diff mbox series

[2/3] ioperm01: skip test if kernel is locked down

Message ID 20200720194920.22784-2-ernunes@redhat.com
State Changes Requested
Headers show
Series [1/3] lib: add function to check for kernel lockdown | expand

Commit Message

Erico Nunes July 20, 2020, 7:49 p.m. UTC 
ioperm is restricted under kernel lockdown.

Signed-off-by: Erico Nunes <ernunes@redhat.com>
---
 testcases/kernel/syscalls/ioperm/ioperm01.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Cyril Hrubis July 21, 2020, 3:26 p.m. UTC | #1 
Hi!
> ioperm is restricted under kernel lockdown.
> 
> Signed-off-by: Erico Nunes <ernunes@redhat.com>
> ---
>  testcases/kernel/syscalls/ioperm/ioperm01.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/testcases/kernel/syscalls/ioperm/ioperm01.c b/testcases/kernel/syscalls/ioperm/ioperm01.c
> index 4c5c0e6ea..d1d633b20 100644
> --- a/testcases/kernel/syscalls/ioperm/ioperm01.c
> +++ b/testcases/kernel/syscalls/ioperm/ioperm01.c
> @@ -42,6 +42,9 @@ static void verify_ioperm(void)
>  
>  static void setup(void)
>  {
> +	/* ioperm is restricted under kernel lockdown. */
> +	tst_lockdown_skip();
> +
>  	/*
>  	 * The value of IO_BITMAP_BITS (include/asm-i386/processor.h) changed
>  	 * from kernel 2.6.8 to permit 16-bits ioperm

This looks good, however shouldn't we as well add a third ioperm test
that checks that the call fails for root when lockdown is enabled?
Erico Nunes July 22, 2020, 3:52 p.m. UTC | #2 
On 7/21/20 5:26 PM, Cyril Hrubis wrote:
> Hi!
>> ioperm is restricted under kernel lockdown.
>>
>> Signed-off-by: Erico Nunes <ernunes@redhat.com>
>> ---
>>  testcases/kernel/syscalls/ioperm/ioperm01.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/testcases/kernel/syscalls/ioperm/ioperm01.c b/testcases/kernel/syscalls/ioperm/ioperm01.c
>> index 4c5c0e6ea..d1d633b20 100644
>> --- a/testcases/kernel/syscalls/ioperm/ioperm01.c
>> +++ b/testcases/kernel/syscalls/ioperm/ioperm01.c
>> @@ -42,6 +42,9 @@ static void verify_ioperm(void)
>>  
>>  static void setup(void)
>>  {
>> +	/* ioperm is restricted under kernel lockdown. */
>> +	tst_lockdown_skip();
>> +
>>  	/*
>>  	 * The value of IO_BITMAP_BITS (include/asm-i386/processor.h) changed
>>  	 * from kernel 2.6.8 to permit 16-bits ioperm
> 
> This looks good, however shouldn't we as well add a third ioperm test
> that checks that the call fails for root when lockdown is enabled?
> 

Good point. I think it is a good idea, but can be done in a separate
patchset.
There are many other things that can be covered together with that by
new tests considering the recent lockdown feature (enum lockdown_reason
seems to provide a good list and starting point).

Erico
diff mbox series

Patch

diff --git a/testcases/kernel/syscalls/ioperm/ioperm01.c b/testcases/kernel/syscalls/ioperm/ioperm01.c
index 4c5c0e6ea..d1d633b20 100644
--- a/testcases/kernel/syscalls/ioperm/ioperm01.c
+++ b/testcases/kernel/syscalls/ioperm/ioperm01.c
@@ -42,6 +42,9 @@  static void verify_ioperm(void)
 
 static void setup(void)
 {
+	/* ioperm is restricted under kernel lockdown. */
+	tst_lockdown_skip();
+
 	/*
 	 * The value of IO_BITMAP_BITS (include/asm-i386/processor.h) changed
 	 * from kernel 2.6.8 to permit 16-bits ioperm