[LTP] [PATCH v3] ioctl_pidfd01: check EACCESS error when SELinux is enabled
Andrea Cervesato
andrea.cervesato@suse.de
Wed Jul 30 08:55:52 CEST 2025
From: Andrea Cervesato <andrea.cervesato@suse.com>
When SELinux is enabled with enforcing policy, ioctl_pidfd01 might fail
with EACCESS. This is an error triggered by ioctl() syscall, before we
actually reach the code we are about to test, so we need to consider
this errno just in case enforcing policy is on.
Signed-off-by: Andrea Cervesato <andrea.cervesato@suse.com>
---
Following errors are caused by SELinux, trying to block any access to
the file descriptor before actually accessing to it.
ioctl_pidfd01.c:37: TINFO: io uring -> ...
ioctl_pidfd01.c:28: TFAIL: ioctl(io uring, PIDFD_GET_INFO, info) expected EINVAL, EBADF, ENOTTY: EACCES (13)
---
Changes in v3:
- verify for EACCESS only
- Link to v2: https://lore.kernel.org/r/20250729-ioctl_pidfd01_selinux-v2-1-2d92c0e56b25@suse.com
Changes in v2:
- disable the whole test if enforcing policy is on
- Link to v1: https://lore.kernel.org/r/20250729-ioctl_pidfd01_selinux-v1-1-432e100a5a53@suse.com
---
testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c b/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c
index 92c51c6c0d0dcbb2308c1a8d82b2a92650f3a6b3..a786b25b495b7b465ef8a2c410ae6c11e0e01763 100644
--- a/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c
+++ b/testcases/kernel/syscalls/ioctl/ioctl_pidfd01.c
@@ -10,10 +10,12 @@
#include "ioctl_pidfd.h"
+static int exp_errnos_num;
static int exp_errnos[] = {
EINVAL,
EBADF,
ENOTTY,
+ EACCES,
};
static struct pidfd_info *info;
@@ -26,7 +28,7 @@ static void test_bad_pidfd(struct tst_fd *fd_in)
}
TST_EXP_FAIL_ARR(ioctl(fd_in->fd, PIDFD_GET_INFO, info),
- exp_errnos, ARRAY_SIZE(exp_errnos),
+ exp_errnos, exp_errnos_num,
"ioctl(%s, PIDFD_GET_INFO, info)",
tst_fd_desc(fd_in));
}
@@ -44,6 +46,11 @@ static void setup(void)
if (!ioctl_pidfd_info_exit_supported())
tst_brk(TCONF, "PIDFD_INFO_EXIT is not supported by ioctl()");
+ exp_errnos_num = ARRAY_SIZE(exp_errnos) - 1;
+
+ if (tst_selinux_enforcing())
+ exp_errnos_num++;
+
info->mask = PIDFD_INFO_EXIT;
}
---
base-commit: 91e6272febf95e19a8300695dfc2089569adf9d8
change-id: 20250729-ioctl_pidfd01_selinux-1479ea457850
Best regards,
--
Andrea Cervesato <andrea.cervesato@suse.com>
More information about the ltp
mailing list