www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Mickaël Salaün <mic@digikod.net>
	Thu, 20 Mar 2025 19:07:11 +0000 (20:07 +0100)
committer	Mickaël Salaün <mic@digikod.net>
	Wed, 26 Mar 2025 12:59:45 +0000 (13:59 +0100)
commit	6a500b22971c42da4037ff95481dd6c5535b01bd
tree	866dba8c2a83082104f205e8eb8dbb2b31875d3e	tree
parent	e178b404ea0c909c51d22bddb2cfbb2124028c84	commit \| diff

selftests/landlock: Add tests for audit flags and domain IDs

Add audit_test.c to check with and without LANDLOCK_RESTRICT_SELF_*
flags against the two Landlock audit record types:
AUDIT_LANDLOCK_ACCESS and AUDIT_LANDLOCK_DOMAIN.

Check consistency of domain IDs per layer in AUDIT_LANDLOCK_ACCESS and
AUDIT_LANDLOCK_DOMAIN messages: denied access, domain allocation, and
domain deallocation.

These tests use signal scoping to make it simple.  They are not in the
scoped_signal_test.c file but in the new dedicated audit_test.c file.

Tests are run with audit filters to ensure the audit records come from
the test program.  Moreover, because there can only be one audit
process, tests would failed if run in parallel.  Because of audit
limitations, tests can only be run in the initial namespace.

The audit test helpers were inspired by libaudit and
tools/testing/selftests/net/netfilter/audit_logread.c

Cc: Günther Noack <gnoack@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Phil Sutter <phil@nwl.cc>
Link: https://lore.kernel.org/r/20250320190717.2287696-23-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>

tools/testing/selftests/landlock/audit.h	[new file with mode: 0644]	blob
tools/testing/selftests/landlock/audit_test.c	[new file with mode: 0644]	blob
tools/testing/selftests/landlock/common.h		diff \| blob \| history
tools/testing/selftests/landlock/config		diff \| blob \| history