selftests/landlock: Extend access right tests to directories
commit d18955d094
upstream.
Make sure that all filesystem access rights can be tied to directories.
Rename layout1.file_access_rights to layout1.file_and_dir_access_rights
to reflect this change.
Cc: Shuah Khan <shuah@kernel.org>
Link: https://lore.kernel.org/r/20220506160820.524344-6-mic@digikod.net
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Родитель
1d6722353b
Коммит
df2af378bc
|
@ -418,11 +418,12 @@ TEST_F_FORK(layout1, inval)
|
|||
|
||||
/* clang-format on */
|
||||
|
||||
TEST_F_FORK(layout1, file_access_rights)
|
||||
TEST_F_FORK(layout1, file_and_dir_access_rights)
|
||||
{
|
||||
__u64 access;
|
||||
int err;
|
||||
struct landlock_path_beneath_attr path_beneath = {};
|
||||
struct landlock_path_beneath_attr path_beneath_file = {},
|
||||
path_beneath_dir = {};
|
||||
struct landlock_ruleset_attr ruleset_attr = {
|
||||
.handled_access_fs = ACCESS_ALL,
|
||||
};
|
||||
|
@ -432,20 +433,33 @@ TEST_F_FORK(layout1, file_access_rights)
|
|||
ASSERT_LE(0, ruleset_fd);
|
||||
|
||||
/* Tests access rights for files. */
|
||||
path_beneath.parent_fd = open(file1_s1d2, O_PATH | O_CLOEXEC);
|
||||
ASSERT_LE(0, path_beneath.parent_fd);
|
||||
path_beneath_file.parent_fd = open(file1_s1d2, O_PATH | O_CLOEXEC);
|
||||
ASSERT_LE(0, path_beneath_file.parent_fd);
|
||||
|
||||
/* Tests access rights for directories. */
|
||||
path_beneath_dir.parent_fd =
|
||||
open(dir_s1d2, O_PATH | O_DIRECTORY | O_CLOEXEC);
|
||||
ASSERT_LE(0, path_beneath_dir.parent_fd);
|
||||
|
||||
for (access = 1; access <= ACCESS_LAST; access <<= 1) {
|
||||
path_beneath.allowed_access = access;
|
||||
path_beneath_dir.allowed_access = access;
|
||||
ASSERT_EQ(0, landlock_add_rule(ruleset_fd,
|
||||
LANDLOCK_RULE_PATH_BENEATH,
|
||||
&path_beneath_dir, 0));
|
||||
|
||||
path_beneath_file.allowed_access = access;
|
||||
err = landlock_add_rule(ruleset_fd, LANDLOCK_RULE_PATH_BENEATH,
|
||||
&path_beneath, 0);
|
||||
if ((access | ACCESS_FILE) == ACCESS_FILE) {
|
||||
&path_beneath_file, 0);
|
||||
if (access & ACCESS_FILE) {
|
||||
ASSERT_EQ(0, err);
|
||||
} else {
|
||||
ASSERT_EQ(-1, err);
|
||||
ASSERT_EQ(EINVAL, errno);
|
||||
}
|
||||
}
|
||||
ASSERT_EQ(0, close(path_beneath.parent_fd));
|
||||
ASSERT_EQ(0, close(path_beneath_file.parent_fd));
|
||||
ASSERT_EQ(0, close(path_beneath_dir.parent_fd));
|
||||
ASSERT_EQ(0, close(ruleset_fd));
|
||||
}
|
||||
|
||||
TEST_F_FORK(layout1, unknown_access_rights)
|
||||
|
|
Загрузка…
Ссылка в новой задаче