lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ef128eed-65a3-1617-d630-275f3cfa8220@digikod.net>
Date:   Thu, 17 Mar 2022 18:26:45 +0100
From:   Mickaël Salaün <mic@...ikod.net>
To:     Konstantin Meskhidze <konstantin.meskhidze@...wei.com>
Cc:     willemdebruijn.kernel@...il.com,
        linux-security-module@...r.kernel.org, netdev@...r.kernel.org,
        netfilter-devel@...r.kernel.org, yusongping@...wei.com,
        artem.kuzin@...wei.com, anton.sirazetdinov@...wei.com
Subject: Re: [RFC PATCH v4 00/15] Landlock LSM


On 17/03/2022 14:01, Konstantin Meskhidze wrote:
> 
> 
> 3/15/2022 8:02 PM, Mickaël Salaün пишет:
>> Hi Konstantin,
>>
>> This series looks good! Thanks for the split in multiple patches.
>>
>   Thanks. I follow your recommendations.
>>
>> On 09/03/2022 14:44, Konstantin Meskhidze wrote:
>>> Hi,
>>> This is a new V4 bunch of RFC patches related to Landlock LSM network 
>>> confinement.
>>> It brings deep refactirong and commit splitting of previous version V3.
>>> Also added additional selftests.
>>>
>>> This patch series can be applied on top of v5.17-rc3.
>>>
>>> All test were run in QEMU evironment and compiled with
>>>   -static flag.
>>>   1. network_test: 9/9 tests passed.
>>
>> I get a kernel warning running the network tests.
> 
>    What kind of warning? Can you provide it please?

You really need to get a setup that gives you such kernel warning. When 
running network_test you should get:
WARNING: CPU: 3 PID: 742 at security/landlock/ruleset.c:218 
insert_rule+0x220/0x270

Before sending new patches, please make sure you're able to catch such 
issues.


>>
>>>   2. base_test: 8/8 tests passed.
>>>   3. fs_test: 46/46 tests passed.
>>>   4. ptrace_test: 4/8 tests passed.
>>
>> Does your test machine use Yama? That would explain the 4/8. You can 
>> disable it with the appropriate sysctl.

Can you answer this question?


>>
>>>
>>> Tests were also launched for Landlock version without
>>> v4 patch:
>>>   1. base_test: 8/8 tests passed.
>>>   2. fs_test: 46/46 tests passed.
>>>   3. ptrace_test: 4/8 tests passed.
>>>
>>> Could not provide test coverage cause had problems with tests
>>> on VM (no -static flag the tests compiling, no v4 patch applied):
>>
>> You can build statically-linked tests with:
>> make -C tools/testing/selftests/landlock CFLAGS=-static
> 
>   Ok. I will try. Thanks.
>>
>>> 1. base_test: 7/8 tests passed.
>>>   Error:
>>>   # Starting 8 tests from 1 test cases.
>>>   #  RUN           global.inconsistent_attr ...
>>>   # base_test.c:51:inconsistent_attr:Expected ENOMSG (42) == errno (22)
>>
>> This looks like a bug in the syscall argument checks.
> 
>    This bug I just get when don't use -static option. With -static base 
> test passes 8/8.

Weird, I'd like to know what is the cause of this issue. What disto and 
version do you use as host and guest VM? Do you have some warning when 
compiling?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