On Wed, Mar 27, 2024 at 01:10:32PM +0000, Günther Noack wrote: > Exercises Landlock's IOCTL feature in different combinations of > handling and permitting the LANDLOCK_ACCESS_FS_IOCTL_DEV right, and in > different combinations of using files and directories. > > Signed-off-by: Günther Noack <gnoack@xxxxxxxxxx> > --- > tools/testing/selftests/landlock/fs_test.c | 227 ++++++++++++++++++++- > 1 file changed, 224 insertions(+), 3 deletions(-) > > diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c > index 418ad745a5dd..8a72e26d4977 100644 > --- a/tools/testing/selftests/landlock/fs_test.c > +++ b/tools/testing/selftests/landlock/fs_test.c > @@ -8,6 +8,7 @@ > */ > > #define _GNU_SOURCE > +#include <asm/termbits.h> > #include <fcntl.h> > #include <linux/landlock.h> > #include <linux/magic.h> > @@ -15,6 +16,7 @@ > #include <stdio.h> > #include <string.h> > #include <sys/capability.h> > +#include <sys/ioctl.h> > #include <sys/mount.h> > #include <sys/prctl.h> > #include <sys/sendfile.h> > @@ -23,6 +25,12 @@ > #include <sys/vfs.h> > #include <unistd.h> > > +/* > + * Intentionally included last to work around header conflict. > + * See https://sourceware.org/glibc/wiki/Synchronizing_Headers. > + */ > +#include <linux/fs.h> > + > #include "common.h" > > #ifndef renameat2 > @@ -737,6 +745,9 @@ static int create_ruleset(struct __test_metadata *const _metadata, > } > > for (i = 0; rules[i].path; i++) { > + if (!rules[i].access) > + continue; > + > add_path_beneath(_metadata, ruleset_fd, rules[i].access, > rules[i].path); > } > @@ -3445,7 +3456,7 @@ TEST_F_FORK(layout1, truncate_unhandled) > LANDLOCK_ACCESS_FS_WRITE_FILE; > int ruleset_fd; > > - /* Enable Landlock. */ > + /* Enables Landlock. */ > ruleset_fd = create_ruleset(_metadata, handled, rules); > > ASSERT_LE(0, ruleset_fd); > @@ -3528,7 +3539,7 @@ TEST_F_FORK(layout1, truncate) > LANDLOCK_ACCESS_FS_TRUNCATE; > int ruleset_fd; > > - /* Enable Landlock. */ > + /* Enables Landlock. */ > ruleset_fd = create_ruleset(_metadata, handled, rules); > > ASSERT_LE(0, ruleset_fd); > @@ -3754,7 +3765,7 @@ TEST_F_FORK(ftruncate, open_and_ftruncate) > }; > int fd, ruleset_fd; > > - /* Enable Landlock. */ > + /* Enables Landlock. */ > ruleset_fd = create_ruleset(_metadata, variant->handled, rules); > ASSERT_LE(0, ruleset_fd); > enforce_ruleset(_metadata, ruleset_fd); > @@ -3831,6 +3842,16 @@ TEST_F_FORK(ftruncate, open_and_ftruncate_in_different_processes) > ASSERT_EQ(0, close(socket_fds[1])); > } > > +/* Invokes the FS_IOC_GETFLAGS IOCTL and returns its errno or 0. */ > +static int test_fs_ioc_getflags_ioctl(int fd) This function is not used by this patch, only the next one. You can catch this kind of issues with check-linux.sh from https://github.com/landlock-lsm/landlock-test-tools > +{ > + uint32_t flags; > + > + if (ioctl(fd, FS_IOC_GETFLAGS, &flags) < 0) > + return errno; > + return 0; > +} > +
