[PATCH v6 1/1] selftests/landlock: skip overlayfs test when kernel not support it

Guenter Roeck groeck at google.com
Thu Dec 29 20:18:08 UTC 2022


On Thu, Dec 29, 2022 at 12:12 PM <jeffxu at chromium.org> wrote:
>
> From: Jeff Xu <jeffxu at google.com>
>
> Overlayfs can be disabled in kernel config, causing related tests to
> fail. Add check for overlayfs’s supportability at runtime,
> so we can call SKIP() when needed.
>
> Signed-off-by: Jeff Xu <jeffxu at google.com>
> ---
>  tools/testing/selftests/landlock/fs_test.c | 56 ++++++++++++++++++++++
>  1 file changed, 56 insertions(+)
>
> diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
> index 21a2ce8fa739..2d84c055f86f 100644
> --- a/tools/testing/selftests/landlock/fs_test.c
> +++ b/tools/testing/selftests/landlock/fs_test.c
> @@ -11,6 +11,7 @@
>  #include <fcntl.h>
>  #include <linux/landlock.h>
>  #include <sched.h>
> +#include <stdio.h>
>  #include <string.h>
>  #include <sys/capability.h>
>  #include <sys/mount.h>
> @@ -62,6 +63,7 @@ static const char dir_s3d1[] = TMP_DIR "/s3d1";
>  static const char dir_s3d2[] = TMP_DIR "/s3d1/s3d2";
>  static const char dir_s3d3[] = TMP_DIR "/s3d1/s3d2/s3d3";
>
> +static const char proc_filesystems[] = "/proc/filesystems";
>  /*
>   * layout1 hierarchy:
>   *
> @@ -169,6 +171,48 @@ static int remove_path(const char *const path)
>         return err;
>  }
>
> +static bool fgrep(FILE *inf, const char *str)
> +{
> +       char line[32];
> +       int slen = strlen(str);
> +
> +       while (!feof(inf)) {
> +               if (!fgets(line, sizeof(line), inf))
> +                       break;
> +               if (strncmp(line, str, slen))
> +                       continue;
> +
> +               return true;
> +       }
> +
> +       return false;
> +}
> +
> +static bool supports_overlayfs(void)
> +{
> +       char *res;
> +       bool ret = false;

Unnecessary initialization.

> +       FILE *inf = fopen(proc_filesystems, "r");
> +
> +       /*
> +        * If fopen failed, return supported.
> +        * This help detect missing file (shall not
> +        * happen).
> +        */
> +       if (!inf)
> +               return true;
> +
> +       ret = fgrep(inf, "nodev\toverlay\n");
> +
> +       if (res)
> +               free(res);

Either I am missing something, or res is neither initialized nor used.

Guenter

> +
> +       fclose(inf);
> +
> +       return ret;
> +}
> +
> +
>  static void prepare_layout(struct __test_metadata *const _metadata)
>  {
>         disable_caps(_metadata);
> @@ -3404,6 +3448,9 @@ FIXTURE(layout2_overlay) {};
>
>  FIXTURE_SETUP(layout2_overlay)
>  {
> +       if (!supports_overlayfs())
> +               SKIP(return, "overlayfs is not supported");
> +
>         prepare_layout(_metadata);
>
>         create_directory(_metadata, LOWER_BASE);
> @@ -3440,6 +3487,9 @@ FIXTURE_SETUP(layout2_overlay)
>
>  FIXTURE_TEARDOWN(layout2_overlay)
>  {
> +       if (!supports_overlayfs())
> +               SKIP(return, "overlayfs is not supported");
> +
>         EXPECT_EQ(0, remove_path(lower_do1_fl3));
>         EXPECT_EQ(0, remove_path(lower_dl1_fl2));
>         EXPECT_EQ(0, remove_path(lower_fl1));
> @@ -3471,6 +3521,9 @@ FIXTURE_TEARDOWN(layout2_overlay)
>
>  TEST_F_FORK(layout2_overlay, no_restriction)
>  {
> +       if (!supports_overlayfs())
> +               SKIP(return, "overlayfs is not supported");
> +
>         ASSERT_EQ(0, test_open(lower_fl1, O_RDONLY));
>         ASSERT_EQ(0, test_open(lower_dl1, O_RDONLY));
>         ASSERT_EQ(0, test_open(lower_dl1_fl2, O_RDONLY));
> @@ -3634,6 +3687,9 @@ TEST_F_FORK(layout2_overlay, same_content_different_file)
>         size_t i;
>         const char *path_entry;
>
> +       if (!supports_overlayfs())
> +               SKIP(return, "overlayfs is not supported");
> +
>         /* Sets rules on base directories (i.e. outside overlay scope). */
>         ruleset_fd = create_ruleset(_metadata, ACCESS_RW, layer1_base);
>         ASSERT_LE(0, ruleset_fd);
> --
> 2.39.0.314.g84b9a713c41-goog
>



More information about the Linux-security-module-archive mailing list