summaryrefslogtreecommitdiffstats
path: root/tools/testing/selftests/landlock
diff options
context:
space:
mode:
authorGünther Noack <gnoack3000@gmail.com>2022-10-18 20:22:14 +0200
committerMickaël Salaün <mic@digikod.net>2022-10-19 09:01:47 +0200
commit0d8c658be264eb2106349c50377ef8a81edc0106 (patch)
treeb4551346be295e0cc68d5c31cdba5a9528b0f216 /tools/testing/selftests/landlock
parentselftests/landlock: Test FD passing from restricted to unrestricted processes (diff)
downloadlinux-0d8c658be264eb2106349c50377ef8a81edc0106.tar.xz
linux-0d8c658be264eb2106349c50377ef8a81edc0106.zip
selftests/landlock: Test ftruncate on FDs created by memfd_create(2)
All file descriptors that are truncatable need to have the Landlock access rights set correctly on the file's Landlock security blob. This is also the case for files that are opened by other means than open(2). Test coverage for security/landlock is 94.7% of 838 lines according to gcc/gcov-11. Signed-off-by: Günther Noack <gnoack3000@gmail.com> Link: https://lore.kernel.org/r/20221018182216.301684-10-gnoack3000@gmail.com [mic: Add test coverage in commit message] Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'tools/testing/selftests/landlock')
-rw-r--r--tools/testing/selftests/landlock/fs_test.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c
index f8aae01a2409..d5dab986f612 100644
--- a/tools/testing/selftests/landlock/fs_test.c
+++ b/tools/testing/selftests/landlock/fs_test.c
@@ -3603,6 +3603,22 @@ TEST_F_FORK(ftruncate, open_and_ftruncate_in_different_processes)
ASSERT_EQ(0, close(socket_fds[1]));
}
+TEST(memfd_ftruncate)
+{
+ int fd;
+
+ fd = memfd_create("name", MFD_CLOEXEC);
+ ASSERT_LE(0, fd);
+
+ /*
+ * Checks that ftruncate is permitted on file descriptors that are
+ * created in ways other than open(2).
+ */
+ EXPECT_EQ(0, test_ftruncate(fd));
+
+ ASSERT_EQ(0, close(fd));
+}
+
/* clang-format off */
FIXTURE(layout1_bind) {};
/* clang-format on */