[LTP] [PATCH 08/10] Add landlock04 test

Li Wang liwang@redhat.com
Tue Jul 2 14:22:48 CEST 2024 

On Tue, Jul 2, 2024 at 4:00 PM Li Wang <liwang@redhat.com> wrote:

>
>
> On Mon, Jul 1, 2024 at 11:44 PM Andrea Cervesato <andrea.cervesato@suse.de>
> wrote:
>
>> From: Andrea Cervesato <andrea.cervesato@suse.com>
>>
>> This test verifies that all landlock rules are working properly.
>> The way we do it is to verify that all disabled syscalls are not
>> working but the one we enabled via specifc landlock rules.
>>
>> Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
>> ---
>>  runtest/syscalls                                   |   1 +
>>  testcases/kernel/syscalls/landlock/.gitignore      |   2 +
>>  testcases/kernel/syscalls/landlock/Makefile        |   5 +
>>  testcases/kernel/syscalls/landlock/landlock04.c    | 143 +++++++++
>>  testcases/kernel/syscalls/landlock/landlock_exec.c |   9 +
>>  .../kernel/syscalls/landlock/landlock_tester.h     | 350
>> +++++++++++++++++++++
>>  6 files changed, 510 insertions(+)
>>
>> diff --git a/runtest/syscalls b/runtest/syscalls
>> index 1e2d682e3..9acdaf760 100644
>> --- a/runtest/syscalls
>> +++ b/runtest/syscalls
>> @@ -687,6 +687,7 @@ kill13 kill13
>>  landlock01 landlock01
>>  landlock02 landlock02
>>  landlock03 landlock03
>> +landlock04 landlock04
>>
>>  lchown01 lchown01
>>  lchown01_16 lchown01_16
>> diff --git a/testcases/kernel/syscalls/landlock/.gitignore
>> b/testcases/kernel/syscalls/landlock/.gitignore
>> index f79cd090b..4fe8d7cba 100644
>> --- a/testcases/kernel/syscalls/landlock/.gitignore
>> +++ b/testcases/kernel/syscalls/landlock/.gitignore
>> @@ -1,3 +1,5 @@
>> +landlock_exec
>>  landlock01
>>  landlock02
>>  landlock03
>> +landlock04
>> diff --git a/testcases/kernel/syscalls/landlock/Makefile
>> b/testcases/kernel/syscalls/landlock/Makefile
>> index 4b3e3fd8f..bdc6bd2d4 100644
>> --- a/testcases/kernel/syscalls/landlock/Makefile
>> +++ b/testcases/kernel/syscalls/landlock/Makefile
>> @@ -8,3 +8,8 @@ include $(top_srcdir)/include/mk/testcases.mk
>>  LDLIBS += -lc
>>
>>  include $(top_srcdir)/include/mk/generic_leaf_target.mk
>> +
>> +# the reason why landlock_exec test binary is statically linked, is that
>> +# we can't read libc out of the sandboxed folder once
>> LANDLOCK_ACCESS_FS_EXECUTE
>> +# has been activated
>> +landlock_exec: LDLIBS += -static -fPIC
>>
>
And, if we decided to build the program as static, we'd better
adding glibc-static into the dependency list, otherwise it always
failed to link the binary on RHEL distributions.

--- a/ci/fedora.sh
+++ b/ci/fedora.sh
@@ -17,6 +17,7 @@ $yum \
        numactl-devel \
        libtirpc \
        libtirpc-devel \
+       libc-static \
        perl-JSON \
        perl-libwww-perl \
        pkg-config \



-- 
Regards,
Li Wang

More information about the ltp mailing list