Message ID | 20240320063218.449072-2-pvorel@suse.cz |
---|---|
State | Superseded |
Headers | show |
Series | [1/2] lib: Add tst_selinux_enforcing() | expand |
On Wed, Mar 20, 2024 at 8:32 AM Petr Vorel <pvorel@suse.cz> wrote: > > From: Mete Durlu <meted@linux.ibm.com> > > When SElinux is in enforcing state and SEpolicies disallow anonymous > pipe usage with fanotify_mark(), related fanotify14 testcases fail with > EACCES instead of EINVAL. Accept both errnos when SElinux is in > enforcing state to correctly evaluate test results. > > Replace TST_EXP_FD_OR_FAIL with TST_EXP_FAIL when testing > fanotify_mark() as it returns -1 on failure and 0 on success not a file > descriptor. > > Co-developed-by: Petr Vorel <pvorel@suse.cz> > Signed-off-by: Mete Durlu <meted@linux.ibm.com> > Signed-off-by: Petr Vorel <pvorel@suse.cz> Reviewed-by: Amir Goldstein <amir73il@gmail.com> > --- > Hi, > > this is a replacement of Mete's v2 fanotify14: fix anonymous pipe testcases: > https://lore.kernel.org/ltp/20240312120829.178305-2-meted@linux.ibm.com/ > > Kind regards, > Petr > > .../kernel/syscalls/fanotify/fanotify14.c | 19 ++++++++++++++++--- > 1 file changed, 16 insertions(+), 3 deletions(-) > > diff --git a/testcases/kernel/syscalls/fanotify/fanotify14.c b/testcases/kernel/syscalls/fanotify/fanotify14.c > index d02d81495..b554af22a 100644 > --- a/testcases/kernel/syscalls/fanotify/fanotify14.c > +++ b/testcases/kernel/syscalls/fanotify/fanotify14.c > @@ -30,6 +30,7 @@ > > #ifdef HAVE_SYS_FANOTIFY_H > #include "fanotify.h" > +#include "tst_selinux.h" > > #define MNTPOINT "mntpoint" > #define FILE1 MNTPOINT"/file1" > @@ -47,6 +48,7 @@ static int pipes[2] = {-1, -1}; > static int fanotify_fd; > static int ignore_mark_unsupported; > static int filesystem_mark_unsupported; > +static int se_enforcing; > static unsigned int supported_init_flags; > > struct test_case_flags_t { > @@ -283,9 +285,18 @@ static void do_test(unsigned int number) > > tst_res(TINFO, "Testing %s with %s", > tc->mark.desc, tc->mask.desc); > - TST_EXP_FD_OR_FAIL(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, > - tc->mask.flags, dirfd, path), > - tc->expected_errno); > + > + if (tc->pfd && se_enforcing) { > + const int exp_errs[] = {tc->expected_errno, EACCES}; > + > + TST_EXP_FAIL_ARR(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, > + tc->mask.flags, dirfd, path), > + exp_errs); > + } else { > + TST_EXP_FAIL(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, > + tc->mask.flags, dirfd, path), > + tc->expected_errno); > + } > > /* > * ENOTDIR are errors for events/flags not allowed on a non-dir inode. > @@ -334,6 +345,8 @@ static void do_setup(void) > SAFE_FILE_PRINTF(FILE1, "0"); > /* Create anonymous pipes to place marks on */ > SAFE_PIPE2(pipes, O_CLOEXEC); > + > + se_enforcing = tst_selinux_enforcing(); > } > > static void do_cleanup(void) > -- > 2.43.0 >
On 3/20/24 07:32, Petr Vorel wrote: > From: Mete Durlu <meted@linux.ibm.com> > > When SElinux is in enforcing state and SEpolicies disallow anonymous > pipe usage with fanotify_mark(), related fanotify14 testcases fail with > EACCES instead of EINVAL. Accept both errnos when SElinux is in > enforcing state to correctly evaluate test results. > > Replace TST_EXP_FD_OR_FAIL with TST_EXP_FAIL when testing > fanotify_mark() as it returns -1 on failure and 0 on success not a file > descriptor. > > Co-developed-by: Petr Vorel <pvorel@suse.cz> > Signed-off-by: Mete Durlu <meted@linux.ibm.com> > Signed-off-by: Petr Vorel <pvorel@suse.cz> Looks good to me! Thanks for handling this. > --- > Hi, > > this is a replacement of Mete's v2 fanotify14: fix anonymous pipe testcases: > https://lore.kernel.org/ltp/20240312120829.178305-2-meted@linux.ibm.com/ > > Kind regards, > Petr > > .../kernel/syscalls/fanotify/fanotify14.c | 19 ++++++++++++++++--- > 1 file changed, 16 insertions(+), 3 deletions(-) > > diff --git a/testcases/kernel/syscalls/fanotify/fanotify14.c b/testcases/kernel/syscalls/fanotify/fanotify14.c > index d02d81495..b554af22a 100644 > --- a/testcases/kernel/syscalls/fanotify/fanotify14.c > +++ b/testcases/kernel/syscalls/fanotify/fanotify14.c > @@ -30,6 +30,7 @@ > > #ifdef HAVE_SYS_FANOTIFY_H > #include "fanotify.h" > +#include "tst_selinux.h" > > #define MNTPOINT "mntpoint" > #define FILE1 MNTPOINT"/file1" > @@ -47,6 +48,7 @@ static int pipes[2] = {-1, -1}; > static int fanotify_fd; > static int ignore_mark_unsupported; > static int filesystem_mark_unsupported; > +static int se_enforcing; > static unsigned int supported_init_flags; > > struct test_case_flags_t { > @@ -283,9 +285,18 @@ static void do_test(unsigned int number) > > tst_res(TINFO, "Testing %s with %s", > tc->mark.desc, tc->mask.desc); > - TST_EXP_FD_OR_FAIL(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, > - tc->mask.flags, dirfd, path), > - tc->expected_errno); > + > + if (tc->pfd && se_enforcing) { > + const int exp_errs[] = {tc->expected_errno, EACCES}; > + > + TST_EXP_FAIL_ARR(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, > + tc->mask.flags, dirfd, path), > + exp_errs); > + } else { > + TST_EXP_FAIL(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, > + tc->mask.flags, dirfd, path), > + tc->expected_errno); > + } > > /* > * ENOTDIR are errors for events/flags not allowed on a non-dir inode. > @@ -334,6 +345,8 @@ static void do_setup(void) > SAFE_FILE_PRINTF(FILE1, "0"); > /* Create anonymous pipes to place marks on */ > SAFE_PIPE2(pipes, O_CLOEXEC); > + > + se_enforcing = tst_selinux_enforcing(); > } > > static void do_cleanup(void)
On Wed 20-03-24 07:32:17, Petr Vorel wrote: > From: Mete Durlu <meted@linux.ibm.com> > > When SElinux is in enforcing state and SEpolicies disallow anonymous > pipe usage with fanotify_mark(), related fanotify14 testcases fail with > EACCES instead of EINVAL. Accept both errnos when SElinux is in > enforcing state to correctly evaluate test results. > > Replace TST_EXP_FD_OR_FAIL with TST_EXP_FAIL when testing > fanotify_mark() as it returns -1 on failure and 0 on success not a file > descriptor. > > Co-developed-by: Petr Vorel <pvorel@suse.cz> > Signed-off-by: Mete Durlu <meted@linux.ibm.com> > Signed-off-by: Petr Vorel <pvorel@suse.cz> Looks good. Feel free to add: Reviewed-by: Jan Kara <jack@suse.cz> Honza > --- > Hi, > > this is a replacement of Mete's v2 fanotify14: fix anonymous pipe testcases: > https://lore.kernel.org/ltp/20240312120829.178305-2-meted@linux.ibm.com/ > > Kind regards, > Petr > > .../kernel/syscalls/fanotify/fanotify14.c | 19 ++++++++++++++++--- > 1 file changed, 16 