{"id":2223361,"url":"http://patchwork.ozlabs.org/api/patches/2223361/?format=json","web_url":"http://patchwork.ozlabs.org/project/ltp/patch/20260415060728.21662-3-wegao@suse.com/","project":{"id":59,"url":"http://patchwork.ozlabs.org/api/projects/59/?format=json","name":"Linux Test Project development","link_name":"ltp","list_id":"ltp.lists.linux.it","list_email":"ltp@lists.linux.it","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260415060728.21662-3-wegao@suse.com>","list_archive_url":null,"date":"2026-04-15T06:07:17","name":"[v6,2/2] open16: allow restricted O_CREAT of FIFOs and regular files","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"620ea8d6ff1b3fb4a13d2eaa5fa9e238be055d70","submitter":{"id":85577,"url":"http://patchwork.ozlabs.org/api/people/85577/?format=json","name":"Wei Gao","email":"wegao@suse.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/ltp/patch/20260415060728.21662-3-wegao@suse.com/mbox/","series":[{"id":499928,"url":"http://patchwork.ozlabs.org/api/series/499928/?format=json","web_url":"http://patchwork.ozlabs.org/project/ltp/list/?series=499928","date":"2026-04-15T06:07:15","name":"open16: allow restricted O_CREAT of FIFOs and regular files","version":6,"mbox":"http://patchwork.ozlabs.org/series/499928/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2223361/comments/","check":"warning","checks":"http://patchwork.ozlabs.org/api/patches/2223361/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":["incoming@patchwork.ozlabs.org","ltp@lists.linux.it"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","ltp@picard.linux.it"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=lists.linux.it header.i=@lists.linux.it\n header.a=rsa-sha256 header.s=picard header.b=WuKp+/L9;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=suse.com header.i=@suse.com header.a=rsa-sha256\n header.s=google header.b=BX+jshHj;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it\n (client-ip=2001:1418:10:5::2; helo=picard.linux.it;\n envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;\n receiver=patchwork.ozlabs.org)"],"Received":["from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fwW0j1ghHz1yCv\n\tfor ; Wed, 15 Apr 2026 16:08:21 +1000 (AEST)","from picard.linux.it (localhost [IPv6:::1])\n\tby picard.linux.it (Postfix) with ESMTP id 31BBC3E265F\n\tfor ; Wed, 15 Apr 2026 08:08:19 +0200 (CEST)","from in-5.smtp.seeweb.it (in-5.smtp.seeweb.it [217.194.8.5])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature ECDSA (secp384r1))\n (No client certificate requested)\n by picard.linux.it (Postfix) with ESMTPS id DF6133E2662\n for ; Wed, 15 Apr 2026 08:07:35 +0200 (CEST)","from mail-wr1-x42e.google.com (mail-wr1-x42e.google.com\n [IPv6:2a00:1450:4864:20::42e])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by in-5.smtp.seeweb.it (Postfix) with ESMTPS id 6220960047F\n for ; Wed, 15 Apr 2026 08:07:35 +0200 (CEST)","by mail-wr1-x42e.google.com with SMTP id\n ffacd0b85a97d-43d72875729so2105503f8f.3\n for ; Tue, 14 Apr 2026 23:07:35 -0700 (PDT)","from localhost ([2a07:de40:b240:0:2ad6:ed42:2ad6:ed42])\n by smtp.gmail.com with UTF8SMTPSA id\n ffacd0b85a97d-43ead3ebaaasm2126362f8f.32.2026.04.14.23.07.34\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Tue, 14 Apr 2026 23:07:34 -0700 (PDT)"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/simple; d=lists.linux.it;\n i=@lists.linux.it; q=dns/txt; s=picard; t=1776233299; h=to : date :\n message-id : in-reply-to : references : mime-version : subject :\n list-id : list-unsubscribe : list-archive : list-post : list-help :\n list-subscribe : from : reply-to : content-type :\n content-transfer-encoding : sender : from;\n bh=rSQRm9YFSnnPbbj5Jmpuf6PG3Y0Wv8BKBuSf0ORLnbw=;\n b=WuKp+/L9OpyCyNKBxQAfAzjgGc+ZVQ/4KAkbScvssElsvlkJhQOsLmehpseKAYpjJp6jR\n tlg8/HV8CdhiIvxeyIXnY4SvpW/tcCANDvjkpkuwDBHXOZEHLhl2Ki8Zjmq97Ox5rgRF3Wz\n 5ZRVmaeHxy/pDiwdXgnw9slq4TRoMko=","v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=suse.com; s=google; t=1776233254; x=1776838054; darn=lists.linux.it;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=7LtRleJbLmAib+ER61qN9f126OHiS1mbhSLPvhYyOU4=;\n b=BX+jshHjaGMyDC1cRaMOSb7CR6Z43fKDkz/Kfupv1UAdi+TfDx0v2KGxuQOiKj/MsW\n SuSzmPC6xQHlk0PaRqDlKcCclciO+4PeC2uSDgqcnWBmNWY3wbumeim1ZqHfqcjsRwTG\n wbu5SGuj8GTbfW4kyxI74N5WAMdbLznt5MJzCCxLQArrzLZoAgIoztAiavPKSc9aAwas\n VVvepgrtHFjJveC/Yp+YaUh5dLJUYmBX+8ULT8twLOpRDtwHNvlUr7qpspAkoOZ5no10\n nJxtnu5Rz1W3c3wbpwW4U4Gels6NqQ+Jdpx31WZw7kG0kgCRH8Lbt2n/fzPLIajQanjZ\n jkDA=="],"X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776233254; x=1776838054;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=7LtRleJbLmAib+ER61qN9f126OHiS1mbhSLPvhYyOU4=;\n b=bG0ZVgx/qyjca76irsAWkHpcYA+oPo/AAW2snXfH9gVoJuWmsvx4vTBfpOa3csGzSc\n WCKk3ElYMuPy6TIp9HKj63QopHLZsMLZ6vYTZhC2rTvGkA4vyx+vQLEdkMKVwdUj6K4/\n 2vMRb/szFJy3cijXw0J1KqxuP5OA/Oyhx9dqV/GS6XuaO7AyIXxpV7vNQHVfX1bjW9Ch\n OuV04GV0LcXaEeblXhVqbI2xu0Ods0/Evq2nI1E5Kzbq6YhbJNHYb4r2HlzE3K3dfAzu\n pcdkUSus4yKXBUHHG8NXZsOMlpwgWcf4Al7v48p2QLtFJCFkCXx5qI/lxXb48gBXoPRs\n zI2w==","X-Gm-Message-State":"AOJu0Yxid6wfoHiNR8nkWuW9oHfHhAFrkg3ZDGasmWCzBg7bC73rtJiu\n J46ozXXQ76DIsii7erFFpn17sVoRVsk4rmbCIZVncB9O2t44a/ehcoVQxjNkBZ2DXEH34LNoJ1j\n 5NKA=","X-Gm-Gg":"AeBDietel/K72yXvaOkEk2xhVFkUOkr+mIuOZrUsSUbLBLHKXsTH19adrt858z+sPrH\n /zFNZaY6FQ0Vi2GmHmqRSX1qrTsG9iTZ/8klaAYsjHVuBzFbhGtT6wwG/Y0IIFa2z9ve0++t5Z5\n z5d30qvJTURjC2RTpyQxoE7WUdo+aylWXBxso/YBwSStcTlzDCmov3SXn4+deLwInsf1/Y0tIIx\n aDxUeoy1rd3PXbbVJjqQ4W8RHqJU2YUB/HBHldZxFQifsgcwuxmJdV/wR5kNrHnOy02rMzy0PD7\n tionNa7cd84+ADY/quDjiEoueSKsKbKd+tOOBnRBhLt/hLUVV7J3ygHvFa1Jy54wxxMSHs1M6sw\n QPBdF55eoGqSex9VBKbx8qMJ4XI82tlXNtQ/77H0M2I1R81Q7usPGwBJa9/uWvswe5wIk4mFq0+\n NYuTyN8KgvnMY=","X-Received":"by 2002:a05:6000:144c:b0:43d:7667:2c1c with SMTP id\n ffacd0b85a97d-43d76672e26mr16805683f8f.51.1776233254502;\n Tue, 14 Apr 2026 23:07:34 -0700 (PDT)","To":"ltp@lists.linux.it","Date":"Wed, 15 Apr 2026 06:07:17 +0000","Message-ID":"<20260415060728.21662-3-wegao@suse.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260415060728.21662-1-wegao@suse.com>","References":"<20250723154610.3860563-1-wegao@suse.com>\n <20260415060728.21662-1-wegao@suse.com>","MIME-Version":"1.0","X-Spam-Status":"No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID,\n DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS shortcircuit=no\n autolearn=disabled version=4.0.1","X-Spam-Checker-Version":"SpamAssassin 4.0.1 (2024-03-25) on in-5.smtp.seeweb.it","X-Virus-Scanned":"clamav-milter 1.0.9 at in-5.smtp.seeweb.it","X-Virus-Status":"Clean","Subject":"[LTP] [PATCH v6 2/2] open16: allow restricted O_CREAT of FIFOs and\n regular files","X-BeenThere":"ltp@lists.linux.it","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"Linux Test Project ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","From":"Wei Gao via ltp ","Reply-To":"Wei Gao ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it","Sender":"\"ltp\" "},"content":"Signed-off-by: Wei Gao \n---\n runtest/syscalls | 1 +\n testcases/kernel/syscalls/open/.gitignore | 1 +\n testcases/kernel/syscalls/open/open16.c | 129 ++++++++++++++++++++++\n 3 files changed, 131 insertions(+)\n create mode 100644 testcases/kernel/syscalls/open/open16.c","diff":"diff --git a/runtest/syscalls b/runtest/syscalls\nindex d72fceb5e..c14ebb3a0 100644\n--- a/runtest/syscalls\n+++ b/runtest/syscalls\n@@ -1005,6 +1005,7 @@ open12 open12\n open13 open13\n open14 open14\n open15 open15\n+open16 open16\n \n openat01 openat01\n openat02 openat02\ndiff --git a/testcases/kernel/syscalls/open/.gitignore b/testcases/kernel/syscalls/open/.gitignore\nindex af5997572..d2cacc02e 100644\n--- a/testcases/kernel/syscalls/open/.gitignore\n+++ b/testcases/kernel/syscalls/open/.gitignore\n@@ -13,3 +13,4 @@\n /open13\n /open14\n /open15\n+/open16\ndiff --git a/testcases/kernel/syscalls/open/open16.c b/testcases/kernel/syscalls/open/open16.c\nnew file mode 100644\nindex 000000000..9ec6515e7\n--- /dev/null\n+++ b/testcases/kernel/syscalls/open/open16.c\n@@ -0,0 +1,129 @@\n+// SPDX-License-Identifier: GPL-2.0-or-later\n+/*\n+ * Copyright (c) 2026 Wei Gao \n+ */\n+\n+/*\\\n+ * Verify disallows open of FIFOs or regular files not owned by the user in world\n+ * writable sticky directories\n+ */\n+\n+#include \n+#include \n+#include \"tst_test.h\"\n+#include \"tst_safe_file_at.h\"\n+#include \"tst_uid.h\"\n+\n+#define DIR \"ltp_tmp_check1\"\n+#define TEST_FILE \"test_file_1\"\n+#define TEST_FIFO \"test_fifo_1\"\n+#define PROTECTED_REGULAR \"/proc/sys/fs/protected_regular\"\n+#define PROTECTED_FIFOS \"/proc/sys/fs/protected_fifos\"\n+#define TEST_FIFO_PATH DIR \"/\" TEST_FIFO\n+\n+static int dir_fd = -1;\n+static uid_t uid1, uid2;\n+\n+static void run(void)\n+{\n+\tSAFE_CHMOD(DIR, 0777 | S_ISVTX);\n+\tSAFE_FILE_PRINTF(PROTECTED_REGULAR, \"0\");\n+\tSAFE_FILE_PRINTF(PROTECTED_FIFOS, \"0\");\n+\n+\tif (!SAFE_FORK()) {\n+\t\tSAFE_SETUID(uid1);\n+\n+\t\tint fd = SAFE_OPENAT(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777);\n+\n+\t\tSAFE_CLOSE(fd);\n+\n+\t\tSAFE_MKFIFO(TEST_FIFO_PATH, 0777);\n+\n+\t\texit(0);\n+\t}\n+\n+\ttst_reap_children();\n+\n+\tif (!SAFE_FORK()) {\n+\t\tSAFE_SETUID(uid2);\n+\n+\t\tint fd = TST_EXP_FD(openat(dir_fd, TEST_FILE, O_CREAT | O_RDWR, 0777));\n+\n+\t\tif (TST_PASS)\n+\t\t\tSAFE_CLOSE(fd);\n+\n+\t\tfd = TST_EXP_FD(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777));\n+\n+\t\tif (TST_PASS)\n+\t\t\tSAFE_CLOSE(fd);\n+\n+\t\texit(0);\n+\t}\n+\n+\ttst_reap_children();\n+\n+\tSAFE_FILE_PRINTF(PROTECTED_REGULAR, \"1\");\n+\tSAFE_FILE_PRINTF(PROTECTED_FIFOS, \"1\");\n+\n+\tif (!SAFE_FORK()) {\n+\t\tSAFE_SETUID(uid2);\n+\t\tTST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);\n+\t\tTST_EXP_FAIL(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777), EACCES);\n+\n+\t\texit(0);\n+\t}\n+\n+\ttst_reap_children();\n+\n+\tSAFE_FILE_PRINTF(PROTECTED_REGULAR, \"2\");\n+\tSAFE_FILE_PRINTF(PROTECTED_FIFOS, \"2\");\n+\tSAFE_CHMOD(DIR, 0020 | S_ISVTX);\n+\n+\tif (!SAFE_FORK()) {\n+\t\tSAFE_SETUID(uid2);\n+\t\tTST_EXP_FAIL(openat(dir_fd, TEST_FILE, O_RDWR | O_CREAT, 0777), EACCES);\n+\t\tTST_EXP_FAIL(open(TEST_FIFO_PATH, O_RDWR | O_CREAT, 0777), EACCES);\n+\n+\t\texit(0);\n+\t}\n+\n+\ttst_reap_children();\n+\tSAFE_UNLINK(TEST_FIFO_PATH);\n+}\n+\n+static void setup(void)\n+{\n+\tstruct passwd *pw;\n+\n+\tpw = SAFE_GETPWNAM(\"nobody\");\n+\tuid1 = pw->pw_uid;\n+\tuid2 = tst_get_free_uid(uid1);\n+\n+\tumask(0);\n+\tSAFE_MKDIR(DIR, 0777 | S_ISVTX);\n+\tdir_fd = SAFE_OPEN(DIR, O_DIRECTORY);\n+}\n+\n+static void cleanup(void)\n+{\n+\tif (dir_fd != -1)\n+\t\tSAFE_CLOSE(dir_fd);\n+}\n+\n+static struct tst_test test = {\n+\t.setup = setup,\n+\t.cleanup = cleanup,\n+\t.needs_root = 1,\n+\t.test_all = run,\n+\t.needs_tmpdir = 1,\n+\t.forks_child = 1,\n+\t.save_restore = (const struct tst_path_val[]) {\n+\t\t{PROTECTED_REGULAR, NULL, TST_SR_TCONF},\n+\t\t{PROTECTED_FIFOS, NULL, TST_SR_TCONF},\n+\t\t{}\n+\t},\n+\t.tags = (const struct tst_tag[]) {\n+\t\t{\"linux-git\", \"30aba6656f61\"},\n+\t\t{}\n+\t}\n+};\n","prefixes":["v6","2/2"]}