Home
last modified time | relevance | path

Searched refs:ruleset_fd (Results 1 – 15 of 15) sorted by relevance

/linux/tools/testing/selftests/landlock/
H A Dnet_test.c936 int ruleset_fd; in TEST_F()
938 ruleset_fd = landlock_create_ruleset(&ruleset_attr, in TEST_F()
940 ASSERT_LE(0, ruleset_fd); in TEST_F()
944 landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT, in TEST_F()
949 landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT, in TEST_F()
961 ASSERT_EQ(0, landlock_add_rule(ruleset_fd, in FIXTURE_VARIANT()
966 enforce_ruleset(_metadata, ruleset_fd); in FIXTURE_VARIANT_ADD()
967 EXPECT_EQ(0, close(ruleset_fd)); in FIXTURE_VARIANT_ADD()
1007 int ruleset_fd; in FIXTURE_TEARDOWN()
1009 ruleset_fd in FIXTURE_TEARDOWN()
658 int ruleset_fd; TEST_F() local
708 int ruleset_fd; TEST_F() local
750 const int ruleset_fd = landlock_create_ruleset( TEST_F() local
786 const int ruleset_fd = landlock_create_ruleset( TEST_F() local
869 const int ruleset_fd = landlock_create_ruleset( TEST_F() local
900 const int ruleset_fd = landlock_create_ruleset( TEST_F() local
1025 int ruleset_fd; TEST_F() local
1170 int ruleset_fd; TEST_F() local
1189 int ruleset_fd; TEST_F() local
1205 int ruleset_fd; TEST_F() local
1239 int ruleset_fd; TEST_F() local
1268 int ruleset_fd; TEST_F() local
1293 int ruleset_fd; TEST_F() local
1345 int ruleset_fd; TEST_F() local
1390 int ruleset_fd; TEST_F() local
1415 int ruleset_fd; TEST_F() local
1457 int ruleset_fd; TEST_F() local
1513 int ruleset_fd; TEST_F() local
1603 int ruleset_fd; TEST_F() local
1637 int ruleset_fd, bind_fd, dir_fd; TEST_F() local
1758 int ruleset_fd; TEST_F() local
1833 int ruleset_fd; TEST_F() local
1980 int ruleset_fd, sock_fd; TEST_F() local
2008 int ruleset_fd, sock_fd; TEST_F() local
[all...]
H A Dfs_test.c487 int ruleset_fd; in TEST_F_FORK()
493 ruleset_fd = open(dir_s1d1, O_PATH | O_DIRECTORY | O_CLOEXEC); in TEST_F_FORK()
494 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
495 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
497 /* Returns EBADF because ruleset_fd is not a landlock-ruleset FD. */ in TEST_F_FORK()
499 ASSERT_EQ(0, close(ruleset_fd)); in TEST_F_FORK()
501 ruleset_fd = open(dir_s1d1, O_DIRECTORY | O_CLOEXEC); in TEST_F_FORK()
502 ASSERT_LE(0, ruleset_fd); in TEST_F_FORK()
503 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST_F_FORK()
505 /* Returns EBADFD because ruleset_fd i in TEST_F_FORK()
486 int ruleset_fd; TEST_F_FORK() local
607 const int ruleset_fd = TEST_F_FORK() local
665 const int ruleset_fd = TEST_F_FORK() local
691 int ruleset_fd; TEST_F_FORK() local
720 add_path_beneath(struct __test_metadata * const _metadata,const int ruleset_fd,const __u64 allowed_access,const char * const path) add_path_beneath() argument
763 int ruleset_fd, i; create_ruleset() local
805 const int ruleset_fd = create_ruleset( TEST_F_FORK() local
852 int ruleset_fd; TEST_F_FORK() local
880 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
934 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RO, rules); TEST_F_FORK() local
967 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1023 int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer1); TEST_F_FORK() local
1115 int ruleset_fd; TEST_F_FORK() local
