]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
f6281133 | 2 | |
f5947a5e | 3 | #include <fcntl.h> |
d7e454ba | 4 | #include <poll.h> |
f6281133 LP |
5 | #include <stdlib.h> |
6 | #include <sys/eventfd.h> | |
469830d1 | 7 | #include <sys/mman.h> |
78e864e5 | 8 | #include <sys/personality.h> |
2a65bd94 | 9 | #include <sys/shm.h> |
dff6c629 | 10 | #include <sys/syscall.h> |
2a65bd94 ZJS |
11 | #include <sys/types.h> |
12 | #include <unistd.h> | |
f6281133 | 13 | |
add00535 | 14 | #include "alloc-util.h" |
f6281133 | 15 | #include "fd-util.h" |
3c14dc61 | 16 | #include "fileio.h" |
f6281133 | 17 | #include "macro.h" |
0a970718 | 18 | #include "memory-util.h" |
f5947a5e | 19 | #include "missing_sched.h" |
add00535 | 20 | #include "nsflags.h" |
d8b4d14d | 21 | #include "nulstr-util.h" |
f6281133 | 22 | #include "process-util.h" |
add00535 | 23 | #include "raw-clone.h" |
167fc10c | 24 | #include "rm-rf.h" |
f6281133 | 25 | #include "seccomp-util.h" |
469830d1 | 26 | #include "set.h" |
aa34055f | 27 | #include "string-util.h" |
6d7c4033 | 28 | #include "tests.h" |
167fc10c | 29 | #include "tmpfile-util.h" |
469830d1 | 30 | #include "virt.h" |
f6281133 | 31 | |
4df8fe84 | 32 | /* __NR_socket may be invalid due to libseccomp */ |
fb4b0465 | 33 | #if !defined(__NR_socket) || __NR_socket < 0 || defined(__i386__) || defined(__s390x__) || defined(__s390__) |
da1921a5 ZJS |
34 | /* On these archs, socket() is implemented via the socketcall() syscall multiplexer, |
35 | * and we can't restrict it hence via seccomp. */ | |
36 | # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 1 | |
37 | #else | |
38 | # define SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN 0 | |
39 | #endif | |
40 | ||
f6281133 LP |
41 | static void test_seccomp_arch_to_string(void) { |
42 | uint32_t a, b; | |
43 | const char *name; | |
44 | ||
f09da7cc ZJS |
45 | log_info("/* %s */", __func__); |
46 | ||
f6281133 LP |
47 | a = seccomp_arch_native(); |
48 | assert_se(a > 0); | |
49 | name = seccomp_arch_to_string(a); | |
50 | assert_se(name); | |
51 | assert_se(seccomp_arch_from_string(name, &b) >= 0); | |
52 | assert_se(a == b); | |
53 | } | |
54 | ||
aa34055f ZJS |
55 | static void test_architecture_table(void) { |
56 | const char *n, *n2; | |
57 | ||
f09da7cc ZJS |
58 | log_info("/* %s */", __func__); |
59 | ||
aa34055f ZJS |
60 | NULSTR_FOREACH(n, |
61 | "native\0" | |
62 | "x86\0" | |
63 | "x86-64\0" | |
64 | "x32\0" | |
65 | "arm\0" | |
66 | "arm64\0" | |
67 | "mips\0" | |
68 | "mips64\0" | |
69 | "mips64-n32\0" | |
70 | "mips-le\0" | |
71 | "mips64-le\0" | |
72 | "mips64-le-n32\0" | |
73 | "ppc\0" | |
74 | "ppc64\0" | |
75 | "ppc64-le\0" | |
76 | "s390\0" | |
77 | "s390x\0") { | |
78 | uint32_t c; | |
79 | ||
80 | assert_se(seccomp_arch_from_string(n, &c) >= 0); | |
81 | n2 = seccomp_arch_to_string(c); | |
82 | log_info("seccomp-arch: %s → 0x%"PRIx32" → %s", n, c, n2); | |
83 | assert_se(streq_ptr(n, n2)); | |
84 | } | |
85 | } | |
86 | ||
f6281133 | 87 | static void test_syscall_filter_set_find(void) { |
f09da7cc ZJS |
88 | log_info("/* %s */", __func__); |
89 | ||
f6281133 LP |
90 | assert_se(!syscall_filter_set_find(NULL)); |
91 | assert_se(!syscall_filter_set_find("")); | |
92 | assert_se(!syscall_filter_set_find("quux")); | |
93 | assert_se(!syscall_filter_set_find("@quux")); | |
94 | ||
95 | assert_se(syscall_filter_set_find("@clock") == syscall_filter_sets + SYSCALL_FILTER_SET_CLOCK); | |
96 | assert_se(syscall_filter_set_find("@default") == syscall_filter_sets + SYSCALL_FILTER_SET_DEFAULT); | |
97 | assert_se(syscall_filter_set_find("@raw-io") == syscall_filter_sets + SYSCALL_FILTER_SET_RAW_IO); | |
98 | } | |
99 | ||
100 | static void test_filter_sets(void) { | |
f09da7cc ZJS |
101 | log_info("/* %s */", __func__); |
102 | ||
cd90ec75 YW |
103 | if (!is_seccomp_available()) { |
104 | log_notice("Seccomp not available, skipping %s", __func__); | |
f6281133 | 105 | return; |
cd90ec75 YW |
106 | } |
107 | if (geteuid() != 0) { | |
108 | log_notice("Not root, skipping %s", __func__); | |
f6281133 | 109 | return; |
cd90ec75 | 110 | } |
f6281133 | 111 | |
604b163a | 112 | for (unsigned i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) { |
f6281133 LP |
113 | pid_t pid; |
114 | ||
115 | log_info("Testing %s", syscall_filter_sets[i].name); | |
116 | ||
117 | pid = fork(); | |
118 | assert_se(pid >= 0); | |
119 | ||
120 | if (pid == 0) { /* Child? */ | |
604b163a | 121 | int fd, r; |
f6281133 | 122 | |
6b000af4 | 123 | /* If we look at the default set (or one that includes it), allow-list instead of deny-list */ |
70526841 | 124 | if (IN_SET(i, SYSCALL_FILTER_SET_DEFAULT, SYSCALL_FILTER_SET_SYSTEM_SERVICE)) |
b54f36c6 | 125 | r = seccomp_load_syscall_filter_set(SCMP_ACT_ERRNO(EUCLEAN), syscall_filter_sets + i, SCMP_ACT_ALLOW, true); |
f6281133 | 126 | else |
b54f36c6 | 127 | r = seccomp_load_syscall_filter_set(SCMP_ACT_ALLOW, syscall_filter_sets + i, SCMP_ACT_ERRNO(EUCLEAN), true); |
f6281133 LP |
128 | if (r < 0) |
129 | _exit(EXIT_FAILURE); | |
130 | ||
131 | /* Test the sycall filter with one random system call */ | |
132 | fd = eventfd(0, EFD_NONBLOCK|EFD_CLOEXEC); | |
133 | if (IN_SET(i, SYSCALL_FILTER_SET_IO_EVENT, SYSCALL_FILTER_SET_DEFAULT)) | |
469830d1 | 134 | assert_se(fd < 0 && errno == EUCLEAN); |
f6281133 LP |
135 | else { |
136 | assert_se(fd >= 0); | |
