From: Andre Przywara <andre.przywara@arm.com>
To: "Mickaël Salaün" <mic@digikod.net>, "Shuah Khan" <shuah@kernel.org>
Cc: linux-security-module@vger.kernel.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH 2/2] selftests: landlock: skip all tests without landlock syscall
Date: Wed, 9 Aug 2023 18:04:35 +0100 [thread overview]
Message-ID: <20230809170435.1312162-3-andre.przywara@arm.com> (raw)
In-Reply-To: <20230809170435.1312162-1-andre.przywara@arm.com>
"landlock" is a relatively new syscall, and most defconfigs do not enable
it (yet). On systems without this syscall available, the selftests fail
at the moment, instead of being skipped.
Check the availability of the landlock system call before executing each
test, and skip the rest of the tests if we get an ENOSYS back.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
---
tools/testing/selftests/landlock/base_test.c | 27 ++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/tools/testing/selftests/landlock/base_test.c b/tools/testing/selftests/landlock/base_test.c
index 1e3b6de57e80e..c539cec775fba 100644
--- a/tools/testing/selftests/landlock/base_test.c
+++ b/tools/testing/selftests/landlock/base_test.c
@@ -21,12 +21,20 @@
#define O_PATH 010000000
#endif
+static bool has_syscall(void)
+{
+ return landlock_create_ruleset(NULL, 0, 0) == -1 && errno != ENOSYS;
+}
+
TEST(inconsistent_attr)
{
const long page_size = sysconf(_SC_PAGESIZE);
char *const buf = malloc(page_size + 1);
struct landlock_ruleset_attr *const ruleset_attr = (void *)buf;
+ if (!has_syscall())
+ SKIP(return, "landlock syscall not available");
+
ASSERT_NE(NULL, buf);
/* Checks copy_from_user(). */
@@ -75,6 +83,10 @@ TEST(abi_version)
const struct landlock_ruleset_attr ruleset_attr = {
.handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE,
};
+
+ if (!has_syscall())
+ SKIP(return, "landlock syscall not available");
+
ASSERT_NE(0, landlock_create_ruleset(NULL, 0,
LANDLOCK_CREATE_RULESET_VERSION));
@@ -107,6 +119,9 @@ TEST(create_ruleset_checks_ordering)
.handled_access_fs = LANDLOCK_ACCESS_FS_READ_FILE,
};
+ if (!has_syscall())
+ SKIP(return, "landlock syscall not available");
+
/* Checks priority for invalid flags. */
ASSERT_EQ(-1, landlock_create_ruleset(NULL, 0, invalid_flag));
ASSERT_EQ(EINVAL, errno);
@@ -153,6 +168,9 @@ TEST(add_rule_checks_ordering)
const int ruleset_fd =
landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
+ if (!has_syscall())
+ SKIP(return, "landlock syscall not available");
+
ASSERT_LE(0, ruleset_fd);
/* Checks invalid flags. */
@@ -200,6 +218,9 @@ TEST(restrict_self_checks_ordering)
const int ruleset_fd =
landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
+ if (!has_syscall())
+ SKIP(return, "landlock syscall not available");
+
ASSERT_LE(0, ruleset_fd);
path_beneath_attr.parent_fd =
open("/tmp", O_PATH | O_NOFOLLOW | O_DIRECTORY | O_CLOEXEC);
@@ -240,6 +261,9 @@ TEST(ruleset_fd_io)
int ruleset_fd;
char buf;
+ if (!has_syscall())
+ SKIP(return, "landlock syscall not available");
+
drop_caps(_metadata);
ruleset_fd =
landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0);
@@ -267,6 +291,9 @@ TEST(ruleset_fd_transfer)
pid_t child;
int status;
+ if (!has_syscall())
+ SKIP(return, "landlock syscall not available");
+
drop_caps(_metadata);
/* Creates a test ruleset with a simple rule. */
--
2.25.1
next prev parent reply other threads:[~2023-08-09 17:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-09 17:04 [PATCH 0/2] selftests: landlock: fix runs on older systems Andre Przywara
2023-08-09 17:04 ` [PATCH 1/2] selftests: landlock: allow other ABI versions Andre Przywara
2023-08-09 17:04 ` Andre Przywara [this message]
2023-08-17 17:26 ` [PATCH 2/2] selftests: landlock: skip all tests without landlock syscall Mickaël Salaün
2023-08-17 17:25 ` [PATCH 0/2] selftests: landlock: fix runs on older systems Mickaël Salaün
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230809170435.1312162-3-andre.przywara@arm.com \
--to=andre.przywara@arm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.