1239 int ruleset_fd; TEST_F_FORK() local
1343 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1459 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1497 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1514 int ruleset_fd; TEST_F_FORK() local
1559 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1588 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1616 int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1646 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1666 int ruleset_fd; TEST_F_FORK() local
1694 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1717 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1748 int ruleset_fd; TEST_F_FORK() local
1776 int ruleset_fd; TEST_F_FORK() local
1818 const int ruleset_fd = create_ruleset(_metadata, ACCESS_RW, rules); TEST_F_FORK() local
1849 int ruleset_fd; TEST_F_FORK() local
1907 int dirfd, ruleset_fd; test_relative_path() local
2093 const int ruleset_fd = TEST_F_FORK() local
2217 int ruleset_fd = create_ruleset(_metadata, layer1[0].access, layer1); TEST_F_FORK() local
2299 const int ruleset_fd = TEST_F_FORK() local
2381 const int ruleset_fd = TEST_F_FORK() local
2445 int ruleset_fd = TEST_F_FORK() local
2480 int ruleset_fd; refer_denied_by_default() local
2591 int root_fd, ruleset_fd; TEST_F_FORK() local
2642 int ruleset_fd; TEST_F_FORK() local
2679 const int ruleset_fd = create_ruleset( TEST_F_FORK() local
2757 const int ruleset_fd = create_ruleset( TEST_F_FORK() local
2903 const int ruleset_fd = create_ruleset( reparent_exdev_layers_enforce1() local
2926 const int ruleset_fd = reparent_exdev_layers_enforce2() local
3200 const int ruleset_fd = create_ruleset( TEST_F_FORK() local
3272 int ruleset_fd = create_ruleset(_metadata, TEST_F_FORK() local
3345 const int ruleset_fd = TEST_F_FORK() local
3382 const int ruleset_fd = TEST_F_FORK() local
3408 const int ruleset_fd = create_ruleset(_metadata, access, rules); test_make_file() local
3496 const int ruleset_fd = TEST_F_FORK() local
3541 const int ruleset_fd = TEST_F_FORK() local
3582 const int ruleset_fd = create_ruleset( TEST_F_FORK() local
3626 const int ruleset_fd = TEST_F_FORK() local
3723 int ruleset_fd; TEST_F_FORK() local
3806 int ruleset_fd; TEST_F_FORK() local
3913 int fd_layer0, fd_layer1, fd_layer2, fd_layer3, ruleset_fd; TEST_F_FORK() local
4032 int fd, ruleset_fd; TEST_F_FORK() local
4073 int fd, ruleset_fd; TEST_F_FORK() local
4126 int ruleset_fd, fd, i; TEST() local
4169 int ruleset_fd, fd; TEST_F_FORK() local
4265 int ruleset_fd, fd; TEST_F_FORK() local
4324 int fd, ruleset_fd; TEST_F_FORK() local
4364 int srv_fd, cli_fd, ruleset_fd; TEST_F_FORK() local
4464 int file_fd, ruleset_fd; TEST_F_FORK() local
4499 int dir_fd, ruleset_fd; TEST_F_FORK() local
4544 int file_fd, ruleset_fd; TEST_F_FORK() local
4713 int ruleset_fd; TEST_F_FORK() local
4814 int ruleset_fd = create_ruleset( TEST_F_FORK() local
5131 int ruleset_fd, bind_s1d3_fd; TEST_F_FORK() local
5692 int ruleset_fd, s1d41_bind_fd, s1d42_bind_fd; TEST_F_FORK() local
6202 int ruleset_fd, s1d3_bind_fd; TEST_F_FORK() local
6628 int ruleset_fd; TEST_F_FORK() local
6947 int ruleset_fd; layer3_fs_tag_inode() local
7014 int ruleset_fd; TEST_F_FORK() local
7564 int ruleset_fd = TEST_F() local
[all...]