137 | safe_close(fd); | |
138 | } | |
139 | ||
140 | _exit(EXIT_SUCCESS); | |
141 | } | |
142 | ||
7d4904fe | 143 | assert_se(wait_for_terminate_and_check(syscall_filter_sets[i].name, pid, WAIT_LOG) == EXIT_SUCCESS); |
f6281133 LP |
144 | } |
145 | } | |
146 | ||
23e12f8e ZJS |
147 | static void test_filter_sets_ordered(void) { |
148 | size_t i; | |
149 | ||
f09da7cc ZJS |
150 | log_info("/* %s */", __func__); |
151 | ||
23e12f8e ZJS |
152 | /* Ensure "@default" always remains at the beginning of the list */ |
153 | assert_se(SYSCALL_FILTER_SET_DEFAULT == 0); | |
154 | assert_se(streq(syscall_filter_sets[0].name, "@default")); | |
155 | ||
156 | for (i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) { | |
157 | const char *k, *p = NULL; | |
158 | ||
159 | /* Make sure each group has a description */ | |
160 | assert_se(!isempty(syscall_filter_sets[0].help)); | |
161 | ||
162 | /* Make sure the groups are ordered alphabetically, except for the first entry */ | |
163 | assert_se(i < 2 || strcmp(syscall_filter_sets[i-1].name, syscall_filter_sets[i].name) < 0); | |
164 | ||
165 | NULSTR_FOREACH(k, syscall_filter_sets[i].value) { | |
166 | ||
167 | /* Ensure each syscall list is in itself ordered, but groups before names */ | |
168 | assert_se(!p || | |
169 | (*p == '@' && *k != '@') || | |
170 | (((*p == '@' && *k == '@') || | |
171 | (*p != '@' && *k != '@')) && | |
172 | strcmp(p, k) < 0)); | |
173 | ||
174 | p = k; | |
175 | } | |
176 | } | |
177 | } | |
178 | ||
add00535 | 179 | static void test_restrict_namespace(void) { |
86c2a9f1 | 180 | char *s = NULL; |
add00535 | 181 | unsigned long ul; |
469830d1 | 182 | pid_t pid; |
add00535 | 183 | |
5f00dc4d LP |
184 | if (!have_namespaces()) { |
185 | log_notice("Testing without namespaces, skipping %s", __func__); | |
186 | return; | |
187 | } | |
188 | ||
f09da7cc ZJS |
189 | log_info("/* %s */", __func__); |
190 | ||
dd0395b5 | 191 | assert_se(namespace_flags_to_string(0, &s) == 0 && isempty(s)); |
86c2a9f1 YW |
192 | s = mfree(s); |
193 | assert_se(namespace_flags_to_string(CLONE_NEWNS, &s) == 0 && streq(s, "mnt")); | |
194 | s = mfree(s); | |
195 | assert_se(namespace_flags_to_string(CLONE_NEWNS|CLONE_NEWIPC, &s) == 0 && streq(s, "ipc mnt")); | |
196 | s = mfree(s); | |
197 | assert_se(namespace_flags_to_string(CLONE_NEWCGROUP, &s) == 0 && streq(s, "cgroup")); | |
198 | s = mfree(s); | |
199 | ||
200 | assert_se(namespace_flags_from_string("mnt", &ul) == 0 && ul == CLONE_NEWNS); | |
201 | assert_se(namespace_flags_from_string(NULL, &ul) == 0 && ul == 0); | |
202 | assert_se(namespace_flags_from_string("", &ul) == 0 && ul == 0); | |
203 | assert_se(namespace_flags_from_string("uts", &ul) == 0 && ul == CLONE_NEWUTS); | |
204 | assert_se(namespace_flags_from_string("mnt uts ipc", &ul) == 0 && ul == (CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC)); | |
205 | ||
206 | assert_se(namespace_flags_to_string(CLONE_NEWUTS, &s) == 0 && streq(s, "uts")); | |
207 | assert_se(namespace_flags_from_string(s, &ul) == 0 && ul == CLONE_NEWUTS); | |
208 | s = mfree(s); | |
209 | assert_se(namespace_flags_from_string("ipc", &ul) == 0 && ul == CLONE_NEWIPC); | |
210 | assert_se(namespace_flags_to_string(ul, &s) == 0 && streq(s, "ipc")); | |
211 | s = mfree(s); | |
212 | ||
213 | assert_se(namespace_flags_to_string(NAMESPACE_FLAGS_ALL, &s) == 0); | |
add00535 | 214 | assert_se(streq(s, "cgroup ipc net mnt pid user uts")); |
86c2a9f1 YW |
215 | assert_se(namespace_flags_from_string(s, &ul) == 0 && ul == NAMESPACE_FLAGS_ALL); |
216 | s = mfree(s); | |
add00535 | 217 | |
cd90ec75 YW |
218 | if (!is_seccomp_available()) { |
219 | log_notice("Seccomp not available, skipping remaining tests in %s", __func__); | |
add00535 | 220 | return; |
cd90ec75 YW |
221 | } |
222 | if (geteuid() != 0) { | |
223 | log_notice("Not root, skipping remaining tests in %s", __func__); | |
add00535 | 224 | return; |
cd90ec75 | 225 | } |
add00535 LP |
226 | |
227 | pid = fork(); | |
228 | assert_se(pid >= 0); | |
229 | ||
230 | if (pid == 0) { | |
231 | ||
232 | assert_se(seccomp_restrict_namespaces(CLONE_NEWNS|CLONE_NEWNET) >= 0); | |
233 | ||
234 | assert_se(unshare(CLONE_NEWNS) == 0); | |
235 | assert_se(unshare(CLONE_NEWNET) == 0); | |
236 | assert_se(unshare(CLONE_NEWUTS) == -1); | |
237 | assert_se(errno == EPERM); | |
238 | assert_se(unshare(CLONE_NEWIPC) == -1); | |
239 | assert_se(errno == EPERM); | |
240 | assert_se(unshare(CLONE_NEWNET|CLONE_NEWUTS) == -1); | |
241 | assert_se(errno == EPERM); | |
242 | ||
243 | /* We use fd 0 (stdin) here, which of course will fail with EINVAL on setns(). Except of course our | |
244 | * seccomp filter worked, and hits first and makes it return EPERM */ | |
245 | assert_se(setns(0, CLONE_NEWNS) == -1); | |
246 | assert_se(errno == EINVAL); | |
247 | assert_se(setns(0, CLONE_NEWNET) == -1); | |
248 | assert_se(errno == EINVAL); | |
249 | assert_se(setns(0, CLONE_NEWUTS) == -1); | |
250 | assert_se(errno == EPERM); | |
251 | assert_se(setns(0, CLONE_NEWIPC) == -1); | |
252 | assert_se(errno == EPERM); | |
253 | assert_se(setns(0, CLONE_NEWNET|CLONE_NEWUTS) == -1); | |
254 | assert_se(errno == EPERM); | |
255 | assert_se(setns(0, 0) == -1); | |
256 | assert_se(errno == EPERM); | |
257 | ||
258 | pid = raw_clone(CLONE_NEWNS); | |
259 | assert_se(pid >= 0); | |
260 | if (pid == 0) | |
