Commit 56ffd377 authored by Günther Noack's avatar Günther Noack Committed by Mickaël Salaün

selftests/landlock: Test IOCTLs on named pipes

Named pipes should behave like pipes created with pipe(2),
so we don't want to restrict IOCTLs on them.
Suggested-by: default avatarMickaël Salaün <mic@digikod.net>
Signed-off-by: default avatarGünther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20240419161122.2023765-6-gnoack@google.comSigned-off-by: default avatarMickaël Salaün <mic@digikod.net>
parent 7954a1d1
...@@ -3942,6 +3942,49 @@ TEST_F_FORK(layout1, o_path_ftruncate_and_ioctl) ...@@ -3942,6 +3942,49 @@ TEST_F_FORK(layout1, o_path_ftruncate_and_ioctl)
ASSERT_EQ(0, close(fd)); ASSERT_EQ(0, close(fd));
} }
/*
* Named pipes are not governed by the LANDLOCK_ACCESS_FS_IOCTL_DEV right,
* because they are not character or block devices.
*/
TEST_F_FORK(layout1, named_pipe_ioctl)
{
pid_t child_pid;
int fd, ruleset_fd;
const char *const path = file1_s1d1;
const struct landlock_ruleset_attr attr = {
.handled_access_fs = LANDLOCK_ACCESS_FS_IOCTL_DEV,
};
ASSERT_EQ(0, unlink(path));
ASSERT_EQ(0, mkfifo(path, 0600));
/* Enables Landlock. */
ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
ASSERT_LE(0, ruleset_fd);
enforce_ruleset(_metadata, ruleset_fd);
ASSERT_EQ(0, close(ruleset_fd));
/* The child process opens the pipe for writing. */
child_pid = fork();
ASSERT_NE(-1, child_pid);
if (child_pid == 0) {
fd = open(path, O_WRONLY);
close(fd);
exit(0);
}
fd = open(path, O_RDONLY);
ASSERT_LE(0, fd);
/* FIONREAD is implemented by pipefifo_fops. */
EXPECT_EQ(0, test_fionread_ioctl(fd));
ASSERT_EQ(0, close(fd));
ASSERT_EQ(0, unlink(path));
ASSERT_EQ(child_pid, waitpid(child_pid, NULL, 0));
}
/* clang-format off */ /* clang-format off */
FIXTURE(ioctl) {}; FIXTURE(ioctl) {};
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment