.166278-1-mic@digikod.net

Regards,

Mickaël Salaün (10):
  landlock: Fix landlock_add_rule(2) documentation
  selftests/landlock: Make tests build with old libc
  selftests/landlock: Extend tests for minimal valid attribute size
  selftests/landlock: Add tests for unknown access rights
  selftests/landlock: Extend access right tests to directories
  selftests/landlock: Fully test file rename with "remove" access
  selftests/landlock: Add tests for O_PATH
  landlock: Change landlock_add_rule(2) argument check ordering
  landlock: Change landlock_restrict_self(2) check ordering
  selftests/landlock: Test landlock_create_ruleset(2) argument check
    ordering

 include/uapi/linux/landlock.h                |   5 +-
 security/landlock/syscalls.c                 |  37 +++---
 tools/testing/selftests/landlock/base_test.c | 107 +++++++++++++++--
 tools/testing/selftests/landlock/fs_test.c   | 120 ++++++++++++++++---
 4 files changed, 218 insertions(+), 51 deletions(-)


base-commit: 763c5dc0e990fbd803c3c2b1ae832366ab7d207f