H A Dtsync_test.c23 const int ruleset_fd = in create_ruleset() local
26 ASSERT_LE(0, ruleset_fd) in create_ruleset()
30 return ruleset_fd; in create_ruleset()
35 const int ruleset_fd = create_ruleset(_metadata); in TEST() local
40 ASSERT_EQ(0, landlock_restrict_self(ruleset_fd, in TEST()
43 EXPECT_EQ(0, close(ruleset_fd)); in TEST()
69 const int ruleset_fd = create_ruleset(_metadata); in TEST() local
78 EXPECT_EQ(0, landlock_restrict_self(ruleset_fd, in TEST()
90 EXPECT_EQ(0, close(ruleset_fd)); in TEST()
96 const int ruleset_fd = create_ruleset(_metadata); in TEST() local
[all …]
H A Dbase_test.c150 int ruleset_fd; in TEST()
182 ruleset_fd = in TEST()
184 ASSERT_LE(0, ruleset_fd); in TEST()
185 ASSERT_EQ(0, close(ruleset_fd)); in TEST()
198 const int ruleset_fd = in TEST()
201 ASSERT_LE(0, ruleset_fd); in TEST() local
212 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, 0, NULL, 0)); in TEST()
216 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST()
221 ASSERT_EQ(-1, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in TEST()
229 ASSERT_EQ(0, landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEAT in TEST()
106 int ruleset_fd; TEST() local
154 const int ruleset_fd = TEST() local
241 int ruleset_fd; TEST() local
335 int ruleset_fd, dir_fd; TEST() local
[all...]
H A Dscoped_common.h15 int ruleset_fd; in create_scoped_domain() local
20 ruleset_fd = in create_scoped_domain()
22 ASSERT_LE(0, ruleset_fd) in create_scoped_domain()
26 enforce_ruleset(_metadata, ruleset_fd); in create_scoped_domain()
27 EXPECT_EQ(0, close(ruleset_fd)); in create_scoped_domain()
H A Daudit_test.c78 int status, ruleset_fd, i; in TEST_F() local
88 ruleset_fd = in TEST_F()
90 ASSERT_LE(0, ruleset_fd); in TEST_F()
100 EXPECT_EQ(0, landlock_restrict_self(ruleset_fd, 0)); in TEST_F()
122 EXPECT_EQ(-1, landlock_restrict_self(ruleset_fd, 0)); in TEST_F()
160 EXPECT_EQ(0, close(ruleset_fd)); in TEST_F()
165 int ruleset_fd, pipe_child, pipe_parent;
181 if (landlock_restrict_self(data->ruleset_fd, 0)) { in thread_audit_test()
186 if (close(data->ruleset_fd)) { in thread_audit_test()
239 child_data.ruleset_fd in TEST_F()
164 int ruleset_fd, pipe_child, pipe_parent; global() member
366 int ruleset_fd; TEST_F() local
562 int ruleset_fd; TEST_F() local
[all...]
H A Dsandbox-and-launch.c24 int pipe_child, pipe_parent, ruleset_fd; in main() local
39 ruleset_fd = in main()
41 if (ruleset_fd < 0) { in main()
51 if (landlock_restrict_self(ruleset_fd, 0)) { in main()
56 if (close(ruleset_fd)) { in main()
H A Dwrappers.h26 static inline int landlock_add_rule(const int ruleset_fd, in landlock_add_rule() argument
31 return syscall(__NR_landlock_add_rule, ruleset_fd, rule_type, rule_attr, in landlock_add_rule()
37 static inline int landlock_restrict_self(const int ruleset_fd, in landlock_restrict_self() argument
40 return syscall(__NR_landlock_restrict_self, ruleset_fd, flags); in landlock_restrict_self()
H A Dcommon.h200 enforce_ruleset(struct __test_metadata *const _metadata, const int ruleset_fd) in enforce_ruleset()
203 ASSERT_EQ(0, landlock_restrict_self(ruleset_fd, 0)) in enforce_ruleset()
213 int ruleset_fd; in drop_access_rights()
215 ruleset_fd = in drop_access_rights()
217 EXPECT_LE(0, ruleset_fd) in drop_access_rights()
221 enforce_ruleset(_metadata, ruleset_fd); in drop_access_rights()
222 EXPECT_EQ(0, close(ruleset_fd));
198 enforce_ruleset(struct __test_metadata * const _metadata,const int ruleset_fd) enforce_ruleset() argument
211 int ruleset_fd; drop_access_rights() local
H A Dptrace_test.c30 int ruleset_fd; in create_domain() local
35 ruleset_fd = in create_domain()
37 EXPECT_LE(0, ruleset_fd) in create_domain()
42 EXPECT_EQ(0, landlock_restrict_self(ruleset_fd, 0)); in create_domain()
43 EXPECT_EQ(0, close(ruleset_fd)); in create_domain()
H A Dscoped_abstract_unix_test.c32 int ruleset_fd; in create_fs_domain() local
37 ruleset_fd = in create_fs_domain()
39 EXPECT_LE(0, ruleset_fd) in create_fs_domain()
44 EXPECT_EQ(0, landlock_restrict_self(ruleset_fd, 0)); in create_fs_domain()
45 EXPECT_EQ(0, close(ruleset_fd)); in create_fs_domain()
350 int ruleset_fd; in TEST_F()
394 ruleset_fd = in FIXTURE_SETUP()
396 ASSERT_LE(0, ruleset_fd) in FIXTURE_SETUP()
400 enforce_ruleset(_metadata, ruleset_fd); in FIXTURE_SETUP()
401 EXPECT_EQ(0, close(ruleset_fd)); in FIXTURE_SETUP()
[all...]
