[PATCH 2/3] selftests/landlock: Print a warning about directory permissions

Sun May 25 14:23:46 UTC 2025

On 5/24/25 18:56, Tingmao Wang wrote:
> Because we drop capabilities (most importantly, CAP_DAC_OVERRIDE), if a
> user runs the selftests under a Linux source checked out by a non-root
> user, the test will fail even when ran under sudo, and will print a
> "Permission denied" error.  This creates a confusing situation if they
> does not realize that the test drops capabilities, and can mislead users
> to think there's something wrong with the test or landlock.
> 
> This patch produces output that looks like:
> 
>    # #  RUN           layout0.ruleset_with_unknown_access ...
>    # # fs_test.c:240:ruleset_with_unknown_access:Expected 0 (0) == mkdir(path, 0700) (-1)
>    # # fs_test.c:244:ruleset_with_unknown_access:Failed to create directory "tmp": Permission denied
>    # # fs_test.c:230:ruleset_with_unknown_access:Hint: fs_tests requires permissions for uid 0 on test directory /home/mao/landlock-selftests/tools/testing/selftests/landlock and files under it (even when running as root).
>    # # fs_test.c:232:ruleset_with_unknown_access:      Try chmod a+rwX -R /home/mao/landlock-selftests/tools/testing/selftests/landlock
>    # # ruleset_with_unknown_access: Test terminated by assertion
>    # #          FAIL  layout0.ruleset_with_unknown_access
> 
> Signed-off-by: Tingmao Wang <m at maowtm.org>
> ---
>   tools/testing/selftests/landlock/fs_test.c | 35 +++++++++++++++++++---
>   1 file changed, 31 insertions(+), 4 deletions(-)
> 
> diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
> index e65e6cc80e22..21ed8afcc060 100644
> --- a/tools/testing/selftests/landlock/fs_test.c
> +++ b/tools/testing/selftests/landlock/fs_test.c
> @@ -216,14 +216,37 @@ static void mkdir_parents(struct __test_metadata *const _metadata,
>   	free(walker);
>   }
>   
> +static void
> +maybe_warn_about_permission_on_cwd(struct __test_metadata *const _metadata,
> +				   int err)
> +{
> +	char abspath_buf[255];
> +
> +	if (err == EACCES) {
> +		const char *realp = realpath(".", abspath_buf);
> +		if (realp == NULL) {
> +			realp = ".";
> +		}
> +		TH_LOG("Hint: fs_tests requires permissions for uid %u on test directory %s and files under it (even when running as root).",
> +		       getuid(), realp);
> +		TH_LOG("      Try chmod a+rwX -R %s", realp);

Actually, just having rwx on the test directory itself is not enough. 
For audit tests, in order to set the executable itself as AUDIT_EXE, we 
pass in an absolute path (which is required), which then means that we 
need path walk permission from root to the executable (otherwise 
audit_alloc_mark -> kern_path_locked fails), so in fact if the user has 
a setup where the home directory, containing the Linux source code, is 
not world-readable (or owned by root), fs_test::audit_layout1 etc will 
fail too...

I wonder if we should in fact drop capabilities only after fixture 
setup?  Alternatively we should have an appropriate message explaining 
that the test dir needs to be walkable and writable by root without 
CAP_DAC_OVERRIDE.