Re: [PATCH v13 11/11] LSM: selftests for Linux Security Module syscalls

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Mickaël Salaün" <mic@digikod.net>
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: paul@paul-moore.com, linux-security-module@vger.kernel.org,
	jmorris@namei.org, serge@hallyn.com, keescook@chromium.org,
	john.johansen@canonical.com, penguin-kernel@i-love.sakura.ne.jp,
	stephen.smalley.work@gmail.com, linux-kernel@vger.kernel.org,
	linux-api@vger.kernel.org
Subject: Re: [PATCH v13 11/11] LSM: selftests for Linux Security Module syscalls
Date: Fri, 25 Aug 2023 17:01:11 +0200	[thread overview]
Message-ID: <20230825.OokahF6aezae@digikod.net> (raw)
In-Reply-To: <20230802174435.11928-12-casey@schaufler-ca.com>

These tests look good!

I suggested other tests to add in my previous emails.

I'd suggest to re-run clang-format -i on them though.

On Wed, Aug 02, 2023 at 10:44:34AM -0700, Casey Schaufler wrote:
> Add selftests for the three system calls supporting the LSM
> infrastructure. This set of tests is limited by the differences
> in access policy enforced by the existing security modules.
> 
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
>  MAINTAINERS                                   |   1 +
>  tools/testing/selftests/Makefile              |   1 +
>  tools/testing/selftests/lsm/Makefile          |  19 ++
>  tools/testing/selftests/lsm/common.c          |  81 ++++++
>  tools/testing/selftests/lsm/common.h          |  33 +++
>  tools/testing/selftests/lsm/config            |   3 +
>  .../selftests/lsm/lsm_get_self_attr_test.c    | 240 ++++++++++++++++++
>  .../selftests/lsm/lsm_list_modules_test.c     | 140 ++++++++++
>  .../selftests/lsm/lsm_set_self_attr_test.c    |  74 ++++++
>  9 files changed, 592 insertions(+)
>  create mode 100644 tools/testing/selftests/lsm/Makefile
>  create mode 100644 tools/testing/selftests/lsm/common.c
>  create mode 100644 tools/testing/selftests/lsm/common.h
>  create mode 100644 tools/testing/selftests/lsm/config
>  create mode 100644 tools/testing/selftests/lsm/lsm_get_self_attr_test.c
>  create mode 100644 tools/testing/selftests/lsm/lsm_list_modules_test.c
>  create mode 100644 tools/testing/selftests/lsm/lsm_set_self_attr_test.c
> 
> diff --git a/MAINTAINERS b/MAINTAINERS
> index aca4db11dd02..c96f1c388d22 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -19158,6 +19158,7 @@ W:	http://kernsec.org/
>  T:	git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git
>  F:	include/uapi/linux/lsm.h
>  F:	security/
> +F:	tools/testing/selftests/lsm/
>  X:	security/selinux/
>  
>  SELINUX SECURITY MODULE
> diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
> index 666b56f22a41..bde7c217b23f 100644
> --- a/tools/testing/selftests/Makefile
> +++ b/tools/testing/selftests/Makefile
> @@ -39,6 +39,7 @@ TARGETS += landlock
>  TARGETS += lib
>  TARGETS += livepatch
>  TARGETS += lkdtm
> +TARGETS += lsm
>  TARGETS += membarrier
>  TARGETS += memfd
>  TARGETS += memory-hotplug
> diff --git a/tools/testing/selftests/lsm/Makefile b/tools/testing/selftests/lsm/Makefile
> new file mode 100644
> index 000000000000..bae6c1e3bba4
> --- /dev/null
> +++ b/tools/testing/selftests/lsm/Makefile
> @@ -0,0 +1,19 @@
> +# SPDX-License-Identifier: GPL-2.0
> +#
> +# First run: make -C ../../../.. headers_install
> +
> +CFLAGS += -Wall -O2 $(KHDR_INCLUDES)
> +LOCAL_HDRS += common.h
> +
> +TEST_GEN_PROGS := lsm_get_self_attr_test lsm_list_modules_test \
> +		  lsm_set_self_attr_test
> +
> +include ../lib.mk
> +
> +$(TEST_GEN_PROGS):

This target can be removed.