261 | _exit(EXIT_SUCCESS); | |
262 | pid = raw_clone(CLONE_NEWNET); | |
263 | assert_se(pid >= 0); | |
264 | if (pid == 0) | |
265 | _exit(EXIT_SUCCESS); | |
266 | pid = raw_clone(CLONE_NEWUTS); | |
267 | assert_se(pid < 0); | |
268 | assert_se(errno == EPERM); | |
269 | pid = raw_clone(CLONE_NEWIPC); | |
270 | assert_se(pid < 0); | |
271 | assert_se(errno == EPERM); | |
272 | pid = raw_clone(CLONE_NEWNET|CLONE_NEWUTS); | |
273 | assert_se(pid < 0); | |
274 | assert_se(errno == EPERM); | |
275 | ||
276 | _exit(EXIT_SUCCESS); | |
277 | } | |
278 | ||
7d4904fe | 279 | assert_se(wait_for_terminate_and_check("nsseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); |
add00535 LP |
280 | } |
281 | ||
469830d1 LP |
282 | static void test_protect_sysctl(void) { |
283 | pid_t pid; | |
3c14dc61 | 284 | _cleanup_free_ char *seccomp = NULL; |
469830d1 | 285 | |
f09da7cc ZJS |
286 | log_info("/* %s */", __func__); |
287 | ||
cd90ec75 YW |
288 | if (!is_seccomp_available()) { |
289 | log_notice("Seccomp not available, skipping %s", __func__); | |
469830d1 | 290 | return; |
cd90ec75 YW |
291 | } |
292 | if (geteuid() != 0) { | |
293 | log_notice("Not root, skipping %s", __func__); | |
469830d1 | 294 | return; |
cd90ec75 | 295 | } |
469830d1 | 296 | |
cd90ec75 YW |
297 | /* in containers _sysctl() is likely missing anyway */ |
298 | if (detect_container() > 0) { | |
299 | log_notice("Testing in container, skipping %s", __func__); | |
469830d1 | 300 | return; |
cd90ec75 | 301 | } |
469830d1 | 302 | |
3c14dc61 TM |
303 | assert_se(get_proc_field("/proc/self/status", "Seccomp", WHITESPACE, &seccomp) == 0); |
304 | if (!streq(seccomp, "0")) | |
305 | log_warning("Warning: seccomp filter detected, results may be unreliable for %s", __func__); | |
306 | ||
469830d1 LP |
307 | pid = fork(); |
308 | assert_se(pid >= 0); | |
309 | ||
310 | if (pid == 0) { | |
fb4b0465 | 311 | #if defined __NR__sysctl && __NR__sysctl >= 0 |
469830d1 LP |
312 | assert_se(syscall(__NR__sysctl, NULL) < 0); |
313 | assert_se(errno == EFAULT); | |
2e64e8f4 | 314 | #endif |
469830d1 LP |
315 | |
316 | assert_se(seccomp_protect_sysctl() >= 0); | |
317 | ||
fb4b0465 | 318 | #if defined __NR__sysctl && __NR__sysctl >= 0 |
469830d1 LP |
319 | assert_se(syscall(__NR__sysctl, 0, 0, 0) < 0); |
320 | assert_se(errno == EPERM); | |
2e64e8f4 | 321 | #endif |
469830d1 LP |
322 | |
323 | _exit(EXIT_SUCCESS); | |
324 | } | |
325 | ||
7d4904fe | 326 | assert_se(wait_for_terminate_and_check("sysctlseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); |
469830d1 LP |
327 | } |
328 | ||
97d05f3b KK |
329 | static void test_protect_syslog(void) { |
330 | pid_t pid; | |
331 | ||
332 | log_info("/* %s */", __func__); | |
333 | ||
334 | if (!is_seccomp_available()) { | |
335 | log_notice("Seccomp not available, skipping %s", __func__); | |
336 | return; | |
337 | } | |
338 | if (geteuid() != 0) { | |
339 | log_notice("Not root, skipping %s", __func__); | |
340 | return; | |
341 | } | |
342 | ||
343 | /* in containers syslog() is likely missing anyway */ | |
344 | if (detect_container() > 0) { | |
345 | log_notice("Testing in container, skipping %s", __func__); | |
346 | return; | |
347 | } | |
348 | ||
349 | pid = fork(); | |
350 | assert_se(pid >= 0); | |
351 | ||
352 | if (pid == 0) { | |
fb4b0465 | 353 | #if defined __NR_syslog && __NR_syslog >= 0 |
97d05f3b KK |
354 | assert_se(syscall(__NR_syslog, -1, NULL, 0) < 0); |
355 | assert_se(errno == EINVAL); | |
356 | #endif | |
357 | ||
358 | assert_se(seccomp_protect_syslog() >= 0); | |
359 | ||
fb4b0465 | 360 | #if defined __NR_syslog && __NR_syslog >= 0 |
97d05f3b KK |
361 | assert_se(syscall(__NR_syslog, 0, 0, 0) < 0); |
362 | assert_se(errno == EPERM); | |
363 | #endif | |
364 | ||
365 | _exit(EXIT_SUCCESS); | |
366 | } | |
367 | ||
368 | assert_se(wait_for_terminate_and_check("syslogseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); | |
369 | } | |
370 | ||
469830d1 LP |
371 | static void test_restrict_address_families(void) { |
372 | pid_t pid; | |
373 | ||
f09da7cc ZJS |
374 | log_info("/* %s */", __func__); |
375 | ||
cd90ec75 YW |
376 | if (!is_seccomp_available()) { |
377 | log_notice("Seccomp not available, skipping %s", __func__); | |
469830d1 | 378 | return; |
cd90ec75 YW |
379 | } |
380 | if (geteuid() != 0) { | |
381 | log_notice("Not root, skipping %s", __func__); | |
469830d1 | 382 | return; |
cd90ec75 | 383 | } |
469830d1 LP |
384 | |
385 | pid = fork(); | |
386 | assert_se(pid >= 0); | |
387 | ||
388 | if (pid == 0) { | |
389 | int fd; | |
390 | Set *s; | |
391 | ||
392 | fd = socket(AF_INET, SOCK_DGRAM, 0); | |
393 | assert_se(fd >= 0); | |
394 | safe_close(fd); | |
395 | ||
396 | fd = socket(AF_UNIX, SOCK_DGRAM, 0); | |
397 | assert_se(fd >= 0); | |
398 | safe_close(fd); | |
399 | ||
400 | fd = socket(AF_NETLINK, SOCK_DGRAM, 0); | |
401 | assert_se(fd >= 0); | |
402 | safe_close(fd); | |
403 | ||
404 | assert_se(s = set_new(NULL)); | |
405 | assert_se(set_put(s, INT_TO_PTR(AF_UNIX)) >= 0); | |
406 | ||
407 | assert_se(seccomp_restrict_address_families(s, false) >= 0); | |
408 | ||
409 | fd = socket(AF_INET, SOCK_DGRAM, 0); | |
410 | assert_se(fd >= 0); | |
411 | safe_close(fd); | |
412 | ||
ad8f1479 | 413 | fd = socket(AF_UNIX, SOCK_DGRAM, 0); |
dce0e620 | 414 | #if SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN |
