Re: [PATCH 0/2] Add io_uring test with Landlock access control rules

["Fabio M. De Francesco" <fabio.maria.de.francesco@linux.intel.com>]

On Monday, 25 March 2024 03:32:33 CET Dorine Tipo wrote:
> This patch series introduces a new test for verifying Landlock access
> control rules with io_uring operation, IORING_OP_OPENAT.
> 
> The first patch (Add test for io_uring openat access control with
> Landlock rules) implements the actual test.
> 
> - The test defines allowed and disallowed paths for access attempts.
> - It creates Landlock rulesets for both allowed and disallowed access.
> - It uses io_uring_prep_openat with the rulesets to attempt opening
> files. - The test verifies successful preparation for allowed access and
> expects submission failures for disallowed access.
> 
> The second patch  (Add liburing dependency for io_uring test) updates the
> Makefile to include the necessary liburing library.

Hi Dorine,

If I read your message correctly, patch 1/2 depends on 2/2 because  
liburing is needed by tests in 1/2. Every single patch of a series must 
build and link successfully.  I think that patch 1/2 cannot link without 
the changes that you put in patch 2/2. Am I missing something?

The prerequisites one must meet when sending series are that (1) that  
series must be applicable to (based on) the most recent publicly available 
official version of the subsystem/driver it is meant for, (2) for all n 
patches of a series with N patches, patch n must not require any k > n  
patch (i.e., k:=(n < k <= N)), and (3) each patch must always achieve a 
logically self-contained objective.

Well, in theory you may think to reverse the order of the patches to meet 
rule 2.  But by doing so you would break rule 3 because the changes you 
make in the Makefile would only be needed to build and link another patch so 
they don't serve any self-contained purposes. 

Therefore, please make a self-contained patch that includes all the 
necessary changes to make it build and link.

Thanks,

Fabio

> This patch series improves Landlock's test coverage by incorporating
> io_uring operations and helps ensure Landlock effectively controls access
> through io_uring.
> It enhances the overall security posture of the system.
> 
> The test has been successfully compiled using make run_tests -C landlock
> and successfully verifies Landlock access control with io_uring.
> 
> Dorine Tipo (2):
>   Add test for io_uring openat access control with Landlock rules
>   Add liburing dependency for io_uring test
> 
>  tools/testing/selftests/landlock/Makefile  |   4 +-
>  tools/testing/selftests/landlock/fs_test.c | 132 +++++++++++++++++++++
>  2 files changed, 134 insertions(+), 2 deletions(-)
> 
> --
> 2.25.1