From: "Günther Noack" <gnoack3000@gmail.com>
To: "Mickaël Salaün" <mic@digikod.net>
Cc: linux-security-module@vger.kernel.org,
James Morris <jmorris@namei.org>,
Paul Moore <paul@paul-moore.com>,
"Serge E . Hallyn" <serge@hallyn.com>,
linux-fsdevel@vger.kernel.org,
Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Subject: Re: [PATCH v6 3/5] selftests/landlock: Selftests for file truncation support
Date: Sun, 25 Sep 2022 20:10:06 +0200 [thread overview]
Message-ID: <YzCZfiwIVOcjCxQo@nuc> (raw)
In-Reply-To: <5233611f-1dba-3ecb-670f-fff61820e9d6@digikod.net>
On Fri, Sep 23, 2022 at 10:54:55PM +0200, Mickaël Salaün wrote:
>
> On 23/09/2022 19:50, Günther Noack wrote:
> > On Fri, Sep 16, 2022 at 07:05:44PM +0200, Mickaël Salaün wrote:
> > > I'd like to have tests similar to base_test.c:ruleset_fd_transfer to check
> > > ftruncate with different kind of file descriptors and not-sandboxed
> > > processes. That would require some code refactoring to reuse the FD passing
> > > code.
> >
> > Done. I factored out the FD sending and receiving into helper function in common.h.
>
> Please use a dedicated patch for this refactoring.
+1, will do.
> > > On 08/09/2022 21:58, Günther Noack wrote:
> > > > diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
> > > > index 87b28d14a1aa..ddc8c7e57e86 100644
> > > > --- a/tools/testing/selftests/landlock/fs_test.c
> > > > +++ b/tools/testing/selftests/landlock/fs_test.c
> > > > ...
> > > > +TEST_F_FORK(layout1, truncate)
> > > > +{
> > > > + const char *const file_rwt = file1_s1d1;
> > > > + const char *const file_rw = file2_s1d1;
> > > > + const char *const file_rt = file1_s1d2;
> > > > + const char *const file_t = file2_s1d2;
> > > > + const char *const file_none = file1_s1d3;
> > > > + const char *const dir_t = dir_s2d1;
> > > > + const char *const file_in_dir_t = file1_s2d1;
> > > > + const char *const dir_w = dir_s3d1;
> > > > + const char *const file_in_dir_w = file1_s3d1;
> > > > + int file_rwt_fd, file_rw_fd;
> > >
> > > These variables are unused now.
> >
> > Good catch, done.
> >
> > > > +TEST_F_FORK(layout1, ftruncate)
> > >
> > > Great!
> > >
> > > > +{
> > > > + /*
> > > > + * This test opens a new file descriptor at different stages of
> > > > + * Landlock restriction:
> > > > + *
> > > > + * without restriction: ftruncate works
> > > > + * something else but truncate restricted: ftruncate works
> > > > + * truncate restricted and permitted: ftruncate works
> > > > + * truncate restricted and not permitted: ftruncate fails
> > > > + *
> > > > + * Whether this works or not is expected to depend on the time when the
> > > > + * FD was opened, not to depend on the time when ftruncate() was
> > > > + * called.
> > > > + */
> > > > + const char *const path = file1_s1d1;
> > > > + int fd0, fd1, fd2, fd3;
> > >
> > > You can rename them fd_layer0, fd_layer1…
> >
> > Done.
> >
> > > > + fd0 = open(path, O_WRONLY);
> > > > + EXPECT_EQ(0, test_ftruncate(fd0));
> > > > +
> > > > + landlock_single_path(_metadata, path,
> > > > + LANDLOCK_ACCESS_FS_READ_FILE |
> > > > + LANDLOCK_ACCESS_FS_WRITE_FILE,
> > > > + LANDLOCK_ACCESS_FS_WRITE_FILE);
> > >
> > > I'd prefer to follow the current way to write rule layers: write all struct
> > > rule at first and then call each enforcement steps. It is a bit more verbose
> > > but easier to understand errors. The list of test_ftruncate checks are
> > > straightforward to follow.
> >
> > Done.