ad8f1479 LP |
415 | assert_se(fd >= 0); |
416 | safe_close(fd); | |
417 | #else | |
dce0e620 | 418 | assert_se(fd < 0); |
469830d1 | 419 | assert_se(errno == EAFNOSUPPORT); |
ad8f1479 | 420 | #endif |
469830d1 LP |
421 | |
422 | fd = socket(AF_NETLINK, SOCK_DGRAM, 0); | |
423 | assert_se(fd >= 0); | |
424 | safe_close(fd); | |
425 | ||
426 | set_clear(s); | |
427 | ||
428 | assert_se(set_put(s, INT_TO_PTR(AF_INET)) >= 0); | |
429 | ||
430 | assert_se(seccomp_restrict_address_families(s, true) >= 0); | |
431 | ||
432 | fd = socket(AF_INET, SOCK_DGRAM, 0); | |
433 | assert_se(fd >= 0); | |
434 | safe_close(fd); | |
435 | ||
ad8f1479 | 436 | fd = socket(AF_UNIX, SOCK_DGRAM, 0); |
dce0e620 | 437 | #if SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN |
ad8f1479 LP |
438 | assert_se(fd >= 0); |
439 | safe_close(fd); | |
dce0e620 ZJS |
440 | #else |
441 | assert_se(fd < 0); | |
442 | assert_se(errno == EAFNOSUPPORT); | |
443 | #endif | |
ad8f1479 LP |
444 | |
445 | fd = socket(AF_NETLINK, SOCK_DGRAM, 0); | |
dce0e620 | 446 | #if SECCOMP_RESTRICT_ADDRESS_FAMILIES_BROKEN |
ad8f1479 LP |
447 | assert_se(fd >= 0); |
448 | safe_close(fd); | |
449 | #else | |
dce0e620 | 450 | assert_se(fd < 0); |
469830d1 | 451 | assert_se(errno == EAFNOSUPPORT); |
ad8f1479 | 452 | #endif |
469830d1 LP |
453 | |
454 | _exit(EXIT_SUCCESS); | |
455 | } | |
456 | ||
7d4904fe | 457 | assert_se(wait_for_terminate_and_check("socketseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); |
469830d1 LP |
458 | } |
459 | ||
460 | static void test_restrict_realtime(void) { | |
461 | pid_t pid; | |
462 | ||
f09da7cc ZJS |
463 | log_info("/* %s */", __func__); |
464 | ||
cd90ec75 YW |
465 | if (!is_seccomp_available()) { |
466 | log_notice("Seccomp not available, skipping %s", __func__); | |
469830d1 | 467 | return; |
cd90ec75 YW |
468 | } |
469 | if (geteuid() != 0) { | |
470 | log_notice("Not root, skipping %s", __func__); | |
469830d1 | 471 | return; |
cd90ec75 | 472 | } |
469830d1 | 473 | |
cd90ec75 YW |
474 | /* in containers RT privs are likely missing anyway */ |
475 | if (detect_container() > 0) { | |
476 | log_notice("Testing in container, skipping %s", __func__); | |
469830d1 | 477 | return; |
cd90ec75 | 478 | } |
469830d1 LP |
479 | |
480 | pid = fork(); | |
481 | assert_se(pid >= 0); | |
482 | ||
483 | if (pid == 0) { | |
484 | assert_se(sched_setscheduler(0, SCHED_FIFO, &(struct sched_param) { .sched_priority = 1 }) >= 0); | |
485 | assert_se(sched_setscheduler(0, SCHED_RR, &(struct sched_param) { .sched_priority = 1 }) >= 0); | |
486 | assert_se(sched_setscheduler(0, SCHED_IDLE, &(struct sched_param) { .sched_priority = 0 }) >= 0); | |
487 | assert_se(sched_setscheduler(0, SCHED_BATCH, &(struct sched_param) { .sched_priority = 0 }) >= 0); | |
488 | assert_se(sched_setscheduler(0, SCHED_OTHER, &(struct sched_param) {}) >= 0); | |
489 | ||
490 | assert_se(seccomp_restrict_realtime() >= 0); | |
491 | ||
492 | assert_se(sched_setscheduler(0, SCHED_IDLE, &(struct sched_param) { .sched_priority = 0 }) >= 0); | |
493 | assert_se(sched_setscheduler(0, SCHED_BATCH, &(struct sched_param) { .sched_priority = 0 }) >= 0); | |
494 | assert_se(sched_setscheduler(0, SCHED_OTHER, &(struct sched_param) {}) >= 0); | |
495 | ||
496 | assert_se(sched_setscheduler(0, SCHED_FIFO, &(struct sched_param) { .sched_priority = 1 }) < 0); | |
497 | assert_se(errno == EPERM); | |
498 | assert_se(sched_setscheduler(0, SCHED_RR, &(struct sched_param) { .sched_priority = 1 }) < 0); | |
499 | assert_se(errno == EPERM); | |
500 | ||
501 | _exit(EXIT_SUCCESS); | |
502 | } | |
503 | ||
7d4904fe | 504 | assert_se(wait_for_terminate_and_check("realtimeseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); |
469830d1 LP |
505 | } |
506 | ||
2a65bd94 | 507 | static void test_memory_deny_write_execute_mmap(void) { |
469830d1 LP |
508 | pid_t pid; |
509 | ||
f09da7cc ZJS |
510 | log_info("/* %s */", __func__); |
511 | ||
cd90ec75 YW |
512 | if (!is_seccomp_available()) { |
513 | log_notice("Seccomp not available, skipping %s", __func__); | |
469830d1 | 514 | return; |
cd90ec75 YW |
515 | } |
516 | if (geteuid() != 0) { | |
517 | log_notice("Not root, skipping %s", __func__); | |
469830d1 | 518 | return; |
cd90ec75 | 519 | } |
469830d1 LP |
520 | |
521 | pid = fork(); | |
522 | assert_se(pid >= 0); | |
523 | ||
524 | if (pid == 0) { | |
525 | void *p; | |
526 | ||
527 | p = mmap(NULL, page_size(), PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1,0); | |
528 | assert_se(p != MAP_FAILED); | |
529 | assert_se(munmap(p, page_size()) >= 0); | |
530 | ||
8a50cf69 LP |
531 | p = mmap(NULL, page_size(), PROT_WRITE|PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1,0); |
532 | assert_se(p != MAP_FAILED); | |
533 | assert_se(munmap(p, page_size()) >= 0); | |
469830d1 | 534 | |
8a50cf69 LP |
535 | assert_se(seccomp_memory_deny_write_execute() >= 0); |
536 | ||
8a50cf69 | 537 | p = mmap(NULL, page_size(), PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1,0); |
4278d1f5 | 538 | #if defined(__x86_64__) || defined(__i386__) || defined(__powerpc64__) || defined(__arm__) || defined(__aarch64__) |
469830d1 LP |
539 | assert_se(p == MAP_FAILED); |
540 | assert_se(errno == EPERM); | |
8a50cf69 | 541 | #endif |
49219b5c CE |
542 | /* Depending on kernel, libseccomp, and glibc versions, other architectures |
