[LTP] [PATCH v2] ioctl_pidfd01: disable with SELinux enforcing policy

[LTP] [PATCH v2] ioctl_pidfd01: disable with SELinux enforcing policy

[Andrea Cervesato]

From: Andrea Cervesato <andrea.cervesato@suse.com>

When SELinux is enabled with enforcing policy, ioctl_pidfd01 might fail
with EACCESS. This is an error triggered by ioctl() syscall, before we
actually reach the code we are about to test, so we need to skip the
test just in case enforcing policy is on.

Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
Following errors are caused by SELinux, trying to block any access to
the file descriptor before actually accessing to it.

ioctl_pidfd01.c:37: TINFO: io uring -> ...
ioctl_pidfd01.c:28: TFAIL: ioctl(io uring, PIDFD_GET_INFO, info) expected EINVAL, EBADF, ENOTTY: EACCES (13)
---
Changes in v2:
- disable the whole test if enforcing policy is on
- Link to v1: https://lore.kernel.org/r/20250729-ioctl_pidfd01_selinux-v1-1-432e100a5a53@suse.com
---
 testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c b/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c
index 92c51c6c0d0dcbb2308c1a8d82b2a92650f3a6b3..22921bfc7f5e7fa11d511f8aab03707426ae62ba 100644
--- a/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c
+++ b/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c
@@ -44,6 +44,9 @@ static void setup(void)
 	if (!ioctl_pidfd_info_exit_supported())
 		tst_brk(TCONF, "PIDFD_INFO_EXIT is not supported by ioctl()");
 
+	if (tst_selinux_enforcing())
+		tst_brk(TCONF, "Unstable test with SELinux enforcing mode on");
+
 	info->mask = PIDFD_INFO_EXIT;
 }
 

---
base-commit: 91e6272febf95e19a8300695dfc2089569adf9d8
change-id: 20250729-ioctl_pidfd01_selinux-1479ea457850

Best regards,
-- 
Andrea Cervesato <andrea.cervesato@suse.com>


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [PATCH v2] ioctl_pidfd01: disable with SELinux enforcing policy

[Avinesh Kumar]

Hi,

Reviewed-by: Avinesh Kumar <akumar@suse.de>

Thanks,
Avinesh

On Tuesday, July 29, 2025 2:16:06 PM CEST Andrea Cervesato wrote:
> From: Andrea Cervesato <andrea.cervesato@suse.com>
> 
> When SELinux is enabled with enforcing policy, ioctl_pidfd01 might fail
> with EACCESS. This is an error triggered by ioctl() syscall, before we
> actually reach the code we are about to test, so we need to skip the
> test just in case enforcing policy is on.
> 
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
> Following errors are caused by SELinux, trying to block any access to
> the file descriptor before actually accessing to it.
> 
> ioctl_pidfd01.c:37: TINFO: io uring -> ...
> ioctl_pidfd01.c:28: TFAIL: ioctl(io uring, PIDFD_GET_INFO, info) expected EINVAL, EBADF, ENOTTY: EACCES (13)
> ---
> Changes in v2:
> - disable the whole test if enforcing policy is on
> - Link to v1: https://lore.kernel.org/r/20250729-ioctl_pidfd01_selinux-v1-1-432e100a5a53@suse.com
> ---
>  testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c b/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c
> index 92c51c6c0d0dcbb2308c1a8d82b2a92650f3a6b3..22921bfc7f5e7fa11d511f8aab03707426ae62ba 100644
> --- a/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c
> +++ b/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c
> @@ -44,6 +44,9 @@ static void setup(void)
>  	if (!ioctl_pidfd_info_exit_supported())
>  		tst_brk(TCONF, "PIDFD_INFO_EXIT is not supported by ioctl()");
>  
> +	if (tst_selinux_enforcing())
> +		tst_brk(TCONF, "Unstable test with SELinux enforcing mode on");
> +
>  	info->mask = PIDFD_INFO_EXIT;
>  }
>  
> 
> ---
> base-commit: 91e6272febf95e19a8300695dfc2089569adf9d8
> change-id: 20250729-ioctl_pidfd01_selinux-1479ea457850
> 
> Best regards,
> 





-- 
Mailing list info: https://lists.linux.it/listinfo/ltp