[LTP] [PATCH v3 0/3] fanotify14 on SELinux fix

[LTP] [PATCH v3 0/3] fanotify14 on SELinux fix

[Petr Vorel]

Changes v2->v3:
* merged first commit (unrelated cleanup)
* modify library to require to pass array size in TST_EXP_FAIL*_ARR()

Mete Durlu (1):
  fanotify14: fix anonymous pipe testcases

Petr Vorel (2):
  lib: Add tst_selinux_enforcing()
  tst_test_macros.h: Require to pass array size in TST_EXP_FAIL_ARR()

 include/tst_security.h                         |  1 +
 include/tst_test_macros.h                      |  8 ++++----
 lib/newlib_tests/test_macros02.c               |  8 ++++----
 lib/tst_security.c                             | 18 ++++++++++++++++--
 .../kernel/syscalls/fanotify/fanotify14.c      | 10 +++++++---
 .../kernel/syscalls/readahead/readahead01.c    |  2 +-
 6 files changed, 33 insertions(+), 14 deletions(-)

-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v3 1/3] lib: Add tst_selinux_enforcing()

[Petr Vorel]

Reviewed-by: Li Wang <liwang@redhat.com>
Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
Co-developed-by: Mete Durlu <meted@linux.ibm.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 include/tst_security.h |  1 +
 lib/tst_security.c     | 18 ++++++++++++++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/include/tst_security.h b/include/tst_security.h
index 438b16dbb..5d91f8a98 100644
--- a/include/tst_security.h
+++ b/include/tst_security.h
@@ -13,5 +13,6 @@ int tst_fips_enabled(void);
 
 int tst_lockdown_enabled(void);
 int tst_secureboot_enabled(void);
+int tst_selinux_enforcing(void);
 
 #endif /* TST_SECURITY_H__ */
diff --git a/lib/tst_security.c b/lib/tst_security.c
index 0fc704dfa..7d929fafe 100644
--- a/lib/tst_security.c
+++ b/lib/tst_security.c
@@ -7,6 +7,7 @@
 
 #define PATH_FIPS	"/proc/sys/crypto/fips_enabled"
 #define PATH_LOCKDOWN	"/sys/kernel/security/lockdown"
+#define SELINUX_STATUS_PATH "/sys/fs/selinux/enforce"
 
 #if defined(__powerpc64__) || defined(__ppc64__)
 # define SECUREBOOT_VAR "/proc/device-tree/ibm,secure-boot"
@@ -16,6 +17,7 @@
 # define VAR_DATA_SIZE 5
 #endif
 
+#include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/mount.h>
@@ -30,11 +32,11 @@ int tst_fips_enabled(void)
 {
 	int fips = 0;
 
-	if (access(PATH_FIPS, R_OK) == 0) {
+	if (access(PATH_FIPS, R_OK) == 0)
 		SAFE_FILE_SCANF(PATH_FIPS, "%d", &fips);
-	}
 
 	tst_res(TINFO, "FIPS: %s", fips ? "on" : "off");
+
 	return fips;
 }
 
@@ -99,3 +101,15 @@ int tst_secureboot_enabled(void)
 	tst_res(TINFO, "SecureBoot: %s", data[VAR_DATA_SIZE - 1] ? "on" : "off");
 	return data[VAR_DATA_SIZE - 1];
 }
+
+int tst_selinux_enforcing(void)
+{
+	int res = 0;
+
+	if (access(SELINUX_STATUS_PATH, F_OK) == 0)
+		SAFE_FILE_SCANF(SELINUX_STATUS_PATH, "%d", &res);
+
+	tst_res(TINFO, "SELinux enforcing: %s", res ? "on" : "off");
+
+	return res;
+}
-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v3 2/3] tst_test_macros.h: Require to pass array size in TST_EXP_FAIL*_ARR()

[Petr Vorel]

Although having to pass ARRAY_SIZE() of the expected errnos is not
ideal, it gives more flexibility to the tests allowing to use just
portion of the array (will be used in fanotify14 in the next commit).

It looks to be better than keep introduce yet another functions.

