selftests/landlock: Test ioctl(2) and ftruncate(2) with open(O_PATH) (7954a1d1) · Commits · git / linux-net

tools/testing/selftests/landlock/fs_test.c

+40 −0

Original line number	Diff line number	Diff line
		@@ -3902,6 +3902,46 @@ static int test_fionread_ioctl(int fd)
		return 0;
		}

		TEST_F_FORK(layout1, o_path_ftruncate_and_ioctl)
		{
		const struct landlock_ruleset_attr attr = {
		.handled_access_fs = ACCESS_ALL,
		};
		int ruleset_fd, fd;

		/*
		* Checks that for files opened with O_PATH, both ioctl(2) and
		* ftruncate(2) yield EBADF, as it is documented in open(2) for the
		* O_PATH flag.
		*/
		fd = open(dir_s1d1, O_PATH \| O_CLOEXEC);
		ASSERT_LE(0, fd);

		EXPECT_EQ(EBADF, test_ftruncate(fd));
		EXPECT_EQ(EBADF, test_fs_ioc_getflags_ioctl(fd));

		ASSERT_EQ(0, close(fd));

		/* Enables Landlock. */
		ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
		ASSERT_LE(0, ruleset_fd);
		enforce_ruleset(_metadata, ruleset_fd);
		ASSERT_EQ(0, close(ruleset_fd));

		/*
		* Checks that after enabling Landlock,
		* - the file can still be opened with O_PATH
		* - both ioctl and truncate still yield EBADF (not EACCES).
		*/
		fd = open(dir_s1d1, O_PATH \| O_CLOEXEC);
		ASSERT_LE(0, fd);

		EXPECT_EQ(EBADF, test_ftruncate(fd));
		EXPECT_EQ(EBADF, test_fs_ioc_getflags_ioctl(fd));

		ASSERT_EQ(0, close(fd));
		}

		/* clang-format off */
		FIXTURE(ioctl) {};