Re: [PATCH 4/4] watchkey: skip if CONFIG_WATCH_QUEUE not set

Ondrej Mosnacek <omosnace@xxxxxxxxxx> · Tue, 14 Jun 2022 15:27:12 +0200

On Tue, Jun 14, 2022 at 12:21 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
> Debian does not set CONFIG_WATCH_QUEUE, whereby pipe2(2) returns ENOPKG
> for the option O_NOTIFICATION_PIPE.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
>  tests/watchkey/test       |  9 ++++++++-
>  tests/watchkey/watchkey.c | 16 ++++++++++++++--
>  2 files changed, 22 insertions(+), 3 deletions(-)
>
> diff --git a/tests/watchkey/test b/tests/watchkey/test
> index f61ff78..38cbb74 100755
> --- a/tests/watchkey/test
> +++ b/tests/watchkey/test
> @@ -16,7 +16,14 @@ BEGIN {
>          $v = " ";
>      }
>
> -    plan tests => 2;
> +    $result = system "runcon -t test_watchkey_t $basedir/watchkey $v -c";
> +    if ( $result ne 0 ) {
> +        plan skip_all =>
> +"pipe2(2) does not support O_NOTIFICATION_PIPE; CONFIG_WATCH_QUEUE probably not set";
> +    }
> +    else {
> +        plan tests => 2;
> +    }
>  }
>
>  $result = system "runcon -t test_watchkey_t $basedir/watchkey $v";
> diff --git a/tests/watchkey/watchkey.c b/tests/watchkey/watchkey.c
> index c7f3274..4feba42 100644
> --- a/tests/watchkey/watchkey.c
> +++ b/tests/watchkey/watchkey.c
> @@ -27,8 +27,9 @@ static long keyctl_watch_key(int key, int watch_fd, int watch_id)
>  static void print_usage(char *progname)
>  {
>         fprintf(stderr,
> -               "usage:  %s [-v]\n"
> +               "usage:  %s [-cv]\n"
>                 "Where:\n\t"
> +               "-c  Check for availability.\n"
>                 "-v  Print information.\n", progname);
>         exit(-1);
>  }
> @@ -37,10 +38,14 @@ int main(int argc, char **argv)
>  {
>         int opt, fd, pipefd[2], result, save_errno;
>         char *context;
> +       bool check = false;
>         bool verbose = false;
>
> -       while ((opt = getopt(argc, argv, "v")) != -1) {
> +       while ((opt = getopt(argc, argv, "cv")) != -1) {
>                 switch (opt) {
> +               case 'c':
> +                       check = true;
> +                       break;
>                 case 'v':
>                         verbose = true;
>                         break;
> @@ -60,6 +65,13 @@ int main(int argc, char **argv)
>                 free(context);
>         }
>
> +       if (check) {
> +               result = pipe2(pipefd, O_NOTIFICATION_PIPE);
> +               if (!result || errno != ENOPKG)
> +                       exit(0);
> +               exit(-1);

This patch looks good to me, but I'd prefer to exit with a different
code here (e.g. positive 1) to explicitly distinguish this from the
exit via print_usage() or getcon() failure.

> +       }
> +
>         result = pipe2(pipefd, O_NOTIFICATION_PIPE);
>         if (result < 0) {
>                 fprintf(stderr, "Failed to create pipe2(2): %s\n",
> --
> 2.36.1
>

--
Ondrej Mosnacek
Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.