Suggested-by: Cyril Hrubis <chrubis@suse.cz>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 include/tst_test_macros.h                         | 8 ++++----
 lib/newlib_tests/test_macros02.c                  | 8 ++++----
 testcases/kernel/syscalls/readahead/readahead01.c | 2 +-
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/tst_test_macros.h b/include/tst_test_macros.h
index d2e50a219..6a7bcdce5 100644
--- a/include/tst_test_macros.h
+++ b/include/tst_test_macros.h
@@ -242,9 +242,9 @@ const char *tst_errno_names(char *buf, const int *exp_errs, int exp_errs_cnt);
                                   ##__VA_ARGS__);                              \
 	} while (0)
 
-#define TST_EXP_FAIL_ARR(SCALL, EXP_ERRS, ...)                                 \
+#define TST_EXP_FAIL_ARR(SCALL, EXP_ERRS, EXP_ERRS_CNT, ...)                   \
 		TST_EXP_FAIL_ARR_(SCALL, #SCALL, EXP_ERRS,                     \
-				  ARRAY_SIZE(EXP_ERRS), ##__VA_ARGS__);
+				  EXP_ERRS_CNT, ##__VA_ARGS__);
 
 #define TST_EXP_FAIL2_ARR_(SCALL, SSCALL, EXP_ERRS, EXP_ERRS_CNT, ...)         \
 	do {                                                                   \
@@ -254,9 +254,9 @@ const char *tst_errno_names(char *buf, const int *exp_errs, int exp_errs_cnt);
 			TST_MSG_(TPASS | TTERRNO, " ", SSCALL, ##__VA_ARGS__); \
 	} while (0)
 
-#define TST_EXP_FAIL2_ARR(SCALL, EXP_ERRS, ...)                                \
+#define TST_EXP_FAIL2_ARR(SCALL, EXP_ERRS, EXP_ERRS_CNT, ...)                \
 		TST_EXP_FAIL2_ARR_(SCALL, #SCALL, EXP_ERRS,                    \
-		                  ARRAY_SIZE(EXP_ERRS), ##__VA_ARGS__);
+		                  EXP_ERRS_CNT, ##__VA_ARGS__);
 
 #define TST_EXP_FAIL2(SCALL, EXP_ERR, ...)                                     \
 	do {                                                                   \
diff --git a/lib/newlib_tests/test_macros02.c b/lib/newlib_tests/test_macros02.c
index 6c1ca7a8a..8e5a83346 100644
--- a/lib/newlib_tests/test_macros02.c
+++ b/lib/newlib_tests/test_macros02.c
@@ -39,9 +39,9 @@ static void do_test(void)
 	tst_res(TINFO, "TST_PASS = %i", TST_PASS);
 	TST_EXP_FAIL(inval_ret_fn(), ENOTTY, "inval_ret_fn()");
 	tst_res(TINFO, "TST_PASS = %i", TST_PASS);
-	TST_EXP_FAIL_ARR(fail_fn(), exp_errs_pass, "fail_fn()");
+	TST_EXP_FAIL_ARR(fail_fn(), exp_errs_pass, ARRAY_SIZE(exp_errs_pass), "fail_fn()");
 	tst_res(TINFO, "TST_PASS = %i", TST_PASS);
-	TST_EXP_FAIL_ARR(fail_fn(), exp_errs_fail, "fail_fn()");
+	TST_EXP_FAIL_ARR(fail_fn(), exp_errs_fail, ARRAY_SIZE(exp_errs_fail), "fail_fn()");
 	tst_res(TINFO, "TST_PASS = %i", TST_PASS);
 
 	tst_res(TINFO, "Testing TST_EXP_FAIL2 macro");
@@ -53,9 +53,9 @@ static void do_test(void)
 	tst_res(TINFO, "TST_PASS = %i", TST_PASS);
 	TST_EXP_FAIL2(inval_ret_fn(), ENOTTY, "inval_ret_fn()");
 	tst_res(TINFO, "TST_PASS = %i", TST_PASS);
-	TST_EXP_FAIL2_ARR(fail_fn(), exp_errs_pass, "fail_fn()");
+	TST_EXP_FAIL2_ARR(fail_fn(), exp_errs_pass, ARRAY_SIZE(exp_errs_pass), "fail_fn()");
 	tst_res(TINFO, "TST_PASS = %i", TST_PASS);
-	TST_EXP_FAIL2_ARR(fail_fn(), exp_errs_fail, "fail_fn()");
+	TST_EXP_FAIL2_ARR(fail_fn(), exp_errs_fail, ARRAY_SIZE(exp_errs_fail), "fail_fn()");
 	tst_res(TINFO, "TST_PASS = %i", TST_PASS);
 }
 
diff --git a/testcases/kernel/syscalls/readahead/readahead01.c b/testcases/kernel/syscalls/readahead/readahead01.c
index 0f610daf8..d4b3f306f 100644
--- a/testcases/kernel/syscalls/readahead/readahead01.c
+++ b/testcases/kernel/syscalls/readahead/readahead01.c
@@ -61,7 +61,7 @@ static void test_invalid_fd(struct tst_fd *fd)
 	int exp_errnos[] = {EBADF, EINVAL, ESPIPE};
 