> >
> >
> > > > + fd1 = open(path, O_WRONLY);
> > > > + EXPECT_EQ(0, test_ftruncate(fd0));
> > > > + EXPECT_EQ(0, test_ftruncate(fd1));
> > > > +
> > > > + landlock_single_path(_metadata, path, LANDLOCK_ACCESS_FS_TRUNCATE,
> > > > + LANDLOCK_ACCESS_FS_TRUNCATE);
> > > > +
> > > > + fd2 = open(path, O_WRONLY);
> > > > + EXPECT_EQ(0, test_ftruncate(fd0));
> > > > + EXPECT_EQ(0, test_ftruncate(fd1));
> > > > + EXPECT_EQ(0, test_ftruncate(fd2));
> > > > +
> > > > + landlock_single_path(_metadata, path,
> > > > + LANDLOCK_ACCESS_FS_TRUNCATE |
> > > > + LANDLOCK_ACCESS_FS_WRITE_FILE,
> > > > + LANDLOCK_ACCESS_FS_WRITE_FILE);
> > > > +
> > > > + fd3 = open(path, O_WRONLY);
> > > > + EXPECT_EQ(0, test_ftruncate(fd0));
> > > > + EXPECT_EQ(0, test_ftruncate(fd1));
> > > > + EXPECT_EQ(0, test_ftruncate(fd2));
> > > > + EXPECT_EQ(EACCES, test_ftruncate(fd3));
> > > > +
> > > > + ASSERT_EQ(0, close(fd0));
> > > > + ASSERT_EQ(0, close(fd1));
> > > > + ASSERT_EQ(0, close(fd2));
> > > > + ASSERT_EQ(0, close(fd3));
> > > > +}
> > > > +
> > > > /* clang-format off */
> > > > FIXTURE(layout1_bind) {};
> > > > /* clang-format on */
> >
--
next prev parent reply other threads:[~2022-09-25 18:10 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-08 19:58 [PATCH v6 0/5] landlock: truncate support Günther Noack
2022-09-08 19:58 ` [PATCH v6 1/5] security: create file_truncate hook from path_truncate hook Günther Noack
2022-09-08 20:09 ` Paul Moore
2022-09-08 20:50 ` Günther Noack
2022-09-08 22:04 ` Tetsuo Handa
2022-09-08 20:28 ` Günther Noack
2022-09-16 17:30 ` Mickaël Salaün
2022-09-26 16:07 ` Günther Noack
2022-09-28 20:04 ` Mickaël Salaün
2022-09-29 2:55 ` Namjae Jeon
2022-09-09 3:37 ` John Johansen
2022-09-09 13:50 ` Mickaël Salaün
2022-09-08 19:58 ` [PATCH v6 2/5] landlock: Support file truncation Günther Noack
2022-09-09 13:51 ` Mickaël Salaün
2022-09-12 15:28 ` Günther Noack
2022-09-12 18:37 ` Mickaël Salaün
2022-09-12 19:04 ` Günther Noack
2022-09-12 19:41 ` Mickaël Salaün
2022-09-23 11:21 ` Günther Noack
2022-09-23 20:53 ` Mickaël Salaün
2022-09-25 18:09 ` Günther Noack
2022-09-28 18:32 ` Mickaël Salaün
2022-09-29 19:22 ` Günther Noack
2022-09-30 15:56 ` Mickaël Salaün
2022-09-08 19:58 ` [PATCH v6 3/5] selftests/landlock: Selftests for file truncation support Günther Noack
2022-09-16 17:05 ` Mickaël Salaün
2022-09-23 17:50 ` Günther Noack
2022-09-23 20:54 ` Mickaël Salaün
2022-09-25 18:10 ` Günther Noack [this message]
2022-09-08 19:58 ` [PATCH v6 4/5] samples/landlock: Extend sample tool to support LANDLOCK_ACCESS_FS_TRUNCATE Günther Noack
2022-09-12 19:05 ` Mickaël Salaün
2022-09-12 19:07 ` Günther Noack
2022-09-08 19:58 ` [PATCH v6 5/5] landlock: Document Landlock's file truncation support Günther Noack
2022-09-09 13:51 ` Mickaël Salaün
2022-09-12 15:46 ` Günther Noack
2022-09-12 17:47 ` Mickaël Salaün
2022-09-12 19:05 ` Günther Noack
2022-09-12 19:15 ` Mickaël Salaün
2022-09-23 11:30 ` Günther Noack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YzCZfiwIVOcjCxQo@nuc \
--to=gnoack3000@gmail.com \
--cc=jmorris@namei.org \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.