On 01/07/2023 21:07, Günther Noack wrote:
Hi!
On Tue, May 16, 2023 at 12:13:37AM +0800, Konstantin Meskhidze wrote:
+TEST_F(inet, bind)
If you are using TEST_F() and you are enforcing a Landlock ruleset
within that test, doesn't that mean that the same Landlock ruleset is
now also enabled on other tests that get run after that test?
Most of the other Landlock selftests use TEST_F_FORK() for that
reason, so that the Landlock enforcement stays local to the specific
test, and does not accidentally influence the observed behaviour in
other tests.
Initially Konstantin wrote tests with TEST_F_FORK() but I asked him to
only use TEST_F() because TEST_F_FORK() is only useful when a
FIXTURE_TEARDOWN() needs access rights that were dropped with a
TEST_F(), e.g. to unmount mount points set up with a FIXTURE_SETUP()
while Landlock restricted a test process.
Indeed, TEST_F() already fork() to make sure there is no side effect
with tests.
The same question applies to other test functions in this file as
well.
–Günther