[PATCH] selftests/landlock: explicitly disable audit

[Mickaël Salaün]

I extended your patch and merged it:
https://git.kernel.org/mic/c/next&id=0302cd72fe196aee933e3fb76f6d175d1ab0e843

Thanks!

On Tue, Jun 09, 2026 at 12:51:03AM +0200, Mickaël Salaün wrote:
> Thanks for this patch.  I merged a few fixes and I'd be interested to
> know if this one fix the issue you spotted:
> https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git/commit/?h=next&id=d8dfb4c7faa87c3e41a8678f38f136c2c7c036fa
> 
> 
> On Fri, May 29, 2026 at 08:03:41PM +0000, Maximilian Heyne wrote:
> > I'm seeing sporadic selftest failures, such as
> > 
> >   #  RUN           scoped_audit.connect_to_child ...
> >   # scoped_abstract_unix_test.c:314:connect_to_child:Expected 0 (0) == records.access (8)
> >   # connect_to_child: Test failed
> >   #          FAIL  scoped_audit.connect_to_child
> >   not ok 19 scoped_audit.connect_to_child
> > 
> > This seems similar to what commit 3647a4977fb73d ("selftests/landlock:
> > Drain stale audit records on init") tried to fix. However, the added
> > drain loop is not effective. When setting the AUDIT_STATUS_PID, the
> > kauditd_thread is woken up starting to send messages from the hold queue
> > to the netlink. Depending on scheduling of this kthread not all messages
> > might be send via the netlink in the 1 us interval.
> > 
> > Therefore, instead of trying to drain the queue, let's just disable
> > audit when running non-audit tests or more precisely disable it after
> > audit-tests. This way we won't generate any new audit message that could
> > interfere with the other tests.
> > 
> > The comment saying that on process exit audit will be disabled is wrong.
> > The closed file descriptor just causes an auditd_reset(), not a
> > disablement. So future messages will be queued in the hold queue.
> > 
> > Cc: stable at vger.kernel.org
> > Fixes: 6a500b22971c ("selftests/landlock: Add tests for audit flags and domain IDs")
> > Signed-off-by: Maximilian Heyne <mheyne at amazon.de>
> > ---
> > 
> > I've seen the failures on the 6.18 kernels but haven't tested on latest
> > upstream. However, I still think this is an issue.
> > 
> > ---
> >  tools/testing/selftests/landlock/audit.h | 13 +++++--------
> >  1 file changed, 5 insertions(+), 8 deletions(-)
> > 
> > diff --git a/tools/testing/selftests/landlock/audit.h b/tools/testing/selftests/landlock/audit.h
> > index 834005b2b0f09..7842330875f53 100644
> > --- a/tools/testing/selftests/landlock/audit.h
> > +++ b/tools/testing/selftests/landlock/audit.h
> > @@ -494,10 +494,9 @@ static int audit_init_filter_exe(struct audit_filter *filter, const char *path)
> >  static int audit_cleanup(int audit_fd, struct audit_filter *filter)
> 
> audit_cleanup() should be called for audit_exec tests too.
> 
> >  {
> >  	struct audit_filter new_filter;
> > +	int err;
> >  
> >  	if (audit_fd < 0 || !filter) {
> > -		int err;
> > -
> >  		/*
> >  		 * Simulates audit_init_with_exe_filter() when called from
> >  		 * FIXTURE_TEARDOWN_PARENT().
> > @@ -518,12 +517,10 @@ static int audit_cleanup(int audit_fd, struct audit_filter *filter)
> >  	audit_filter_exe(audit_fd, filter, AUDIT_DEL_RULE);
> >  	audit_filter_drop(audit_fd, AUDIT_DEL_RULE);
> >  
> > -	/*
> > -	 * Because audit_cleanup() might not be called by the test auditd
> > -	 * process, it might not be possible to explicitly set it.  Anyway,
> > -	 * AUDIT_STATUS_ENABLED will implicitly be set to 0 when the auditd
> > -	 * process will exit.
> > -	 */
> 
> Please add a comment that explains that the audit state is not restored
> but just disabled.
> 
> > +	err = audit_set_status(audit_fd, AUDIT_STATUS_ENABLED, 0);
> > +	if (err)
> > +		return err;
> > +
> >  	return close(audit_fd);
> 
> FDs should always be closed.
> 
> >  }
> >  
> > -- 
> > 2.50.1
> > 
> > 
> > 
> > 
> > Amazon Web Services Development Center Germany GmbH
> > Tamara-Danz-Str. 13
> > 10243 Berlin
> > Geschaeftsfuehrung: Christof Hellmis, Andreas Stieger
> > Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B
> > Sitz: Berlin
> > Ust-ID: DE 365 538 597
> > 
> >