Message ID | 20200720194920.22784-2-ernunes@redhat.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [1/3] lib: add function to check for kernel lockdown | expand |
Hi! > ioperm is restricted under kernel lockdown. > > Signed-off-by: Erico Nunes <ernunes@redhat.com> > --- > testcases/kernel/syscalls/ioperm/ioperm01.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/testcases/kernel/syscalls/ioperm/ioperm01.c b/testcases/kernel/syscalls/ioperm/ioperm01.c > index 4c5c0e6ea..d1d633b20 100644 > --- a/testcases/kernel/syscalls/ioperm/ioperm01.c > +++ b/testcases/kernel/syscalls/ioperm/ioperm01.c > @@ -42,6 +42,9 @@ static void verify_ioperm(void) > > static void setup(void) > { > + /* ioperm is restricted under kernel lockdown. */ > + tst_lockdown_skip(); > + > /* > * The value of IO_BITMAP_BITS (include/asm-i386/processor.h) changed > * from kernel 2.6.8 to permit 16-bits ioperm This looks good, however shouldn't we as well add a third ioperm test that checks that the call fails for root when lockdown is enabled?
On 7/21/20 5:26 PM, Cyril Hrubis wrote: > Hi! >> ioperm is restricted under kernel lockdown. >> >> Signed-off-by: Erico Nunes <ernunes@redhat.com> >> --- >> testcases/kernel/syscalls/ioperm/ioperm01.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/testcases/kernel/syscalls/ioperm/ioperm01.c b/testcases/kernel/syscalls/ioperm/ioperm01.c >> index 4c5c0e6ea..d1d633b20 100644 >> --- a/testcases/kernel/syscalls/ioperm/ioperm01.c >> +++ b/testcases/kernel/syscalls/ioperm/ioperm01.c >> @@ -42,6 +42,9 @@ static void verify_ioperm(void) >> >> static void setup(void) >> { >> + /* ioperm is restricted under kernel lockdown. */ >> + tst_lockdown_skip(); >> + >> /* >> * The value of IO_BITMAP_BITS (include/asm-i386/processor.h) changed >> * from kernel 2.6.8 to permit 16-bits ioperm > > This looks good, however shouldn't we as well add a third ioperm test > that checks that the call fails for root when lockdown is enabled? > Good point. I think it is a good idea, but can be done in a separate patchset. There are many other things that can be covered together with that by new tests considering the recent lockdown feature (enum lockdown_reason seems to provide a good list and starting point). Erico
diff --git a/testcases/kernel/syscalls/ioperm/ioperm01.c b/testcases/kernel/syscalls/ioperm/ioperm01.c index 4c5c0e6ea..d1d633b20 100644 --- a/testcases/kernel/syscalls/ioperm/ioperm01.c +++ b/testcases/kernel/syscalls/ioperm/ioperm01.c @@ -42,6 +42,9 @@ static void verify_ioperm(void) static void setup(void) { + /* ioperm is restricted under kernel lockdown. */ + tst_lockdown_skip(); + /* * The value of IO_BITMAP_BITS (include/asm-i386/processor.h) changed * from kernel 2.6.8 to permit 16-bits ioperm
ioperm is restricted under kernel lockdown. Signed-off-by: Erico Nunes <ernunes@redhat.com> --- testcases/kernel/syscalls/ioperm/ioperm01.c | 3 +++ 1 file changed, 3 insertions(+)