On Fri, Nov 24, 2023 at 06:30:22PM +0100, Günther Noack wrote:
> Exercises Landlock's IOCTL feature in different combinations of
> handling and permitting the rights LANDLOCK_ACCESS_FS_IOCTL,
> LANDLOCK_ACCESS_FS_READ_FILE, LANDLOCK_ACCESS_FS_WRITE_FILE and
> LANDLOCK_ACCESS_FS_READ_DIR, and in different combinations of using
> files and directories.
>
> Signed-off-by: Günther Noack <gnoack@xxxxxxxxxx>
> ---
> tools/testing/selftests/landlock/fs_test.c | 431 ++++++++++++++++++++-
> 1 file changed, 428 insertions(+), 3 deletions(-)
>
> diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
> index 0e86c14e7bb6..94f54a61e508 100644
> --- a/tools/testing/selftests/landlock/fs_test.c
> +++ b/tools/testing/selftests/landlock/fs_test.c
> @@ -9,6 +9,7 @@
>
> #define _GNU_SOURCE
> #include <fcntl.h>
> +#include <linux/fs.h>
> #include <linux/landlock.h>
> #include <linux/magic.h>
> #include <sched.h>
> @@ -672,6 +673,9 @@ static int create_ruleset(struct __test_metadata *const _metadata,
> }
>
> for (i = 0; rules[i].path; i++) {
> + if (!rules[i].access)
> + continue;
I hope this change will not hide some bugs in future changes. We could
set .path to NULL instead but I think your approach is OK.
> +
> add_path_beneath(_metadata, ruleset_fd, rules[i].access,
> rules[i].path);
> }
