[PATCH v10 7/9] selftests/landlock: Check IOCTL restrictions for named UNIX domain sockets

Günther Noack gnoack at google.com
Fri Mar 22 14:43:45 UTC 2024


On Fri, Mar 22, 2024 at 08:57:18AM +0100, Mickaël Salaün wrote:
> On Sat, Mar 09, 2024 at 07:53:18AM +0000, Günther Noack wrote:
> > diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
> > index d991f44875bc..941e6f9702b7 100644
> > --- a/tools/testing/selftests/landlock/fs_test.c
> > +++ b/tools/testing/selftests/landlock/fs_test.c

[...]

> > +/* For named UNIX domain sockets, no IOCTL restrictions apply. */
> > +TEST_F_FORK(layout1, named_unix_domain_socket_ioctl)
> > +{

[...]

> > +	/* Sets up a client connection to it */
> > +	cli_un.sun_family = AF_UNIX;
> > +	snprintf(cli_un.sun_path, sizeof(cli_un.sun_path), "%s%ld", path,
> > +		 (long)getpid());
> 
> I don't think it is useful to have a unique sun_path for a named unix
> socket, that's the purpose of naming it right?

Removed, well spotted!  I did not realize that I could omit that.

—Günther



More information about the Linux-security-module-archive mailing list