/linux/samples/landlock/
H A Dsandboxer.c41 static inline int landlock_add_rule(const int ruleset_fd, in landlock_add_rule() argument
46 return syscall(__NR_landlock_add_rule, ruleset_fd, rule_type, rule_attr, in landlock_add_rule()
52 static inline int landlock_restrict_self(const int ruleset_fd, in landlock_restrict_self() argument
55 return syscall(__NR_landlock_restrict_self, ruleset_fd, flags); in landlock_restrict_self()
124 static int populate_ruleset_fs(const char *const env_var, const int ruleset_fd, in populate_ruleset_fs()
174 if (landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH, in populate_ruleset_fs()
192 static int populate_ruleset_net(const char *const env_var, const int ruleset_fd, in populate_ruleset_net()
220 if (landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT, in populate_ruleset_net()
438 int ruleset_fd, abi; in main()
633 ruleset_fd
119 populate_ruleset_fs(const char * const env_var,const int ruleset_fd,const __u64 allowed_access) populate_ruleset_fs() argument
187 populate_ruleset_net(const char * const env_var,const int ruleset_fd,const __u64 allowed_access) populate_ruleset_net() argument
351 int ruleset_fd, abi; main() local
[all...]
/linux/security/landlock/
H A Dsyscalls.c215 int err, ruleset_fd; in SYSCALL_DEFINE3()
285 ruleset_fd = anon_inode_getfd("[landlock-ruleset]", &ruleset_fops,
287 if (ruleset_fd < 0)
289 return ruleset_fd; in get_path_from_fd()
431 * @ruleset_fd: File descriptor tied to the ruleset that should be extended in SYSCALL_DEFINE4()
456 * - %EBADF: @ruleset_fd is not a file descriptor for the current thread, or a
458 * - %EBADFD: @ruleset_fd is not a ruleset file descriptor, or a member of
460 * - %EPERM: @ruleset_fd has no write access to the underlying ruleset;
466 SYSCALL_DEFINE4(landlock_add_rule, const int, ruleset_fd,
479 ruleset = get_ruleset_from_fd(ruleset_fd, FMODE_CAN_WRIT in SYSCALL_DEFINE2()
201 int err, ruleset_fd; SYSCALL_DEFINE3() local
418 SYSCALL_DEFINE4(landlock_add_rule,const int,ruleset_fd,const enum landlock_rule_type,rule_type,const void __user * const,rule_attr,const __u32,flags) SYSCALL_DEFINE4() argument
478 SYSCALL_DEFINE2(landlock_restrict_self,const int,ruleset_fd,const __u32,flags) SYSCALL_DEFINE2() argument
[all...]
/linux/Documentation/userspace-api/
H A Dlandlock.rst149 int ruleset_fd;
151 ruleset_fd = landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
152 if (ruleset_fd < 0) {
179 close(ruleset_fd);
182 err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH,
187 close(ruleset_fd);
212 err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT,
231 err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT,
242 err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT,
283 close(ruleset_fd);
[all...]
/linux/include/linux/
H A Dsyscalls.h991 asmlinkage long sys_landlock_add_rule(int ruleset_fd, enum landlock_rule_type rule_type,
993 asmlinkage long sys_landlock_restrict_self(int ruleset_fd, __u32 flags);