{"id":2223428,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2223428/?format=json","web_url":"http://patchwork.ozlabs.org/project/ltp/patch/20260415103812.21999-3-wegao@suse.com/","project":{"id":59,"url":"http://patchwork.ozlabs.org/api/1.2/projects/59/?format=json","name":"Linux Test Project development","link_name":"ltp","list_id":"ltp.lists.linux.it","list_email":"ltp@lists.linux.it","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260415103812.21999-3-wegao@suse.com>","list_archive_url":null,"date":"2026-04-15T10:37:55","name":"[v7,2/2] open16: allow restricted O_CREAT of FIFOs and regular files","commit_ref":null,"pull_url":null,"state":"needs-review-ack","archived":false,"hash":"050c66a319b0a3db78a38cb54b181272afe8b64c","submitter":{"id":85577,"url":"http://patchwork.ozlabs.org/api/1.2/people/85577/?format=json","name":"Wei Gao","email":"wegao@suse.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ltp/patch/20260415103812.21999-3-wegao@suse.com/mbox/","series":[{"id":499962,"url":"http://patchwork.ozlabs.org/api/1.2/series/499962/?format=json","web_url":"http://patchwork.ozlabs.org/project/ltp/list/?series=499962","date":"2026-04-15T10:37:54","name":"[v7,1/2] lib: New library function tst_get_free_uid","version":7,"mbox":"http://patchwork.ozlabs.org/series/499962/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2223428/comments/","check":"warning","checks":"http://patchwork.ozlabs.org/api/patches/2223428/checks/","tags":{},"related":[],"headers":{"Return-Path":"<ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>","X-Original-To":["incoming@patchwork.ozlabs.org","ltp@lists.linux.it"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","ltp@picard.linux.it"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=lists.linux.it header.i=@lists.linux.it\n header.a=rsa-sha256 header.s=picard header.b=VjKdDV9N;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=suse.com header.i=@suse.com header.a=rsa-sha256\n header.s=google header.b=PYJcUFyw;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it\n (client-ip=2001:1418:10:5::2; helo=picard.linux.it;\n envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;\n receiver=patchwork.ozlabs.org)"],"Received":["from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fwd160r8fz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 15 Apr 2026 20:39:06 +1000 (AEST)","from picard.linux.it (localhost [IPv6:::1])\n\tby picard.linux.it (Postfix) with ESMTP id E16B33E5DB7\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 15 Apr 2026 12:39:03 +0200 (CEST)","from in-3.smtp.seeweb.it (in-3.smtp.seeweb.it [217.194.8.3])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature ECDSA (secp384r1))\n (No client certificate requested)\n by picard.linux.it (Postfix) with ESMTPS id 35FFA3E5B75\n for <ltp@lists.linux.it>; Wed, 15 Apr 2026 12:38:20 +0200 (CEST)","from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com\n [IPv6:2a00:1450:4864:20::32b])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by in-3.smtp.seeweb.it (Postfix) with ESMTPS id A27911A0090B\n for <ltp@lists.linux.it>; Wed, 15 Apr 2026 12:38:19 +0200 (CEST)","by mail-wm1-x32b.google.com with SMTP id\n 5b1f17b1804b1-482f454be5bso69825145e9.0\n for <ltp@lists.linux.it>; Wed, 15 Apr 2026 03:38:19 -0700 (PDT)","from localhost ([2a07:de40:b240:0:2ad6:ed42:2ad6:ed42])\n by smtp.gmail.com with UTF8SMTPSA id\n 5b1f17b1804b1-488f1dd8806sm39417955e9.3.2026.04.15.03.38.17\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 15 Apr 2026 03:38:17 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/simple; d=lists.linux.it;\n i=@lists.linux.it; q=dns/txt; s=picard; t=1776249543; h=to : date :\n message-id : in-reply-to : references : mime-version : subject :\n list-id : list-unsubscribe : list-archive : list-post : list-help :\n list-subscribe : from : reply-to : content-type :\n content-transfer-encoding : sender : from;\n bh=skciPJk3F7+KlNUVeABxJHm3HFbUbcOCHXn052DD4a0=;\n b=VjKdDV9NkzkvKqTOrMQcM8zSlOrTUe1aqoiz5ItkVoWiG8kwPOBkKNyNktbaDVvsTz0rW\n bRal6HE4fHKLReML5jEbVEKUljYTWPRMtmKtNXnq5PCOo5u8AnTrDUluFgNDK2Pv5yYUJb+\n E3Dzn2a5vP9PVfMm/VIFfFeECEn5KGw=","v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=suse.com; s=google; t=1776249499; x=1776854299; darn=lists.linux.it;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=eq8wnsrb5213CVnsykm51rlAon8hFVwEWzizOYaexlI=;\n b=PYJcUFywM3oxp0NeuTHDC1cpupMrGBlofKZPuXXNbKvm+KSSX58f8WdlInrRlj/dNI\n lHjNX4QGIoOtLtu4r5XvX3y58bj2HhJsrUXHRqXXokRHwoSftRLMZ2JKBc9vV5FnwbUx\n 3jExpGZkeQ/RIGRtHSF7Ap2e173sYYWKWaNqltqq9m1d7HvGZFy9WL5wa0ziBiIzP6Qg\n TptRNSg2bjwFq7pEYhScHXxjgj+dAHc/FWr2NweaBLzlD2zDNl2kCS/j3rOyurpOqZBX\n XxfyhrK6lZsvRpA4EYwtrVogSxSXy5TZ7GqC1Iq/7ohcUFnLe/018j7S1644A1eJZIDh\n qStg=="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776249499; x=1776854299;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=eq8wnsrb5213CVnsykm51rlAon8hFVwEWzizOYaexlI=;\n b=AHOVNNEMx7nNzWEA89U1U9tIWEdn521/C4Xd9psSzCmSrfzY3FXyKcrDsPBNFxGtjl\n AIUanuYqWegihRzfvDI1/ApFyK2gSFwc0yQsBnrumsz8ZKCvRSPxajQ814Y57MMvS81M\n BjrCpQJ7WSyG/WYX9j98/G3EfIxwmG9Vq/cGRrvt7NeIkAfeq7tWIyCSD2JCwINnvhMm\n M/8LwLaQpEOtZD4iMcld2UJSQJuCXExQustVI3njhDmhEWTjmP6wiI9bi5L1tlHGuA58\n J77XPTyF2eu42tjv8l1ETOe903t1rlckugujVflKlvoE2YaBDedyugT/3MQeMYEU/IK/\n fcZA==","X-Gm-Message-State":"AOJu0YyGm7selSBDaS60EAkeewp+ZyGK06Ur530PlXSIWiu2xzc2oIHc\n 4tn5CYG5EVPjyZ2JISSCadDVpvKUYekb1NxWGy9krr+ZeWSX0tvyQI0qIUyRaVWmNnwahH5S9rM\n Tg04=","X-Gm-Gg":"AeBDieu3TPM4EpLpZbHCnHJIE8AQtM2jh0ljmubZkeQXn6sOULRxUBw44MqTBD5PvIT\n spj6IsfqIHI414EiJ5q95aHZJEP2MwYjtHZDN2/5C8jguwraYgchQ0ut6SCDmtmFDNJXcTZo/O7\n kCn6RIdGo0No91vcF8oUdEjkF94JKnI3ehd/JUT+RzBx1hDdtZc3Ls2yCSOC4TteqJwybMc1VM0\n B2VjMLo84WLfXdHyc8VzAJkGdQbHTY8kd42mHNQ4vnF1vg/hUJQxmc2w0T0W8VOMDJo8l5N8dGa\n vnX1q/L1yQAXuYtYJcKvNAY9C5oLo8BnM3Til9UCmJcXx6Uu6YNlg8egxuNHghYTimNLtBgiFnA\n s1M2EhNbIeMey85n/b9e/fYgHhITeH0zhCwo66PgFFLHOUp3NcbOD3AhW/MMW/4Lkmr/4Xt26WU\n 5Th+dD/VOzeAuPdTbbFQGGaw==","X-Received":"by 2002:a05:600d:a:b0:485:3428:774c with SMTP id\n 5b1f17b1804b1-488d682bb48mr212092715e9.4.1776249498797;\n Wed, 15 Apr 2026 03:38:18 -0700 (PDT)","To":"ltp@lists.linux.it","Date":"Wed, 15 Apr 2026 10:37:55 +0000","Message-ID":"<20260415103812.21999-3-wegao@suse.