> +
> +$(OUTPUT)/lsm_get_self_attr_test: lsm_get_self_attr_test.c common.c
> +$(OUTPUT)/lsm_set_self_attr_test: lsm_set_self_attr_test.c common.c
> +$(OUTPUT)/lsm_list_modules_test: lsm_list_modules_test.c common.c
> +
> +EXTRA_CLEAN = $(OUTPUT)/common.o

next prev parent reply	other threads:[~2023-08-25 15:02 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20230802174435.11928-1-casey.ref@schaufler-ca.com>
2023-08-02 17:44 ` [PATCH v13 00/11] LSM: Three basic syscalls Casey Schaufler
2023-08-02 17:44   ` [PATCH v13 01/11] LSM: Identify modules by more than name Casey Schaufler
2023-08-10 15:54     ` John Johansen
2023-08-18 18:00     ` Mickaël Salaün
2023-08-02 17:44   ` [PATCH v13 02/11] LSM: Maintain a table of LSM attribute data Casey Schaufler
2023-08-10 15:54     ` John Johansen
2023-08-18 17:58     ` Mickaël Salaün
2023-08-02 17:44   ` [PATCH v13 03/11] proc: Use lsmids instead of lsm names for attrs Casey Schaufler
2023-08-10 15:54     ` John Johansen
2023-08-02 17:44   ` [PATCH v13 04/11] LSM: syscalls for current process attributes Casey Schaufler
2023-08-10 15:55     ` John Johansen
2023-08-23 17:27     ` Mickaël Salaün
2023-08-25  0:12     ` Mateusz Guzik
2023-08-25 14:59     ` Mickaël Salaün
2023-08-25 22:23       ` Casey Schaufler
2023-08-02 17:44   ` [PATCH v13 05/11] LSM: Create lsm_list_modules system call Casey Schaufler
2023-08-10 15:55     ` John Johansen
2023-08-02 17:44   ` [PATCH v13 06/11] LSM: wireup Linux Security Module syscalls Casey Schaufler
2023-08-10 15:56     ` John Johansen
2023-08-02 17:44   ` [PATCH v13 07/11] LSM: Helpers for attribute names and filling lsm_ctx Casey Schaufler
2023-08-10 15:57     ` John Johansen
2023-08-02 17:44   ` [PATCH v13 08/11] Smack: implement setselfattr and getselfattr hooks Casey Schaufler
2023-08-10 15:57     ` John Johansen
2023-08-18 15:14     ` Serge Hallyn
2023-08-02 17:44   ` [PATCH v13 09/11] AppArmor: Add selfattr hooks Casey Schaufler
2023-08-10 15:53     ` John Johansen
2023-08-02 17:44   ` [PATCH v13 10/11] SELinux: " Casey Schaufler
2023-08-10 22:24     ` Paul Moore
2023-08-25 15:00     ` Mickaël Salaün
2023-08-02 17:44   ` [PATCH v13 11/11] LSM: selftests for Linux Security Module syscalls Casey Schaufler
2023-08-18 15:53     ` Serge Hallyn
2023-08-23 19:09       ` Casey Schaufler
2023-08-25  0:36         ` Serge Hallyn
2023-08-23 17:27     ` Mickaël Salaün
2023-08-25 15:01     ` Mickaël Salaün [this message]
2023-08-25 18:14       ` Casey Schaufler
2023-08-25 18:58         ` Mickaël Salaün
2023-08-10 22:32   ` [PATCH v13 00/11] LSM: Three basic syscalls Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230825.OokahF6aezae@digikod.net \
    --to=mic@digikod.net \
    --cc=casey@schaufler-ca.com \
    --cc=jmorris@namei.org \
    --cc=john.johansen@canonical.com \
    --cc=keescook@chromium.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=penguin-kernel@i-love.sakura.ne.jp \
    --cc=serge@hallyn.com \
    --cc=stephen.smalley.work@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.