[PATCH v10 6/9] selftests/landlock: Test IOCTLs on named pipes
Mickaël Salaün
mic at digikod.net
Fri Mar 22 08:45:53 UTC 2024
On Fri, Mar 22, 2024 at 08:48:30AM +0100, Mickaël Salaün wrote:
> It might be interesting to create a layout with one file of each type
> and use that for the IOCTL tests.
To make sure we only restrict the first layer of IOCTL (handled by the
VFS) we should check that an IOCTL command that should be handled by a
specific filesystem is indeed passed through this filesystem and not
blocked by Landlock. Because Landlock would return EACCES, I guess it
should be enough to check that we get a ENOTTY for non-block/char
devices. We should find an IOCTL command number that has little chance
to be taken to avoid updating this test too often.
More information about the Linux-security-module-archive
mailing list