 	TST_EXP_FAIL_ARR(readahead(fd->fd, 0, getpagesize()), exp_errnos,
-			"readahead() on %s", tst_fd_desc(fd));
+			ARRAY_SIZE(exp_errnos), "readahead() on %s", tst_fd_desc(fd));
 }
 
 static void test_readahead(void)
-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

[LTP] [PATCH v3 3/3] fanotify14: fix anonymous pipe testcases

[Petr Vorel]

From: Mete Durlu <meted@linux.ibm.com>

When SElinux is in enforcing state and SEpolicies disallow anonymous
pipe usage with fanotify_mark(), related fanotify14 testcases fail with
EACCES instead of EINVAL. Accept both errnos when SElinux is in
enforcing state to correctly evaluate test results.

Replace TST_EXP_FD_OR_FAIL with TST_EXP_FAIL when testing
fanotify_mark() as it returns -1 on failure and 0 on success not a file
descriptor.

Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Co-developed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mete Durlu <meted@linux.ibm.com>
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
 testcases/kernel/syscalls/fanotify/fanotify14.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/testcases/kernel/syscalls/fanotify/fanotify14.c b/testcases/kernel/syscalls/fanotify/fanotify14.c
index d02d81495..ee583a095 100644
--- a/testcases/kernel/syscalls/fanotify/fanotify14.c
+++ b/testcases/kernel/syscalls/fanotify/fanotify14.c
@@ -47,6 +47,7 @@ static int pipes[2] = {-1, -1};
 static int fanotify_fd;
 static int ignore_mark_unsupported;
 static int filesystem_mark_unsupported;
+static int se_enforcing;
 static unsigned int supported_init_flags;
 
 struct test_case_flags_t {
@@ -274,6 +275,7 @@ static void do_test(unsigned int number)
 
 	/* Set mark on non-dir only when expecting error ENOTDIR */
 	const char *path = tc->expected_errno == ENOTDIR ? FILE1 : MNTPOINT;
+	const int exp_errs[] = {tc->expected_errno, EACCES};
 	int dirfd = AT_FDCWD;
 
 	if (tc->pfd) {
@@ -283,9 +285,9 @@ static void do_test(unsigned int number)
 
 	tst_res(TINFO, "Testing %s with %s",
 		tc->mark.desc, tc->mask.desc);
-	TST_EXP_FD_OR_FAIL(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags,
-					 tc->mask.flags, dirfd, path),
-					 tc->expected_errno);
+
+	TST_EXP_FAIL_ARR(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags,
+			 tc->mask.flags, dirfd, path), exp_errs, se_enforcing ? 2 : 1);
 
 	/*
 	 * ENOTDIR are errors for events/flags not allowed on a non-dir inode.
@@ -334,6 +336,8 @@ static void do_setup(void)
 	SAFE_FILE_PRINTF(FILE1, "0");
 	/* Create anonymous pipes to place marks on */
 	SAFE_PIPE2(pipes, O_CLOEXEC);
+
+	se_enforcing = tst_selinux_enforcing();
 }
 
 static void do_cleanup(void)
-- 
2.43.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v3 2/3] tst_test_macros.h: Require to pass array size in TST_EXP_FAIL*_ARR()

[Petr Vorel]

Hi all,

> Although having to pass ARRAY_SIZE() of the expected errnos is not
> ideal, it gives more flexibility to the tests allowing to use just
> portion of the array (will be used in fanotify14 in the next commit).

> It looks to be better than keep introduce yet another functions.

I'm sorry, also splice07.c needs to be updated. I'll fix it before merge
(unless more changes require to send new version).

Kind regards,
Petr

+++ testcases/kernel/syscalls/splice/splice07.c
@@ -54,7 +54,7 @@ static void check_splice(struct tst_fd *fd_in, struct tst_fd *fd_out)
 	const int exp_errnos[] = {EBADF, EINVAL};
 
 	TST_EXP_FAIL2_ARR(splice(fd_in->fd, NULL, fd_out->fd, NULL, 1, 0),
-		exp_errnos, "splice() on %s -> %s",
+		exp_errnos, ARRAY_SIZE(exp_errnos), "splice() on %s -> %s",
 		tst_fd_desc(fd_in), tst_fd_desc(fd_out));
 }
 

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v3 2/3] tst_test_macros.h: Require to pass array size in TST_EXP_FAIL*_ARR()

[Cyril Hrubis]

Hi!
Looks good to me, I would go with this change:

Reviewed-by: Cyril Hrubis <chrubis@suse.cz>

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v3 3/3] fanotify14: fix anonymous pipe testcases

[Petr Vorel]

Hi all,

FYI patchset merged.
Thanks to all for your time!

Kind regards,
Petr

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp