diff options
| author | Günther Noack <gnoack@google.com> | 2024-04-19 19:11:14 +0300 |
|---|---|---|
| committer | Mickaël Salaün <mic@digikod.net> | 2024-05-13 07:58:30 +0300 |
| commit | dd6d32afdf5f1869a8f543e8efdd191f7e4b0368 (patch) | |
| tree | e4f7823d006b8367d2a9e3ed5d039ebecc7c8cbe /tools | |
| parent | 3ecf19e56843a6fe65f109c773728c36d220f947 (diff) | |
| download | linux-dd6d32afdf5f1869a8f543e8efdd191f7e4b0368.tar.xz | |
selftests/landlock: Test IOCTL with memfds
Because the LANDLOCK_ACCESS_FS_IOCTL_DEV right is associated with the
opened file during open(2), IOCTLs are supposed to work with files
which are opened by means other than open(2).
Signed-off-by: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20240419161122.2023765-4-gnoack@google.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/testing/selftests/landlock/fs_test.c | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c index fd7793b413d1..193dc58bac7a 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -3849,20 +3849,48 @@ TEST_F_FORK(ftruncate, open_and_ftruncate_in_different_processes) ASSERT_EQ(0, close(socket_fds[1])); } -TEST(memfd_ftruncate) +/* Invokes the FS_IOC_GETFLAGS IOCTL and returns its errno or 0. */ +static int test_fs_ioc_getflags_ioctl(int fd) { - int fd; + uint32_t flags; + + if (ioctl(fd, FS_IOC_GETFLAGS, &flags) < 0) + return errno; + return 0; +} - fd = memfd_create("name", MFD_CLOEXEC); - ASSERT_LE(0, fd); +TEST(memfd_ftruncate_and_ioctl) +{ + const struct landlock_ruleset_attr attr = { + .handled_access_fs = ACCESS_ALL, + }; + int ruleset_fd, fd, i; /* - * Checks that ftruncate is permitted on file descriptors that are - * created in ways other than open(2). + * We exercise the same test both with and without Landlock enabled, to + * ensure that it behaves the same in both cases. */ - EXPECT_EQ(0, test_ftruncate(fd)); + for (i = 0; i < 2; i++) { + /* Creates a new memfd. */ + fd = memfd_create("name", MFD_CLOEXEC); + ASSERT_LE(0, fd); - ASSERT_EQ(0, close(fd)); + /* + * Checks that operations associated with the opened file + * (ftruncate, ioctl) are permitted on file descriptors that are + * created in ways other than open(2). + */ + EXPECT_EQ(0, test_ftruncate(fd)); + EXPECT_EQ(0, test_fs_ioc_getflags_ioctl(fd)); + + ASSERT_EQ(0, close(fd)); + + /* Enables Landlock. */ + ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0); + ASSERT_LE(0, ruleset_fd); + enforce_ruleset(_metadata, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); + } } static int test_fionread_ioctl(int fd) |