[PATCH v2 00/10] Minor Landlock fixes and new tests

Mickaël Salaün mic at digikod.net
Fri May 6 16:08:10 UTC 2022


Hi,

This series contains some minor code and documentation fixes.  There is
also some miscellaneous new tests to improve coverage and that may help
for future access types (e.g. networking).

The important new patches are the last three ones.  They change the
landlock_add_rule(2) and landlock_restrict_self(2) check orderings to
make them more consistent according to future Landlock rule types (e.g.
networking).

As suggested by Alejandro Colomar [1], I removed the
landlock_add_rule(2) signature fix.  I added a new patch to test O_PATH
behavior.

Test coverage for security/landlock was 94.4% of 500 lines, and it is
now 94.4% of 504 lines according to gcc/gcov-11.

I also fixed some typos and formatted the code with clang-format.  This
series can be applied on top of
https://lore.kernel.org/r/20220506160513.523257-1-mic@digikod.net

[1] https://lore.kernel.org/r/ae52c028-05c7-c22e-fc47-d97ee4a2f6c7@gmail.com

Previous version:
https://lore.kernel.org/r/20220221155311.166278-1-mic@digikod.net

Regards,

Mickaël Salaün (10):
  landlock: Fix landlock_add_rule(2) documentation
  selftests/landlock: Make tests build with old libc
  selftests/landlock: Extend tests for minimal valid attribute size
  selftests/landlock: Add tests for unknown access rights
  selftests/landlock: Extend access right tests to directories
  selftests/landlock: Fully test file rename with "remove" access
  selftests/landlock: Add tests for O_PATH
  landlock: Change landlock_add_rule(2) argument check ordering
  landlock: Change landlock_restrict_self(2) check ordering
  selftests/landlock: Test landlock_create_ruleset(2) argument check
    ordering

 include/uapi/linux/landlock.h                |   5 +-
 security/landlock/syscalls.c                 |  37 +++---
 tools/testing/selftests/landlock/base_test.c | 107 +++++++++++++++--
 tools/testing/selftests/landlock/fs_test.c   | 120 ++++++++++++++++---
 4 files changed, 218 insertions(+), 51 deletions(-)


base-commit: 763c5dc0e990fbd803c3c2b1ae832366ab7d207f
-- 
2.35.1



More information about the Linux-security-module-archive mailing list