543 | * might fail or not. Let's not assert success. */ | |
544 | if (p != MAP_FAILED) | |
545 | assert_se(munmap(p, page_size()) == 0); | |
469830d1 LP |
546 | |
547 | p = mmap(NULL, page_size(), PROT_WRITE|PROT_READ, MAP_PRIVATE|MAP_ANONYMOUS, -1,0); | |
548 | assert_se(p != MAP_FAILED); | |
549 | assert_se(munmap(p, page_size()) >= 0); | |
550 | ||
551 | _exit(EXIT_SUCCESS); | |
552 | } | |
553 | ||
7d4904fe | 554 | assert_se(wait_for_terminate_and_check("memoryseccomp-mmap", pid, WAIT_LOG) == EXIT_SUCCESS); |
2a65bd94 ZJS |
555 | } |
556 | ||
557 | static void test_memory_deny_write_execute_shmat(void) { | |
558 | int shmid; | |
559 | pid_t pid; | |
e55bdf9b | 560 | uint32_t arch; |
2a65bd94 | 561 | |
f09da7cc ZJS |
562 | log_info("/* %s */", __func__); |
563 | ||
e55bdf9b ZJS |
564 | SECCOMP_FOREACH_LOCAL_ARCH(arch) { |
565 | log_debug("arch %s: SCMP_SYS(mmap) = %d", seccomp_arch_to_string(arch), SCMP_SYS(mmap)); | |
566 | log_debug("arch %s: SCMP_SYS(mmap2) = %d", seccomp_arch_to_string(arch), SCMP_SYS(mmap2)); | |
567 | log_debug("arch %s: SCMP_SYS(shmget) = %d", seccomp_arch_to_string(arch), SCMP_SYS(shmget)); | |
568 | log_debug("arch %s: SCMP_SYS(shmat) = %d", seccomp_arch_to_string(arch), SCMP_SYS(shmat)); | |
569 | log_debug("arch %s: SCMP_SYS(shmdt) = %d", seccomp_arch_to_string(arch), SCMP_SYS(shmdt)); | |
570 | } | |
571 | ||
cd90ec75 YW |
572 | if (!is_seccomp_available()) { |
573 | log_notice("Seccomp not available, skipping %s", __func__); | |
2a65bd94 | 574 | return; |
cd90ec75 YW |
575 | } |
576 | if (geteuid() != 0) { | |
577 | log_notice("Not root, skipping %s", __func__); | |
2a65bd94 | 578 | return; |
cd90ec75 | 579 | } |
2a65bd94 ZJS |
580 | |
581 | shmid = shmget(IPC_PRIVATE, page_size(), 0); | |
582 | assert_se(shmid >= 0); | |
583 | ||
584 | pid = fork(); | |
585 | assert_se(pid >= 0); | |
586 | ||
587 | if (pid == 0) { | |
588 | void *p; | |
589 | ||
590 | p = shmat(shmid, NULL, 0); | |
591 | assert_se(p != MAP_FAILED); | |
592 | assert_se(shmdt(p) == 0); | |
593 | ||
594 | p = shmat(shmid, NULL, SHM_EXEC); | |
595 | assert_se(p != MAP_FAILED); | |
596 | assert_se(shmdt(p) == 0); | |
597 | ||
598 | assert_se(seccomp_memory_deny_write_execute() >= 0); | |
599 | ||
600 | p = shmat(shmid, NULL, SHM_EXEC); | |
67fb5f33 | 601 | log_debug_errno(p == MAP_FAILED ? errno : 0, "shmat(SHM_EXEC): %m"); |
4278d1f5 | 602 | #if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) |
2a65bd94 ZJS |
603 | assert_se(p == MAP_FAILED); |
604 | assert_se(errno == EPERM); | |
2a65bd94 | 605 | #endif |
67fb5f33 ZJS |
606 | /* Depending on kernel, libseccomp, and glibc versions, other architectures |
607 | * might fail or not. Let's not assert success. */ | |
608 | if (p != MAP_FAILED) | |
609 | assert_se(shmdt(p) == 0); | |
2a65bd94 ZJS |
610 | |
611 | p = shmat(shmid, NULL, 0); | |
67fb5f33 | 612 | log_debug_errno(p == MAP_FAILED ? errno : 0, "shmat(0): %m"); |
2a65bd94 ZJS |
613 | assert_se(p != MAP_FAILED); |
614 | assert_se(shmdt(p) == 0); | |
615 | ||
616 | _exit(EXIT_SUCCESS); | |
617 | } | |
618 | ||
7d4904fe | 619 | assert_se(wait_for_terminate_and_check("memoryseccomp-shmat", pid, WAIT_LOG) == EXIT_SUCCESS); |
469830d1 LP |
620 | } |
621 | ||
622 | static void test_restrict_archs(void) { | |
623 | pid_t pid; | |
624 | ||
f09da7cc ZJS |
625 | log_info("/* %s */", __func__); |
626 | ||
cd90ec75 YW |
627 | if (!is_seccomp_available()) { |
628 | log_notice("Seccomp not available, skipping %s", __func__); | |
469830d1 | 629 | return; |
cd90ec75 YW |
630 | } |
631 | if (geteuid() != 0) { | |
632 | log_notice("Not root, skipping %s", __func__); | |
469830d1 | 633 | return; |
cd90ec75 | 634 | } |
469830d1 LP |
635 | |
636 | pid = fork(); | |
637 | assert_se(pid >= 0); | |
638 | ||
639 | if (pid == 0) { | |
640 | _cleanup_set_free_ Set *s = NULL; | |
641 | ||
642 | assert_se(access("/", F_OK) >= 0); | |
643 | ||
644 | assert_se(s = set_new(NULL)); | |
645 | ||
646 | #ifdef __x86_64__ | |
647 | assert_se(set_put(s, UINT32_TO_PTR(SCMP_ARCH_X86+1)) >= 0); | |
648 | #endif | |
649 | assert_se(seccomp_restrict_archs(s) >= 0); | |
650 | ||
651 | assert_se(access("/", F_OK) >= 0); | |
652 | assert_se(seccomp_restrict_archs(NULL) >= 0); | |
653 | ||
654 | assert_se(access("/", F_OK) >= 0); | |
655 | ||
656 | _exit(EXIT_SUCCESS); | |
657 | } | |
658 | ||
7d4904fe | 659 | assert_se(wait_for_terminate_and_check("archseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); |
469830d1 LP |
660 | } |
661 | ||
662 | static void test_load_syscall_filter_set_raw(void) { | |
663 | pid_t pid; | |
664 | ||
f09da7cc ZJS |
665 | log_info("/* %s */", __func__); |
666 | ||
cd90ec75 YW |
667 | if (!is_seccomp_available()) { |
668 | log_notice("Seccomp not available, skipping %s", __func__); | |
469830d1 | 669 | return; |
cd90ec75 YW |
670 | } |
671 | if (geteuid() != 0) { | |
672 | log_notice("Not root, skipping %s", __func__); | |
469830d1 | 673 | return; |
cd90ec75 | 674 | } |
469830d1 LP |
675 | |
676 | pid = fork(); | |
677 | assert_se(pid >= 0); | |
678 | ||
679 | if (pid == 0) { | |
b4891260 | 680 | _cleanup_hashmap_free_ Hashmap *s = NULL; |
469830d1 LP |
681 | |
682 | assert_se(access("/", F_OK) >= 0); | |
683 | assert_se(poll(NULL, 0, 0) == 0); | |
684 | ||
7bbc229c | 685 | assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, NULL, scmp_act_kill_process(), true) >= 0); |