insertions(+), 3 deletions(-) > > diff --git a/testcases/kernel/syscalls/fanotify/fanotify14.c b/testcases/kernel/syscalls/fanotify/fanotify14.c > index d02d81495..b554af22a 100644 > --- a/testcases/kernel/syscalls/fanotify/fanotify14.c > +++ b/testcases/kernel/syscalls/fanotify/fanotify14.c > @@ -30,6 +30,7 @@ > > #ifdef HAVE_SYS_FANOTIFY_H > #include "fanotify.h" > +#include "tst_selinux.h" > > #define MNTPOINT "mntpoint" > #define FILE1 MNTPOINT"/file1" > @@ -47,6 +48,7 @@ static int pipes[2] = {-1, -1}; > static int fanotify_fd; > static int ignore_mark_unsupported; > static int filesystem_mark_unsupported; > +static int se_enforcing; > static unsigned int supported_init_flags; > > struct test_case_flags_t { > @@ -283,9 +285,18 @@ static void do_test(unsigned int number) > > tst_res(TINFO, "Testing %s with %s", > tc->mark.desc, tc->mask.desc); > - TST_EXP_FD_OR_FAIL(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, > - tc->mask.flags, dirfd, path), > - tc->expected_errno); > + > + if (tc->pfd && se_enforcing) { > + const int exp_errs[] = {tc->expected_errno, EACCES}; > + > + TST_EXP_FAIL_ARR(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, > + tc->mask.flags, dirfd, path), > + exp_errs); > + } else { > + TST_EXP_FAIL(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, > + tc->mask.flags, dirfd, path), > + tc->expected_errno); > + } > > /* > * ENOTDIR are errors for events/flags not allowed on a non-dir inode. > @@ -334,6 +345,8 @@ static void do_setup(void) > SAFE_FILE_PRINTF(FILE1, "0"); > /* Create anonymous pipes to place marks on */ > SAFE_PIPE2(pipes, O_CLOEXEC); > + > + se_enforcing = tst_selinux_enforcing(); > } > > static void do_cleanup(void) > -- > 2.43.0 >
diff --git a/testcases/kernel/syscalls/fanotify/fanotify14.c b/testcases/kernel/syscalls/fanotify/fanotify14.c index d02d81495..b554af22a 100644 --- a/testcases/kernel/syscalls/fanotify/fanotify14.c +++ b/testcases/kernel/syscalls/fanotify/fanotify14.c @@ -30,6 +30,7 @@ #ifdef HAVE_SYS_FANOTIFY_H #include "fanotify.h" +#include "tst_selinux.h" #define MNTPOINT "mntpoint" #define FILE1 MNTPOINT"/file1" @@ -47,6 +48,7 @@ static int pipes[2] = {-1, -1}; static int fanotify_fd; static int ignore_mark_unsupported; static int filesystem_mark_unsupported; +static int se_enforcing; static unsigned int supported_init_flags; struct test_case_flags_t { @@ -283,9 +285,18 @@ static void do_test(unsigned int number) tst_res(TINFO, "Testing %s with %s", tc->mark.desc, tc->mask.desc); - TST_EXP_FD_OR_FAIL(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, - tc->mask.flags, dirfd, path), - tc->expected_errno); + + if (tc->pfd && se_enforcing) { + const int exp_errs[] = {tc->expected_errno, EACCES}; + + TST_EXP_FAIL_ARR(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, + tc->mask.flags, dirfd, path), + exp_errs); + } else { + TST_EXP_FAIL(fanotify_mark(fanotify_fd, FAN_MARK_ADD | tc->mark.flags, + tc->mask.flags, dirfd, path), + tc->expected_errno); + } /* * ENOTDIR are errors for events/flags not allowed on a non-dir inode. @@ -334,6 +345,8 @@ static void do_setup(void) SAFE_FILE_PRINTF(FILE1, "0"); /* Create anonymous pipes to place marks on */ SAFE_PIPE2(pipes, O_CLOEXEC); + + se_enforcing = tst_selinux_enforcing(); } static void do_cleanup(void)