| Message ID | 20240801-landlock-v5-0-663d7383b335@suse.com |
|---|---|
| Headers | show |
| Series | landlock testing suite | expand |
Pushed with https://github.com/linux-test-project/ltp/commit/e7ebc637d0d99295490adf57660a3b3a177d65d3 on top of it, in order to remove CONFIG_SECURITY_LANDLOCK from all landlock tests. Best regards, Andrea On 8/1/24 14:08, Andrea Cervesato wrote: > This testing suite is meant to test the following syscalls: > > - landlock_create_ruleset > - landlock_add_rule > - landlock_restrict_self > > Documentation can be found in kernel manuals and inside the official > kernel documentation at > > https://www.kernel.org/doc/html/latest/userspace-api/landlock.html > > Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com> > --- > Changes in v5: > - landlock0[123]: remove minimum kernel check > - landlock04: cleanup/setup for sandbox folder, enforce_ruleset() inside > the child, skip vfat and exfat for some tests, now working with -i >= 0 > - landlock05: remove minimum kernel check > - landlock06: remove exfat from skip > - Link to v4: https://lore.kernel.org/r/20240725-landlock-v4-0-66f5a1c0c693@suse.com > > Changes in v4: > - landlock03: fix TBROK on -i usage > - landlock04: fix EINVAL caused by namespace sharing on kernel <=6.6 > - Link to v3: https://lore.kernel.org/r/20240711-landlock-v3-0-c7b0e9edf9b0@suse.com > > Changes in v3: > - landlock01: 1 byte less when > HAVE_STRUCT_LANDLOCK_RULESET_ATTR_HANDLED_ACCESS_NET is defined > - landlock04: dynamically assign read/exec permissions to dependences > - landlock05: estetic fix and skip exfat > - landlock06: estetic fix and skip exfat > - Link to v2: https://lore.kernel.org/r/20240710-landlock-v2-0-ff79db017d57@suse.com > > Changes in v2: > - remove -lc unused dependency from Makefile > - move SAFE_LANDLOCK_* macros in lapi/landlock.h > - define CAP_MKNOD in the lapi/capability.h > - fix landlock fallback in order to let LTP build properly > - fix landlock01 EINVAL test when "struct landlock_ruleset_attr" size is > too small > - Link to v1: https://lore.kernel.org/r/20240701-landlock-v1-0-58e9af649a72@suse.com > > --- > Andrea Cervesato (6): > Get ABI version from landlock common library > Add CAP_MKNOD fallback in lapi/capability.h > Disable kernel version check in landlock tests > Add landlock04 test > Add landlock05 test > Add landlock06 test > > include/lapi/capability.h | 12 +- > runtest/syscalls | 3 + > testcases/kernel/syscalls/landlock/.gitignore | 4 + > testcases/kernel/syscalls/landlock/landlock01.c | 1 - > testcases/kernel/syscalls/landlock/landlock02.c | 1 - > testcases/kernel/syscalls/landlock/landlock03.c | 1 - > testcases/kernel/syscalls/landlock/landlock04.c | 212 +++++++++++ > testcases/kernel/syscalls/landlock/landlock05.c | 118 +++++++ > testcases/kernel/syscalls/landlock/landlock06.c | 107 ++++++ > .../kernel/syscalls/landlock/landlock_common.h | 4 +- > testcases/kernel/syscalls/landlock/landlock_exec.c | 9 + > .../kernel/syscalls/landlock/landlock_tester.h | 393 +++++++++++++++++++++ > 12 files changed, 857 insertions(+), 8 deletions(-) > --- > base-commit: eee3b2dd6d9dae6120646bc14c30e460989d7df6 > change-id: 20240617-landlock-c48a4623a447 > > Best regards,
This testing suite is meant to test the following syscalls: - landlock_create_ruleset - landlock_add_rule - landlock_restrict_self Documentation can be found in kernel manuals and inside the official kernel documentation at https://www.kernel.org/doc/html/latest/userspace-api/landlock.html Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com> --- Changes in v5: - landlock0[123]: remove minimum kernel check - landlock04: cleanup/setup for sandbox folder, enforce_ruleset() inside the child, skip vfat and exfat for some tests, now working with -i >= 0 - landlock05: remove minimum kernel check - landlock06: remove exfat from skip - Link to v4: https://lore.kernel.org/r/20240725-landlock-v4-0-66f5a1c0c693@suse.com Changes in v4: - landlock03: fix TBROK on -i usage - landlock04: fix EINVAL caused by namespace sharing on kernel <=6.6 - Link to v3: https://lore.kernel.org/r/20240711-landlock-v3-0-c7b0e9edf9b0@suse.com Changes in v3: - landlock01: 1 byte less when HAVE_STRUCT_LANDLOCK_RULESET_ATTR_HANDLED_ACCESS_NET is defined - landlock04: dynamically assign read/exec permissions to dependences - landlock05: estetic fix and skip exfat - landlock06: estetic fix and skip exfat - Link to v2: https://lore.kernel.org/r/20240710-landlock-v2-0-ff79db017d57@suse.com Changes in v2: - remove -lc unused dependency from Makefile - move SAFE_LANDLOCK_* macros in lapi/landlock.h - define CAP_MKNOD in the lapi/capability.h - fix landlock fallback in order to let LTP build properly - fix landlock01 EINVAL test when "struct landlock_ruleset_attr" size is too small - Link to v1: https://lore.kernel.org/r/20240701-landlock-v1-0-58e9af649a72@suse.com --- Andrea Cervesato (6): Get ABI version from landlock common library Add CAP_MKNOD fallback in lapi/capability.h Disable kernel version check in landlock tests Add landlock04 test Add landlock05 test Add landlock06 test include/lapi/capability.h | 12 +- runtest/syscalls | 3 + testcases/kernel/syscalls/landlock/.gitignore | 4 + testcases/kernel/syscalls/landlock/landlock01.c | 1 - testcases/kernel/syscalls/landlock/landlock02.c | 1 - testcases/kernel/syscalls/landlock/landlock03.c | 1 - testcases/kernel/syscalls/landlock/landlock04.c | 212 +++++++++++ testcases/kernel/syscalls/landlock/landlock05.c | 118 +++++++ testcases/kernel/syscalls/landlock/landlock06.c | 107 ++++++ .../kernel/syscalls/landlock/landlock_common.h | 4 +- testcases/kernel/syscalls/landlock/landlock_exec.c | 9 + .../kernel/syscalls/landlock/landlock_tester.h | 393 +++++++++++++++++++++ 12 files changed, 857 insertions(+), 8 deletions(-) --- base-commit: eee3b2dd6d9dae6120646bc14c30e460989d7df6 change-id: 20240617-landlock-c48a4623a447 Best regards,