469830d1 LP |
686 | assert_se(access("/", F_OK) >= 0); |
687 | assert_se(poll(NULL, 0, 0) == 0); | |
688 | ||
b4891260 | 689 | assert_se(s = hashmap_new(NULL)); |
fb4b0465 | 690 | #if defined __NR_access && __NR_access >= 0 |
b4891260 | 691 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0); |
f60a865a | 692 | #else |
b4891260 | 693 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0); |
f60a865a | 694 | #endif |
469830d1 | 695 | |
b54f36c6 | 696 | assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN), true) >= 0); |
469830d1 LP |
697 | |
698 | assert_se(access("/", F_OK) < 0); | |
699 | assert_se(errno == EUCLEAN); | |
700 | ||
701 | assert_se(poll(NULL, 0, 0) == 0); | |
702 | ||
b4891260 | 703 | s = hashmap_free(s); |
469830d1 | 704 | |
b4891260 | 705 | assert_se(s = hashmap_new(NULL)); |
fb4b0465 | 706 | #if defined __NR_access && __NR_access >= 0 |
b4891260 YW |
707 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(EILSEQ)) >= 0); |
708 | #else | |
709 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(EILSEQ)) >= 0); | |
710 | #endif | |
711 | ||
b54f36c6 | 712 | assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN), true) >= 0); |
b4891260 YW |
713 | |
714 | assert_se(access("/", F_OK) < 0); | |
715 | assert_se(errno == EILSEQ); | |
716 | ||
717 | assert_se(poll(NULL, 0, 0) == 0); | |
718 | ||
719 | s = hashmap_free(s); | |
720 | ||
721 | assert_se(s = hashmap_new(NULL)); | |
fb4b0465 | 722 | #if defined __NR_poll && __NR_poll >= 0 |
b4891260 | 723 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(-1)) >= 0); |
f60a865a | 724 | #else |
b4891260 | 725 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(-1)) >= 0); |
f60a865a | 726 | #endif |
469830d1 | 727 | |
b54f36c6 | 728 | assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUNATCH), true) >= 0); |
469830d1 LP |
729 | |
730 | assert_se(access("/", F_OK) < 0); | |
b4891260 | 731 | assert_se(errno == EILSEQ); |
469830d1 LP |
732 | |
733 | assert_se(poll(NULL, 0, 0) < 0); | |
734 | assert_se(errno == EUNATCH); | |
735 | ||
b4891260 YW |
736 | s = hashmap_free(s); |
737 | ||
738 | assert_se(s = hashmap_new(NULL)); | |
fb4b0465 | 739 | #if defined __NR_poll && __NR_poll >= 0 |
b4891260 YW |
740 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_poll + 1), INT_TO_PTR(EILSEQ)) >= 0); |
741 | #else | |
742 | assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_ppoll + 1), INT_TO_PTR(EILSEQ)) >= 0); | |
743 | #endif | |
744 | ||
b54f36c6 | 745 | assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUNATCH), true) >= 0); |
b4891260 YW |
746 | |
747 | assert_se(access("/", F_OK) < 0); | |
748 | assert_se(errno == EILSEQ); | |
749 | ||
750 | assert_se(poll(NULL, 0, 0) < 0); | |
751 | assert_se(errno == EILSEQ); | |
752 | ||
469830d1 LP |
753 | _exit(EXIT_SUCCESS); |
754 | } | |
755 | ||
7d4904fe | 756 | assert_se(wait_for_terminate_and_check("syscallrawseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); |
469830d1 LP |
757 | } |
758 | ||
78e864e5 | 759 | static void test_lock_personality(void) { |
e8132d63 | 760 | unsigned long current; |
78e864e5 TM |
761 | pid_t pid; |
762 | ||
f09da7cc ZJS |
763 | log_info("/* %s */", __func__); |
764 | ||
cd90ec75 YW |
765 | if (!is_seccomp_available()) { |
766 | log_notice("Seccomp not available, skipping %s", __func__); | |
78e864e5 | 767 | return; |
cd90ec75 YW |
768 | } |
769 | if (geteuid() != 0) { | |
770 | log_notice("Not root, skipping %s", __func__); | |
78e864e5 | 771 | return; |
cd90ec75 | 772 | } |
78e864e5 | 773 | |
e8132d63 LP |
774 | assert_se(opinionated_personality(¤t) >= 0); |
775 | ||
776 | log_info("current personality=%lu", current); | |
777 | ||
78e864e5 TM |
778 | pid = fork(); |
779 | assert_se(pid >= 0); | |
780 | ||
781 | if (pid == 0) { | |
e8132d63 | 782 | assert_se(seccomp_lock_personality(current) >= 0); |
78e864e5 | 783 | |
21022b9d | 784 | assert_se((unsigned long) safe_personality(current) == current); |
e8132d63 | 785 | |
21022b9d LP |
786 | /* Note, we also test that safe_personality() works correctly, by checkig whether errno is properly |
787 | * set, in addition to the return value */ | |
788 | errno = 0; | |
789 | assert_se(safe_personality(PER_LINUX | ADDR_NO_RANDOMIZE) == -EPERM); | |
790 | assert_se(errno == EPERM); | |
e8132d63 | 791 | |
21022b9d LP |
792 | assert_se(safe_personality(PER_LINUX | MMAP_PAGE_ZERO) == -EPERM); |
793 | assert_se(safe_personality(PER_LINUX | ADDR_COMPAT_LAYOUT) == -EPERM); | |
794 | assert_se(safe_personality(PER_LINUX | READ_IMPLIES_EXEC) == -EPERM); | |
795 | assert_se(safe_personality(PER_LINUX_32BIT) == -EPERM); | |
796 | assert_se(safe_personality(PER_SVR4) == -EPERM); | |
797 | assert_se(safe_personality(PER_BSD) == -EPERM); | |
798 | assert_se(safe_personality(current == PER_LINUX ? PER_LINUX32 : PER_LINUX) == -EPERM); | |
799 | assert_se(safe_personality(PER_LINUX32_3GB) == -EPERM); | |
800 | assert_se(safe_personality(PER_UW7) == -EPERM); | |
801 | assert_se(safe_personality(0x42) == -EPERM); | |
802 | ||
803 | assert_se(safe_personality(PERSONALITY_INVALID) == -EPERM); /* maybe remove this later */ | |
e8132d63 LP |
804 | |
805 | assert_se((unsigned long) personality(current) == current); | |
78e864e5 TM |
806 | _exit(EXIT_SUCCESS); |
807 | } | |
808 | ||
