From: Cyril Hrubis <chrubis@suse.cz>
To: Andrea Cervesato <andrea.cervesato@suse.de>
Cc: ltp@lists.linux.it
Subject: Re: [LTP] [PATCH v4 4/7] Add lsm_get_self_attr03 test
Date: Mon, 2 Jun 2025 14:46:04 +0200 [thread overview]
Message-ID: <aD2dDODCBai0Ee-s@yuki.lan> (raw)
In-Reply-To: <20250429-lsm-v4-4-602b7097e722@suse.com>
Hi!
> Verify that LSM_ATTR_CURRENT attribute is correctly recognizing
> the current, active security context of the process. This is done by
> checking that /proc/self/attr/current matches with the obtained value.
>
> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
> ---
> runtest/syscalls | 1 +
> testcases/kernel/syscalls/lsm/.gitignore | 1 +
> .../kernel/syscalls/lsm/lsm_get_self_attr03.c | 68 ++++++++++++++++++++++
> 3 files changed, 70 insertions(+)
>
> diff --git a/runtest/syscalls b/runtest/syscalls
> index 73b6b98c7748f5ed31ad23d7464f1ab4fbc5f42e..d45cda4082ed87bf674ca34d315af9c162a41fe9 100644
> --- a/runtest/syscalls
> +++ b/runtest/syscalls
> @@ -761,6 +761,7 @@ lseek11 lseek11
>
> lsm_get_self_attr01 lsm_get_self_attr01
> lsm_get_self_attr02 lsm_get_self_attr02
> +lsm_get_self_attr03 lsm_get_self_attr03
>
> lstat01 lstat01
> lstat01_64 lstat01_64
> diff --git a/testcases/kernel/syscalls/lsm/.gitignore b/testcases/kernel/syscalls/lsm/.gitignore
> index 9f7c9b00b026a377f1b36f483ac2c1a0adba6249..19956fdf8b9952b4850c3a20826e29ec67ea3560 100644
> --- a/testcases/kernel/syscalls/lsm/.gitignore
> +++ b/testcases/kernel/syscalls/lsm/.gitignore
> @@ -1,2 +1,3 @@
> lsm_get_self_attr01
> lsm_get_self_attr02
> +lsm_get_self_attr03
> diff --git a/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c b/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c
> new file mode 100644
> index 0000000000000000000000000000000000000000..3b767b94c025e350b9cc83d9bf2dc3061b3c6a1c
> --- /dev/null
> +++ b/testcases/kernel/syscalls/lsm/lsm_get_self_attr03.c
> @@ -0,0 +1,68 @@
> +// SPDX-License-Identifier: GPL-2.0-or-later
> +/*
> + * Copyright (C) 2024 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>
> + */
> +
> +/*\
> + * Verify that LSM_ATTR_CURRENT attribute is correctly recognizing
> + * the current, active security context of the process. This is done by
> + * checking that /proc/self/attr/current matches with the obtained value.
> + */
> +
> +#include "lsm_common.h"
> +
> +static struct lsm_ctx *ctx;
> +static uint32_t page_size;
> +
> +static void run(void)
> +{
> + tst_res(TINFO, "Verifying 'LSM_ATTR_CURRENT' attribute");
> +
> + uint32_t count;
> + uint32_t size = page_size;
> + char attr[size];
> +
> + memset(attr, 0, size);
> + memset(ctx, 0, LSM_CTX_SIZE_DEFAULT);
> +
> + count = TST_EXP_POSITIVE(
> + lsm_get_self_attr(LSM_ATTR_CURRENT, ctx, &size, 0));
> +
> + if (TST_RET == -1)
> + return;
> +
> + if (!count) {
> + tst_res(TFAIL, "Can't read any attribute");
> + return;
> + }
> +
> + read_proc_attr("current", attr, page_size);
> +
> + TST_EXP_EQ_STR(attr, (char *)ctx->ctx);
> +
> + struct lsm_ctx *next = ctx;
^
next_ctx(next)
Otherwise we will fail the check below.
> + for (uint32_t i = 1; i < count; i++) {
> + TST_EXP_EXPR(strcmp(attr, (char *)next->ctx) != 0,
> + "Attribute and next LSM context must be different");
> +
> + next = next_ctx(next);
> + }
Have you actually tried this on a machine with more than one LSM active?
--
Cyril Hrubis
chrubis@suse.cz
--
Mailing list info: https://lists.linux.it/listinfo/ltp
next prev parent reply other threads:[~2025-06-02 12:45 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-29 7:18 [LTP] [PATCH v4 0/7] LSM testing suite Andrea Cervesato
2025-04-29 7:18 ` [LTP] [PATCH v4 1/7] Add fallback definitions of LSM syscalls Andrea Cervesato
2025-06-02 12:05 ` Cyril Hrubis
2025-04-29 7:18 ` [LTP] [PATCH v4 2/7] Add lsm_get_self_attr01 test Andrea Cervesato
2025-04-29 7:18 ` [LTP] [PATCH v4 3/7] Add lsm_get_self_attr02 test Andrea Cervesato
2025-06-02 12:16 ` Cyril Hrubis
2025-04-29 7:18 ` [LTP] [PATCH v4 4/7] Add lsm_get_self_attr03 test Andrea Cervesato
2025-06-02 12:46 ` Cyril Hrubis [this message]
2025-06-02 13:18 ` Andrea Cervesato via ltp
2025-06-02 14:38 ` Cyril Hrubis
2025-06-02 16:35 ` Andrea Cervesato via ltp
2025-04-29 7:18 ` [LTP] [PATCH v4 5/7] Add lsm_list_modules01 test Andrea Cervesato
2025-04-29 7:18 ` [LTP] [PATCH v4 6/7] Add lsm_list_modules02 test Andrea Cervesato
2025-06-02 14:59 ` Cyril Hrubis
2025-04-29 7:18 ` [LTP] [PATCH v4 7/7] Add lsm_set_self_attr01 test Andrea Cervesato
2025-06-02 15:17 ` Cyril Hrubis
2025-06-05 8:13 ` Petr Vorel
2025-06-05 8:13 ` Petr Vorel
2025-06-05 8:18 ` Petr Vorel
2025-06-05 8:18 ` Petr Vorel
2025-06-05 8:25 ` Andrea Cervesato
2025-06-05 8:25 ` Andrea Cervesato via ltp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aD2dDODCBai0Ee-s@yuki.lan \
--to=chrubis@suse.cz \
--cc=andrea.cervesato@suse.de \
--cc=ltp@lists.linux.it \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.