[PATCH v2 00/10] Minor Landlock fixes and new tests
Mickaël Salaün
mic at digikod.net
Fri May 6 16:08:10 UTC 2022
Hi,
This series contains some minor code and documentation fixes. There is
also some miscellaneous new tests to improve coverage and that may help
for future access types (e.g. networking).
The important new patches are the last three ones. They change the
landlock_add_rule(2) and landlock_restrict_self(2) check orderings to
make them more consistent according to future Landlock rule types (e.g.
networking).
As suggested by Alejandro Colomar [1], I removed the
landlock_add_rule(2) signature fix. I added a new patch to test O_PATH
behavior.
Test coverage for security/landlock was 94.4% of 500 lines, and it is
now 94.4% of 504 lines according to gcc/gcov-11.
I also fixed some typos and formatted the code with clang-format. This
series can be applied on top of
https://lore.kernel.org/r/20220506160513.523257-1-mic@digikod.net
[1] https://lore.kernel.org/r/ae52c028-05c7-c22e-fc47-d97ee4a2f6c7@gmail.com
Previous version:
https://lore.kernel.org/r/20220221155311.166278-1-mic@digikod.net
Regards,
Mickaël Salaün (10):
landlock: Fix landlock_add_rule(2) documentation
selftests/landlock: Make tests build with old libc
selftests/landlock: Extend tests for minimal valid attribute size
selftests/landlock: Add tests for unknown access rights
selftests/landlock: Extend access right tests to directories
selftests/landlock: Fully test file rename with "remove" access
selftests/landlock: Add tests for O_PATH
landlock: Change landlock_add_rule(2) argument check ordering
landlock: Change landlock_restrict_self(2) check ordering
selftests/landlock: Test landlock_create_ruleset(2) argument check
ordering
include/uapi/linux/landlock.h | 5 +-
security/landlock/syscalls.c | 37 +++---
tools/testing/selftests/landlock/base_test.c | 107 +++++++++++++++--
tools/testing/selftests/landlock/fs_test.c | 120 ++++++++++++++++---
4 files changed, 218 insertions(+), 51 deletions(-)
base-commit: 763c5dc0e990fbd803c3c2b1ae832366ab7d207f
--
2.35.1
More information about the Linux-security-module-archive
mailing list