From: "Mickaël Salaün" <mic@digikod.net>
To: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Cc: willemdebruijn.kernel@gmail.com, gnoack3000@gmail.com,
linux-security-module@vger.kernel.org, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org, yusongping@huawei.com,
artem.kuzin@huawei.com
Subject: Re: [PATCH v12 09/12] selftests/landlock: Share enforce_ruleset()
Date: Mon, 2 Oct 2023 22:26:57 +0200 [thread overview]
Message-ID: <20231001.Aiv7Chaedei0@digikod.net> (raw)
In-Reply-To: <20230920092641.832134-10-konstantin.meskhidze@huawei.com>
On Wed, Sep 20, 2023 at 05:26:37PM +0800, Konstantin Meskhidze wrote:
> This commit moves enforce_ruleset() helper function to common.h so that
> it can be used both by filesystem tests and network ones.
>
> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
> ---
>
> Changes since v11:
> * None.
>
> diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
> index 251594306d40..7c94d3933b68 100644
> --- a/tools/testing/selftests/landlock/fs_test.c
> +++ b/tools/testing/selftests/landlock/fs_test.c
> @@ -677,17 +677,7 @@ static int create_ruleset(struct __test_metadata *const _metadata,
> return ruleset_fd;
> }
>
> -static void enforce_ruleset(struct __test_metadata *const _metadata,
> - const int ruleset_fd)
> -{
> - ASSERT_EQ(0, prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0));
> - ASSERT_EQ(0, landlock_restrict_self(ruleset_fd, 0))
> - {
> - TH_LOG("Failed to enforce ruleset: %s", strerror(errno));
> - }
> -}
> -
> -TEST_F_FORK(layout0, proc_nsfs)
> +TEST_F_FORK(layout1, proc_nsfs)
Why this change?
> {
> const struct rule rules[] = {
> {
> --
> 2.25.1
>
next prev parent reply other threads:[~2023-10-02 20:27 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-20 9:26 [PATCH v12 00/12] Network support for Landlock Konstantin Meskhidze
2023-09-20 9:26 ` [PATCH v12 01/12] landlock: Make ruleset's access masks more generic Konstantin Meskhidze
2023-09-20 9:26 ` [PATCH v12 02/12] landlock: Allow filesystem layout changes for domains without such rule type Konstantin Meskhidze
2023-10-02 20:26 ` Mickaël Salaün
2023-10-10 2:17 ` Konstantin Meskhidze (A)
2023-09-20 9:26 ` [PATCH v12 03/12] landlock: Refactor landlock_find_rule/insert_rule Konstantin Meskhidze
2023-09-20 9:26 ` [PATCH v12 04/12] landlock: Refactor merge/inherit_ruleset functions Konstantin Meskhidze
2023-09-20 9:26 ` [PATCH v12 05/12] landlock: Move and rename layer helpers Konstantin Meskhidze
2023-09-20 9:26 ` [PATCH v12 06/12] landlock: Refactor " Konstantin Meskhidze
2023-09-20 9:26 ` [PATCH v12 07/12] landlock: Refactor landlock_add_rule() syscall Konstantin Meskhidze
2023-09-20 9:26 ` [PATCH v12 08/12] landlock: Add network rules and TCP hooks support Konstantin Meskhidze
2023-10-02 20:26 ` Mickaël Salaün
2023-10-09 14:12 ` Mickaël Salaün
2023-10-09 14:13 ` Mickaël Salaün
2023-10-10 2:23 ` Konstantin Meskhidze (A)
2023-10-10 2:20 ` Konstantin Meskhidze (A)
2023-10-10 9:17 ` Mickaël Salaün
2023-10-10 11:22 ` Konstantin Meskhidze (A)
2023-10-10 3:29 ` Konstantin Meskhidze (A)
2023-10-10 9:28 ` Mickaël Salaün
2023-10-10 11:21 ` Konstantin Meskhidze (A)
2023-10-11 1:53 ` Konstantin Meskhidze (A)
2023-10-11 16:02 ` Mickaël Salaün
2023-10-11 16:04 ` Konstantin Meskhidze (A)
2023-10-09 15:36 ` Mickaël Salaün
2023-10-10 3:31 ` Konstantin Meskhidze (A)
2023-09-20 9:26 ` [PATCH v12 09/12] selftests/landlock: Share enforce_ruleset() Konstantin Meskhidze
2023-10-02 20:26 ` Mickaël Salaün [this message]
2023-10-10 2:47 ` Konstantin Meskhidze (A)
2023-09-20 9:26 ` [PATCH v12 10/12] selftests/landlock: Add 7 new test variants dedicated to network Konstantin Meskhidze
2023-09-20 9:26 ` [PATCH v12 11/12] samples/landlock: Add network demo Konstantin Meskhidze
2023-10-03 13:15 ` linux-next: build warning after merge of the landlock tree Mickaël Salaün
2023-10-03 13:23 ` Geert Uytterhoeven
2023-10-04 11:01 ` Mickaël Salaün
2023-10-03 13:40 ` Arnd Bergmann
2023-10-04 11:02 ` Mickaël Salaün
2023-09-20 9:26 ` [PATCH v12 12/12] landlock: Document Landlock's network support Konstantin Meskhidze
-- strict thread matches above, loose matches on Subject: below --
2023-10-03 3:27 linux-next: build warning after merge of the landlock tree Stephen Rothwell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231001.Aiv7Chaedei0@digikod.net \
--to=mic@digikod.net \
--cc=artem.kuzin@huawei.com \
--cc=gnoack3000@gmail.com \
--cc=konstantin.meskhidze@huawei.com \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=willemdebruijn.kernel@gmail.com \
--cc=yusongping@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.