Hi limin, Just to let you know that Jeff's patch was merged and is available since Linux 6.3: https://lore.kernel.org/all/20230114020306.1407195-1-jeffxu@xxxxxxxxxx/ Regards, Mickaël On Wed, Nov 30, 2022 at 08:32:41PM +0100, Mickaël Salaün wrote: > I checked and the Landlock ptrace test failed because Yama is enabled, which > is expected. You can check that with /proc/sys/kernel/yama/ptrace_scope > > Jeff Xu sent a patch to fix this case but it is not ready yet: > https://lore.kernel.org/r/20220628222941.2642917-1-jeffxu@xxxxxxxxxx > > Could you please send a new patch Jeff, and add Limin in Cc? > > > On 29/11/2022 12:26, limin wrote: > > cat /proc/cmdline > > BOOT_IMAGE=/vmlinuz-6.1.0-next-20221116 > > root=UUID=a65b3a79-dc02-4728-8a0c-5cf24f4ae08b ro > > systemd.unified_cgroup_hierarchy=1 cgroup_no_v1=all > > > > > > config > > > > # > > # Automatically generated file; DO NOT EDIT. > > # Linux/x86 6.1.0-rc6 Kernel Configuration > > # > > [...] > > > CONFIG_SECURITY_YAMA=y > > [...] > > > CONFIG_LSM="landlock,lockdown,yama,integrity,apparmor" > [...] > > > > On 2022/11/29 19:03, Mickaël Salaün wrote: > > > I tested with next-20221116 and all tests are OK. Could you share your > > > kernel configuration with a link? What is the content of /proc/cmdline? > > > > > > On 29/11/2022 02:42, limin wrote: > > > > I run test on Linux ubuntu2204 6.1.0-next-20221116 > > > > > > > > I did't use yama. > > > > > > > > you can reproduce by this step: > > > > > > > > cd kernel_src > > > > > > > > cd tools/testing/selftests/landlock/ > > > > make > > > > ./ptrace_test > > > > > > > > > > > > > > > > > > > > On 2022/11/29 3:44, Mickaël Salaün wrote: > > > > > This patch changes the test semantic and then cannot work on my test > > > > > environment. On which kernel did you run test? Do you use Yama or > > > > > something similar? > > > > > > > > > > On 28/11/2022 03:04, limin wrote: > > > > > > Tests PTRACE_ATTACH and PTRACE_MODE_READ on the parent, > > > > > > trace parent return -1 when child== 0 > > > > > > How to reproduce warning: > > > > > > $ make -C tools/testing/selftests TARGETS=landlock run_tests > > > > > > > > > > > > Signed-off-by: limin <limin100@xxxxxxxxxx> > > > > > > --- > > > > > > tools/testing/selftests/landlock/ptrace_test.c | 5 ++--- > > > > > > 1 file changed, 2 insertions(+), 3 deletions(-) > > > > > > > > > > > > diff --git a/tools/testing/selftests/landlock/ptrace_test.c > > > > > > b/tools/testing/selftests/landlock/ptrace_test.c > > > > > > index c28ef98ff3ac..88c4dc63eea0 100644 > > > > > > --- a/tools/testing/selftests/landlock/ptrace_test.c > > > > > > +++ b/tools/testing/selftests/landlock/ptrace_test.c > > > > > > @@ -267,12 +267,11 @@ TEST_F(hierarchy, trace) > > > > > > /* Tests PTRACE_ATTACH and PTRACE_MODE_READ on the > > > > > > parent. */ > > > > > > err_proc_read = test_ptrace_read(parent); > > > > > > ret = ptrace(PTRACE_ATTACH, parent, NULL, 0); > > > > > > + EXPECT_EQ(-1, ret); > > > > > > + EXPECT_EQ(EPERM, errno); > > > > > > if (variant->domain_child) { > > > > > > - EXPECT_EQ(-1, ret); > > > > > > - EXPECT_EQ(EPERM, errno); > > > > > > EXPECT_EQ(EACCES, err_proc_read); > > > > > > } else { > > > > > > - EXPECT_EQ(0, ret); > > > > > > EXPECT_EQ(0, err_proc_read); > > > > > > } > > > > > > if (ret == 0) {