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260415103812.21999-1-wegao@suse.com>","References":"<20260415060728.21662-1-wegao@suse.com>\n <20260415103812.21999-1-wegao@suse.com>","MIME-Version":"1.0","X-Spam-Status":"No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID,\n DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS shortcircuit=no\n autolearn=disabled version=4.0.1","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on in-3.smtp.seeweb.it","X-Virus-Scanned":"clamav-milter 1.0.9 at in-3.smtp.seeweb.it","X-Virus-Status":"Clean","Subject":"[LTP] [PATCH v7 2/2] open16: allow restricted O_CREAT of FIFOs and\n regular files","X-BeenThere":"ltp@lists.linux.it","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"Linux Test Project <ltp.lists.linux.it>","List-Unsubscribe":"<https://lists.linux.it/options/ltp>,\n <mailto:ltp-request@lists.linux.it?subject=unsubscribe>","List-Archive":"<http://lists.linux.it/pipermail/ltp/>","List-Post":"<mailto:ltp@lists.linux.it>","List-Help":"<mailto:ltp-request@lists.linux.it?subject=help>","List-Subscribe":"<https://lists.linux.it/listinfo/ltp>,\n <mailto:ltp-request@lists.linux.it?subject=subscribe>","From":"Wei Gao via ltp <ltp@lists.linux.it>","Reply-To":"Wei Gao <wegao@suse.com>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it","Sender":"\"ltp\" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>"},"content":"This commit adds test cases to verify the security restrictions for opening\nFIFOs and regular files in world-writable sticky directories.\n\nSigned-off-by: Wei Gao <wegao@suse.com>\n---\n runtest/syscalls                          |   1 +\n testcases/kernel/syscalls/open/.gitignore |   1 +\n testcases/kernel/syscalls/open/open16.c   | 132 ++++++++++++++++++++++\n 3 files changed, 134 insertions(+)\n create mode 100644 testcases/kernel/syscalls/open/open16.c","diff":"diff --git a/runtest/syscalls b/runtest/syscalls\nindex d72fceb5e..c14ebb3a0 100644\n--- a/runtest/syscalls\n+++ b/runtest/syscalls\n@@ -1005,6 +1005,7 @@ open12 open12\n open13 open13\n open14 open14\n open15 open15\n+open16 open16\n \n openat01 openat01\n openat02 openat02\ndiff --git a/testcases/kernel/syscalls/open/.gitignore b/testcases/kernel/syscalls/open/.gitignore\nindex af5997572..d2cacc02e 100644\n--- a/testcases/kernel/syscalls/open/.gitignore\n+++ b/testcases/kernel/syscalls/open/.gitignore\n@@ -13,3 +13,4 @@\n /open13\n /open14\n /open15\n+/open16\ndiff --git a/testcases/kernel/syscalls/open/open16.c b/testcases/kernel/syscalls/open/open16.c\nnew file mode 100644\nindex 000000000..726b05df9\n--- /dev/null\n+++ b/testcases/kernel/syscalls/open/open16.c\n@@ -0,0 +1,132 @@\n+// SPDX-License-Identifier: GPL-2.0-or-later\n+/*\n+ * Copyright (c) 2026 Wei Gao <wegao@suse.com>\n+ */\n+\n+/*\\\n+ * Verify restricted opening of FIFOs and regular files in sticky directories.