7d4904fe | 809 | assert_se(wait_for_terminate_and_check("lockpersonalityseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); |
78e864e5 TM |
810 | } |
811 | ||
167fc10c LP |
812 | static int real_open(const char *path, int flags, mode_t mode) { |
813 | /* glibc internally calls openat() when open() is requested. Let's hence define our own wrapper for | |
dff6c629 ZJS |
814 | * testing purposes that calls the real syscall, on architectures where SYS_open is defined. On |
815 | * other architectures, let's just fall back to the glibc call. */ | |
167fc10c | 816 | |
fb4b0465 | 817 | #if defined __NR_open && __NR_open >= 0 |
4df8fe84 | 818 | return (int) syscall(__NR_open, path, flags, mode); |
dff6c629 ZJS |
819 | #else |
820 | return open(path, flags, mode); | |
821 | #endif | |
167fc10c LP |
822 | } |
823 | ||
824 | static void test_restrict_suid_sgid(void) { | |
825 | pid_t pid; | |
826 | ||
827 | log_info("/* %s */", __func__); | |
828 | ||
829 | if (!is_seccomp_available()) { | |
830 | log_notice("Seccomp not available, skipping %s", __func__); | |
831 | return; | |
832 | } | |
833 | if (geteuid() != 0) { | |
834 | log_notice("Not root, skipping %s", __func__); | |
835 | return; | |
836 | } | |
837 | ||
838 | pid = fork(); | |
839 | assert_se(pid >= 0); | |
840 | ||
841 | if (pid == 0) { | |
842 | char path[] = "/tmp/suidsgidXXXXXX", dir[] = "/tmp/suidsgiddirXXXXXX"; | |
843 | int fd = -1, k = -1; | |
844 | const char *z; | |
845 | ||
846 | fd = mkostemp_safe(path); | |
847 | assert_se(fd >= 0); | |
848 | ||
849 | assert_se(mkdtemp(dir)); | |
850 | z = strjoina(dir, "/test"); | |
851 | ||
852 | assert_se(chmod(path, 0755 | S_ISUID) >= 0); | |
853 | assert_se(chmod(path, 0755 | S_ISGID) >= 0); | |
854 | assert_se(chmod(path, 0755 | S_ISGID | S_ISUID) >= 0); | |
855 | assert_se(chmod(path, 0755) >= 0); | |
856 | ||
857 | assert_se(fchmod(fd, 0755 | S_ISUID) >= 0); | |
858 | assert_se(fchmod(fd, 0755 | S_ISGID) >= 0); | |
859 | assert_se(fchmod(fd, 0755 | S_ISGID | S_ISUID) >= 0); | |
860 | assert_se(fchmod(fd, 0755) >= 0); | |
861 | ||
862 | assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISUID, 0) >= 0); | |
863 | assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID, 0) >= 0); | |
864 | assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) >= 0); | |
865 | assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0); | |
866 | ||
867 | k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID); | |
868 | k = safe_close(k); | |
869 | assert_se(unlink(z) >= 0); | |
870 | ||
871 | k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID); | |
872 | k = safe_close(k); | |
873 | assert_se(unlink(z) >= 0); | |
874 | ||
875 | k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID); | |
876 | k = safe_close(k); | |
877 | assert_se(unlink(z) >= 0); | |
878 | ||
879 | k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644); | |
880 | k = safe_close(k); | |
881 | assert_se(unlink(z) >= 0); | |
882 | ||
883 | k = creat(z, 0644 | S_ISUID); | |
884 | k = safe_close(k); | |
885 | assert_se(unlink(z) >= 0); | |
886 | ||
887 | k = creat(z, 0644 | S_ISGID); | |
888 | k = safe_close(k); | |
889 | assert_se(unlink(z) >= 0); | |
890 | ||
891 | k = creat(z, 0644 | S_ISUID | S_ISGID); | |
892 | k = safe_close(k); | |
893 | assert_se(unlink(z) >= 0); | |
894 | ||
895 | k = creat(z, 0644); | |
896 | k = safe_close(k); | |
897 | assert_se(unlink(z) >= 0); | |
898 | ||
899 | k = openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID); | |
900 | k = safe_close(k); | |
901 | assert_se(unlink(z) >= 0); | |
902 | ||
903 | k = openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID); | |
904 | k = safe_close(k); | |
905 | assert_se(unlink(z) >= 0); | |
906 | ||
907 | k = openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID); | |
908 | k = safe_close(k); | |
909 | assert_se(unlink(z) >= 0); | |
910 | ||
911 | k = openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644); | |
912 | k = safe_close(k); | |
913 | assert_se(unlink(z) >= 0); | |
914 | ||
915 | assert_se(mkdir(z, 0755 | S_ISUID) >= 0); | |
916 | assert_se(rmdir(z) >= 0); | |
917 | assert_se(mkdir(z, 0755 | S_ISGID) >= 0); | |
918 | assert_se(rmdir(z) >= 0); | |
919 | assert_se(mkdir(z, 0755 | S_ISUID | S_ISGID) >= 0); | |
920 | assert_se(rmdir(z) >= 0); | |
921 | assert_se(mkdir(z, 0755) >= 0); | |
922 | assert_se(rmdir(z) >= 0); | |
923 | ||
924 | assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISUID) >= 0); | |
925 | assert_se(rmdir(z) >= 0); | |
926 | assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISGID) >= 0); | |
927 | assert_se(rmdir(z) >= 0); | |
928 | assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISUID | S_ISGID) >= 0); | |
929 | assert_se(rmdir(z) >= 0); | |
930 | assert_se(mkdirat(AT_FDCWD, z, 0755) >= 0); | |
931 | assert_se(rmdir(z) >= 0); | |
932 | ||
933 | assert_se(mknod(z, S_IFREG | 0755 | S_ISUID, 0) >= 0); | |
934 | assert_se(unlink(z) >= 0); | |
935 | assert_se(mknod(z, S_IFREG | 0755 | S_ISGID, 0) >= 0); | |
936 | assert_se(unlink(z) >= 0); | |
937 | assert_se(mknod(z, S_IFREG | 0755 | S_ISUID | S_ISGID, 0) >= 0); | |
938 | assert_se(unlink(z) >= 0); | |
939 | assert_se(mknod(z, S_IFREG | 0755, 0) >= 0); | |
940 | assert_se(unlink(z) >= 0); | |
941 | ||
942 | assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISUID, 0) >= 0); | |
943 | assert_se(unlink(z) >= 0); | |
944 | assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISGID, 0) >= 0); | |
945 | assert_se(unlink(z) >= 0); | |
946 | assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISUID | S_ISGID, 0) >= 0); | |
947 | assert_se(unlink(z) >= 0); | |
948 | assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755, 0) >= 0); | |
949 | assert_se(unlink(z) >= 0); | |
950 | ||
951 | assert_se(seccomp_restrict_suid_sgid() >= 0); | |
952 | ||
953 | assert_se(chmod(path, 0775 | S_ISUID) < 0 && errno == EPERM); | |
954 | assert_se(chmod(path, 0775 | S_ISGID) < 0 && errno == EPERM); | |
955 | assert_se(chmod(path, 0775 | S_ISGID | S_ISUID) < 0 && errno == EPERM); | |
956 | assert_se(chmod(path, 0775) >= 0); | |
957 | ||
958 | assert_se(fchmod(fd, 0775 | S_ISUID) < 0 && errno == EPERM); | |
959 | assert_se(fchmod(fd, 0775 | S_ISGID) < 0 && errno == EPERM); | |
960 | assert_se(fchmod(fd, 0775 | S_ISGID | S_ISUID) < 0 && errno == EPERM); | |
961 | assert_se(fchmod(fd, 0775) >= 0); | |
962 | ||
963 | assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISUID, 0) < 0 && errno == EPERM); | |
964 | assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID, 0) < 0 && errno == EPERM); | |
965 | assert_se(fchmodat(AT_FDCWD, path, 0755 | S_ISGID | S_ISUID, 0) < 0 && errno == EPERM); | |
966 | assert_se(fchmodat(AT_FDCWD, path, 0755, 0) >= 0); | |
967 | ||
968 | assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID) < 0 && errno == EPERM); | |
969 | assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID) < 0 && errno == EPERM); | |
970 | assert_se(real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID) < 0 && errno == EPERM); | |
971 | k = real_open(z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644); | |
972 | k = safe_close(k); | |
973 | assert_se(unlink(z) >= 0); | |
974 | ||
975 | assert_se(creat(z, 0644 | S_ISUID) < 0 && errno == EPERM); | |
976 | assert_se(creat(z, 0644 | S_ISGID) < 0 && errno == EPERM); | |
977 | assert_se(creat(z, 0644 | S_ISUID | S_ISGID) < 0 && errno == EPERM); | |
978 | k = creat(z, 0644); | |
979 | k = safe_close(k); | |
980 | assert_se(unlink(z) >= 0); | |
981 | ||
982 | assert_se(openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID) < 0 && errno == EPERM); | |
983 | assert_se(openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISGID) < 0 && errno == EPERM); | |
984 | assert_se(openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644 | S_ISUID | S_ISGID) < 0 && errno == EPERM); | |
985 | k = openat(AT_FDCWD, z, O_CREAT|O_RDWR|O_CLOEXEC|O_EXCL, 0644); | |
986 | k = safe_close(k); | |
987 | assert_se(unlink(z) >= 0); | |
988 | ||
989 | assert_se(mkdir(z, 0755 | S_ISUID) < 0 && errno == EPERM); | |
990 | assert_se(mkdir(z, 0755 | S_ISGID) < 0 && errno == EPERM); | |
991 | assert_se(mkdir(z, 0755 | S_ISUID | S_ISGID) < 0 && errno == EPERM); | |
992 | assert_se(mkdir(z, 0755) >= 0); | |
993 | assert_se(rmdir(z) >= 0); | |
994 | ||
995 | assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISUID) < 0 && errno == EPERM); | |
996 | assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISGID) < 0 && errno == EPERM); | |
997 | assert_se(mkdirat(AT_FDCWD, z, 0755 | S_ISUID | S_ISGID) < 0 && errno == EPERM); | |
998 | assert_se(mkdirat(AT_FDCWD, z, 0755) >= 0); | |
999 | assert_se(rmdir(z) >= 0); | |
1000 | ||
1001 | assert_se(mknod(z, S_IFREG | 0755 | S_ISUID, 0) < 0 && errno == EPERM); | |
1002 | assert_se(mknod(z, S_IFREG | 0755 | S_ISGID, 0) < 0 && errno == EPERM); | |
1003 | assert_se(mknod(z, S_IFREG | 0755 | S_ISUID | S_ISGID, 0) < 0 && errno == EPERM); | |
1004 | assert_se(mknod(z, S_IFREG | 0755, 0) >= 0); | |
1005 | assert_se(unlink(z) >= 0); | |
1006 | ||
1007 | assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISUID, 0) < 0 && errno == EPERM); | |
1008 | assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISGID, 0) < 0 && errno == EPERM); | |
1009 | assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755 | S_ISUID | S_ISGID, 0) < 0 && errno == EPERM); | |
1010 | assert_se(mknodat(AT_FDCWD, z, S_IFREG | 0755, 0) >= 0); | |
1011 | assert_se(unlink(z) >= 0); | |
1012 | ||
1013 | assert_se(unlink(path) >= 0); | |
1014 | assert_se(rm_rf(dir, REMOVE_ROOT|REMOVE_PHYSICAL) >= 0); | |
1015 | ||
1016 | _exit(EXIT_SUCCESS); | |
1017 | } | |
1018 | ||
1019 | assert_se(wait_for_terminate_and_check("suidsgidseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); | |
1020 | } | |
1021 | ||
f6281133 | 1022 | int main(int argc, char *argv[]) { |
6d7c4033 | 1023 | test_setup_logging(LOG_DEBUG); |
add00535 | 1024 | |
f6281133 | 1025 | test_seccomp_arch_to_string(); |
aa34055f | 1026 | test_architecture_table(); |
f6281133 LP |
1027 | test_syscall_filter_set_find(); |
1028 | test_filter_sets(); | |
23e12f8e | 1029 | test_filter_sets_ordered(); |
add00535 | 1030 | test_restrict_namespace(); |
469830d1 | 1031 | test_protect_sysctl(); |
97d05f3b | 1032 | test_protect_syslog(); |
469830d1 LP |
1033 | test_restrict_address_families(); |
1034 | test_restrict_realtime(); | |
2a65bd94 ZJS |
1035 | test_memory_deny_write_execute_mmap(); |
1036 | test_memory_deny_write_execute_shmat(); | |
469830d1 LP |
1037 | test_restrict_archs(); |
1038 | test_load_syscall_filter_set_raw(); | |
78e864e5 | 1039 | test_lock_personality(); |
167fc10c | 1040 | test_restrict_suid_sgid(); |
f6281133 LP |
1041 | |
1042 | return 0; | |
1043 | } |