Add test that validates behaviour of Landlock after ruleset with unknown access is created. Reviewed-by: Günther Noack Signed-off-by: Mikhail Ivanov --- Changes since v3: * Adds fixture `mini`. Socket creation should be tested with capabilities disabled. Changes since v2: * Removes fixture `mini`. Network namespace is not used, so this fixture has become useless. * Changes commit title and message. Changes since v1: * Refactors commit message. --- .../testing/selftests/landlock/socket_test.c | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 tools/testing/selftests/landlock/socket_test.c diff --git a/tools/testing/selftests/landlock/socket_test.c b/tools/testing/selftests/landlock/socket_test.c new file mode 100644 index 000000000000..d5716149d03f --- /dev/null +++ b/tools/testing/selftests/landlock/socket_test.c @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Landlock tests - Socket + * + * Copyright © 2025 Huawei Tech. Co., Ltd. + */ + +#define _GNU_SOURCE + +#include +#include + +#include "common.h" + +#define ACCESS_LAST LANDLOCK_ACCESS_SOCKET_CREATE +#define ACCESS_ALL LANDLOCK_ACCESS_SOCKET_CREATE + +/* clang-format off */ +FIXTURE(mini) {}; +/* clang-format on */ + +FIXTURE_SETUP(mini) +{ + disable_caps(_metadata); +}; + +FIXTURE_TEARDOWN(mini) +{ +} + +TEST_F(mini, ruleset_with_unknown_access) +{ + __u64 access_mask; + + for (access_mask = 1ULL << 63; access_mask != ACCESS_LAST; + access_mask >>= 1) { + const struct landlock_ruleset_attr ruleset_attr = { + .handled_access_socket = access_mask, + }; + + ASSERT_EQ(-1, landlock_create_ruleset(&ruleset_attr, + sizeof(ruleset_attr), 0)); + ASSERT_EQ(EINVAL, errno); + } +} + +TEST_HARNESS_MAIN -- 2.34.1