[RFC 3/4] selftests/landlock: Test ioctl support

Günther Noack gnoack at google.com
Mon Aug 7 13:21:49 UTC 2023


Hi!

On Mon, Aug 07, 2023 at 11:41:48AM +0200, Mickaël Salaün wrote:
> On Mon, Aug 07, 2023 at 09:39:50AM +0200, Günther Noack wrote:
> > We've already tested the inheritance of access rights across different
> > directories and mount points in other tests.  I feel that exercising it in all
> > combinations of access rights and inheritance mechanisms makes the tests harder
> > to understand and maintain, and does not give us much additional confidence on
> > top of what we already have.  What balance do you want to find there?
> 
> Indeed. It should be notted that this new IOCTL access right will be the
> first one to directly apply to both files and directories.  It should
> then have the same scope as LANDLOCK_ACCESS_FS_READ i.e., apply to the
> target directory itself and files/directories beneath it.
> 
> We then need to test a directory's IOCTL, for instance using FIOQSIZE.
> 
> What about this two rules and related access checks, combined with
> already-opened FD?
> - dir_s1d1: always denied (negative test)
> - file1_s1d1: allowed with a rule (checks ACCESS_FILE)
> - dir_s2d1: allowed with a rule (checks directory right)

Ah, that's an excellent point - I had not realized yet that it is different to
the other access rights in that way, and it makes a lot of sense to test that. 👍

I'll dig up one IOCTL command for regular files and one IOCTL command for
directories like FIOQSIZE, which are both not blanket-permitted, and I'll test
it with that, and will make sure to cover the combinations you listed above.

Thanks!
—Günther

-- 
Sent using Mutt 🐕 Woof Woof



More information about the Linux-security-module-archive mailing list