\n+ * This test covers the positive case where access is allowed when protection\n+ * is disabled (level 0), and the negative cases where access is disallowed\n+ * (EACCES) in world-writable (level 1) or group-writable (level 2) sticky\n+ * directories when the file is not owned by the opener.\n+ */\n+\n+#include <pwd.h>\n+#include <stdlib.h>\n+#include \"tst_test.h\"\n+#include \"tst_safe_file_at.h\"\n+#include \"tst_uid.h\"\n+\n+#define DIR \"ltp_tmp_check1\"\n+#define TEST_FILE \"test_file_1\"\n+#define TEST_FIFO \"test_fifo_1\"\n+#define PROTECTED_REGULAR \"/proc/sys/fs/protected_regular\"\n+#define PROTECTED_FIFOS \"/proc/sys/fs/protected_fifos\"\n+#define TEST_FIFO_PATH DIR \"/\" TEST_FIFO\n+\n+static int dir_fd = -1;\n+static uid_t uid1, uid2;\n+\n+static void run(void)\n+{\n+\tSAFE_CHMOD(DIR, 0777 | S_ISVTX);\n+\tSAFE_FILE_PRINTF(PROTECTED_REGULAR, \"0\");\n+\tSAFE_FILE_PRINTF(PROTECTED_FIFOS, \"0\");\n+\n+\tif (!SAFE_FORK()) {\n+\t\tSAFE_SETUID(uid1);\n+\n+\t\tint fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);\n+\n+\t\tSAFE_CLOSE(fd);\n+\n+\t\tSAFE_MKFIFO(TEST_FIFO_PATH, 0777);\n+\n+\t\texit(0);\n+\t}\n+\n+\ttst_reap_children();\n+\n+\tif (!SAFE_FORK()) {\n+\t\tSAFE_SETUID(uid2);\n+\n+\t\tint fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));\n+\n+\t\tif (TST_PASS)\n+\t\t\tSAFE_CLOSE(fd);\n+\n+\t\tfd = TST_EXP_FD(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777));\n+\n+\t\tif (TST_PASS)\n+\t\t\tSAFE_CLOSE(fd);\n+\n+\t\texit(0);\n+\t}\n+\n+\ttst_reap_children();\n+\n+\tSAFE_FILE_PRINTF(PROTECTED_REGULAR, \"1\");\n+\tSAFE_FILE_PRINTF(PROTECTED_FIFOS, \"1\");\n+\n+\tif (!SAFE_FORK()) {\n+\t\tSAFE_SETUID(uid2);\n+\t\tTST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);\n+\t\tTST_EXP_FAIL(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777), EACCES);\n+\n+\t\texit(0);\n+\t}\n+\n+\ttst_reap_children();\n+\n+\tSAFE_FILE_PRINTF(PROTECTED_REGULAR, \"2\");\n+\tSAFE_FILE_PRINTF(PROTECTED_FIFOS, \"2\");\n+\tSAFE_CHMOD(DIR, 0020 | S_ISVTX);\n+\n+\tif (!SAFE_FORK()) {\n+\t\tSAFE_SETUID(uid2);\n+\t\tTST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);\n+\t\tTST_EXP_FAIL(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777), EACCES);\n+\n+\t\texit(0);\n+\t}\n+\n+\ttst_reap_children();\n+\tSAFE_UNLINK(TEST_FIFO_PATH);\n+}\n+\n+static void setup(void)\n+{\n+\tstruct passwd *pw;\n+\n+\tpw = SAFE_GETPWNAM(\"nobody\");\n+\tuid1 = pw->pw_uid;\n+\tuid2 = tst_get_free_uid(uid1);\n+\n+\tumask(0);\n+\tSAFE_MKDIR(DIR, 0777 | S_ISVTX);\n+\tdir_fd = SAFE_OPEN(DIR, O_DIRECTORY);\n+}\n+\n+static void cleanup(void)\n+{\n+\tif (dir_fd != -1)\n+\t\tSAFE_CLOSE(dir_fd);\n+}\n+\n+static struct tst_test test = {\n+\t.setup = setup,\n+\t.cleanup = cleanup,\n+\t.needs_root = 1,\n+\t.test_all = run,\n+\t.needs_tmpdir = 1,\n+\t.forks_child = 1,\n+\t.save_restore = (const struct tst_path_val[]) {\n+\t\t{PROTECTED_REGULAR, NULL, TST_SR_TCONF},\n+\t\t{PROTECTED_FIFOS, NULL, TST_SR_TCONF},\n+\t\t{}\n+\t},\n+\t.tags = (const struct tst_tag[]) {\n+\t\t{\"linux-git\", \"30aba6656f61\"},\n+\t\t{}\n+\t}\n+};\n","prefixes":["v7","2/2"]}