Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d18955d

Browse files
l0kodl0kod
committed
selftests/landlock: Extend access right tests to directories
Make sure that all filesystem access rights can be tied to directories. Rename layout1.file_access_rights to layout1.file_and_dir_access_rights to reflect this change. Cc: Shuah Khan <[email protected]> Link: https://lore.kernel.org/r/[email protected] Cc: [email protected] Signed-off-by: Mickaël Salaün <[email protected]>
1 parent c56b3bf commit d18955d

File tree

1 file changed

+22
-8
lines changed

1 file changed

+22
-8
lines changed

tools/testing/selftests/landlock/fs_test.c

Lines changed: 22 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -418,11 +418,12 @@ TEST_F_FORK(layout1, inval)
418418

419419
/* clang-format on */
420420

421-
TEST_F_FORK(layout1, file_access_rights)
421+
TEST_F_FORK(layout1, file_and_dir_access_rights)
422422
{
423423
__u64 access;
424424
int err;
425-
struct landlock_path_beneath_attr path_beneath = {};
425+
struct landlock_path_beneath_attr path_beneath_file = {},
426+
path_beneath_dir = {};
426427
struct landlock_ruleset_attr ruleset_attr = {
427428
.handled_access_fs = ACCESS_ALL,
428429
};
@@ -432,20 +433,33 @@ TEST_F_FORK(layout1, file_access_rights)
432433
ASSERT_LE(0, ruleset_fd);
433434

434435
/* Tests access rights for files. */
435-
path_beneath.parent_fd = open(file1_s1d2, O_PATH | O_CLOEXEC);
436-
ASSERT_LE(0, path_beneath.parent_fd);
436+
path_beneath_file.parent_fd = open(file1_s1d2, O_PATH | O_CLOEXEC);
437+
ASSERT_LE(0, path_beneath_file.parent_fd);
438+
439+
/* Tests access rights for directories. */
440+
path_beneath_dir.parent_fd =
441+
open(dir_s1d2, O_PATH | O_DIRECTORY | O_CLOEXEC);
442+
ASSERT_LE(0, path_beneath_dir.parent_fd);
443+
437444
for (access = 1; access <= ACCESS_LAST; access <<= 1) {
438-
path_beneath.allowed_access = access;
445+
path_beneath_dir.allowed_access = access;
446+
ASSERT_EQ(0, landlock_add_rule(ruleset_fd,
447+
LANDLOCK_RULE_PATH_BENEATH,
448+
&path_beneath_dir, 0));
449+
450+
path_beneath_file.allowed_access = access;
439451
err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH,
440-
&path_beneath, 0);
441-
if ((access | ACCESS_FILE) == ACCESS_FILE) {
452+
&path_beneath_file, 0);
453+
if (access & ACCESS_FILE) {
442454
ASSERT_EQ(0, err);
443455
} else {
444456
ASSERT_EQ(-1, err);
445457
ASSERT_EQ(EINVAL, errno);
446458
}
447459
}
448-
ASSERT_EQ(0, close(path_beneath.parent_fd));
460+
ASSERT_EQ(0, close(path_beneath_file.parent_fd));
461+
ASSERT_EQ(0, close(path_beneath_dir.parent_fd));
462+
ASSERT_EQ(0, close(ruleset_fd));
449463
}
450464

451465
TEST_F_FORK(layout1, unknown_access_rights)

0 commit comments

Comments
 (0)