| Message ID | 20221001154908.49665-7-gnoack3000@gmail.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | landlock: truncate support | expand |
Clean test cases and complete coverage, great! On 01/10/2022 17:49, Günther Noack wrote: > This test uses multiple fixture variants to exercise a broader set of > scnenarios. > > Signed-off-by: Günther Noack <gnoack3000@gmail.com> > --- > tools/testing/selftests/landlock/fs_test.c | 96 ++++++++++++++++++++++ > 1 file changed, 96 insertions(+) > > diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c > index 718543fd3dfc..308f6f36e8c0 100644 > --- a/tools/testing/selftests/landlock/fs_test.c > +++ b/tools/testing/selftests/landlock/fs_test.c > @@ -3445,6 +3445,102 @@ TEST_F_FORK(layout1, ftruncate) > ASSERT_EQ(0, close(fd_layer3)); > } > > +/* clang-format off */ > +FIXTURE(ftruncate) {}; > +/* clang-format on */ > + > +FIXTURE_SETUP(ftruncate) > +{ > + prepare_layout(_metadata); > + create_file(_metadata, file1_s1d1); > +} > + > +FIXTURE_TEARDOWN(ftruncate) > +{ > + EXPECT_EQ(0, remove_path(file1_s1d1)); > + cleanup_layout(_metadata); > +} > + > +FIXTURE_VARIANT(ftruncate) > +{ > + const __u64 handled; > + const __u64 permitted; > + const int expected_open_result; > + const int expected_ftruncate_result; > +}; > + > +/* clang-format off */ > +FIXTURE_VARIANT_ADD(ftruncate, w_w) { > + /* clang-format on */ > + .handled = LANDLOCK_ACCESS_FS_WRITE_FILE, > + .permitted = LANDLOCK_ACCESS_FS_WRITE_FILE, > + .expected_open_result = 0, > + .expected_ftruncate_result = 0, > +}; > + > +/* clang-format off */ > +FIXTURE_VARIANT_ADD(ftruncate, t_t) { > + /* clang-format on */ > + .handled = LANDLOCK_ACCESS_FS_TRUNCATE, > + .permitted = LANDLOCK_ACCESS_FS_TRUNCATE, > + .expected_open_result = 0, > + .expected_ftruncate_result = 0, > +}; > + > +/* clang-format off */ > +FIXTURE_VARIANT_ADD(ftruncate, wt_w) { > + /* clang-format on */ > + .handled = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_TRUNCATE, > + .permitted = LANDLOCK_ACCESS_FS_WRITE_FILE, > + .expected_open_result = 0, > + .expected_ftruncate_result = EACCES, > +}; > + > +/* clang-format off */ > +FIXTURE_VARIANT_ADD(ftruncate, wt_wt) { > + /* clang-format on */ > + .handled = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_TRUNCATE, > + .permitted = LANDLOCK_ACCESS_FS_WRITE_FILE | > + LANDLOCK_ACCESS_FS_TRUNCATE, > + .expected_open_result = 0, > + .expected_ftruncate_result = 0, > +}; > + > +/* clang-format off */ > +FIXTURE_VARIANT_ADD(ftruncate, wt_t) { > + /* clang-format on */ > + .handled = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_TRUNCATE, > + .permitted = LANDLOCK_ACCESS_FS_TRUNCATE, > + .expected_open_result = EACCES, > +}; > + > +TEST_F_FORK(ftruncate, open_and_ftruncate) > +{ > + const char *const path = file1_s1d1; > + const struct rule rules[] = { > + { > + .path = path, > + .access = variant->permitted, > + }, > + {}, > + }; > + int fd, ruleset_fd; > + > + /* Enable Landlock. */ > + ruleset_fd = create_ruleset(_metadata, variant->handled, rules); > + ASSERT_LE(0, ruleset_fd); > + enforce_ruleset(_metadata, ruleset_fd); > + ASSERT_EQ(0, close(ruleset_fd)); > + > + fd = open(path, O_WRONLY); > + EXPECT_EQ(variant->expected_open_result, (fd < 0 ? errno : 0)); > + if (fd >= 0) { > + EXPECT_EQ(variant->expected_ftruncate_result, > + test_ftruncate(fd)); > + ASSERT_EQ(0, close(fd)); > + } > +} > + > /* clang-format off */ > FIXTURE(layout1_bind) {}; > /* clang-format on */
diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c index 718543fd3dfc..308f6f36e8c0 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -3445,6 +3445,102 @@ TEST_F_FORK(layout1, ftruncate) ASSERT_EQ(0, close(fd_layer3)); } +/* clang-format off */ +FIXTURE(ftruncate) {}; +/* clang-format on */ + +FIXTURE_SETUP(ftruncate) +{ + prepare_layout(_metadata); + create_file(_metadata, file1_s1d1); +} + +FIXTURE_TEARDOWN(ftruncate) +{ + EXPECT_EQ(0, remove_path(file1_s1d1)); + cleanup_layout(_metadata); +} + +FIXTURE_VARIANT(ftruncate) +{ + const __u64 handled; + const __u64 permitted; + const int expected_open_result; + const int expected_ftruncate_result; +}; + +/* clang-format off */ +FIXTURE_VARIANT_ADD(ftruncate, w_w) { + /* clang-format on */ + .handled = LANDLOCK_ACCESS_FS_WRITE_FILE, + .permitted = LANDLOCK_ACCESS_FS_WRITE_FILE, + .expected_open_result = 0, + .expected_ftruncate_result = 0, +}; + +/* clang-format off */ +FIXTURE_VARIANT_ADD(ftruncate, t_t) { + /* clang-format on */ + .handled = LANDLOCK_ACCESS_FS_TRUNCATE, + .permitted = LANDLOCK_ACCESS_FS_TRUNCATE, + .expected_open_result = 0, + .expected_ftruncate_result = 0, +}; + +/* clang-format off */ +FIXTURE_VARIANT_ADD(ftruncate, wt_w) { + /* clang-format on */ + .handled = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_TRUNCATE, + .permitted = LANDLOCK_ACCESS_FS_WRITE_FILE, + .expected_open_result = 0, + .expected_ftruncate_result = EACCES, +}; + +/* clang-format off */ +FIXTURE_VARIANT_ADD(ftruncate, wt_wt) { + /* clang-format on */ + .handled = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_TRUNCATE, + .permitted = LANDLOCK_ACCESS_FS_WRITE_FILE | + LANDLOCK_ACCESS_FS_TRUNCATE, + .expected_open_result = 0, + .expected_ftruncate_result = 0, +}; + +/* clang-format off */ +FIXTURE_VARIANT_ADD(ftruncate, wt_t) { + /* clang-format on */ + .handled = LANDLOCK_ACCESS_FS_WRITE_FILE | LANDLOCK_ACCESS_FS_TRUNCATE, + .permitted = LANDLOCK_ACCESS_FS_TRUNCATE, + .expected_open_result = EACCES, +}; + +TEST_F_FORK(ftruncate, open_and_ftruncate) +{ + const char *const path = file1_s1d1; + const struct rule rules[] = { + { + .path = path, + .access = variant->permitted, + }, + {}, + }; + int fd, ruleset_fd; + + /* Enable Landlock. */ + ruleset_fd = create_ruleset(_metadata, variant->handled, rules); + ASSERT_LE(0, ruleset_fd); + enforce_ruleset(_metadata, ruleset_fd); + ASSERT_EQ(0, close(ruleset_fd)); + + fd = open(path, O_WRONLY); + EXPECT_EQ(variant->expected_open_result, (fd < 0 ? errno : 0)); + if (fd >= 0) { + EXPECT_EQ(variant->expected_ftruncate_result, + test_ftruncate(fd)); + ASSERT_EQ(0, close(fd)); + } +} + /* clang-format off */ FIXTURE(layout1_bind) {}; /* clang-format on */
This test uses multiple fixture variants to exercise a broader set of scnenarios. Signed-off-by: Günther Noack <gnoack3000@gmail.com> --- tools/testing/selftests/landlock/fs_test.c | 96 ++++++++++++++++++++++ 1 file changed, 96 insertions(+)