[PATCH v14 08/12] selftests/landlock: Exhaustive test for the IOCTL allow-list
Günther Noack
gnoack at google.com
Fri Apr 19 14:49:58 UTC 2024
On Thu, Apr 18, 2024 at 10:44:43PM -0700, Mickaël Salaün wrote:
> On Thu, Apr 18, 2024 at 02:21:49PM +0200, Günther Noack wrote:
> > I spotted an additional problem with FICLONERANGE -- when we pass a
> > zero-initialized buffer to that IOCTL, it'll interpret some of these zeros
> > to refer to file descriptor 0 (stdin)... and what that means is not
> > controlled by the test - the error code can change depending on what that
> > FD is. (I don't want to start filling in all these structs individually.)
>
> I'm OK with your approach as long as the tests are deterministic,
> whatever FD 0 is (or not), and as long at they don't have an impact on
> FD 0. To make it more generic and to avoid side effects, I think we
> should (always) close FD 0 in ioctl_error() (and explain the reason).
Done, good idea.
—Günther
More information about the Linux-security-module-archive
mailing list