diff options
| author | Mickaël Salaün <mic@digikod.net> | 2025-03-20 22:07:11 +0300 |
|---|---|---|
| committer | Mickaël Salaün <mic@digikod.net> | 2025-03-26 15:59:45 +0300 |
| commit | 6a500b22971c42da4037ff95481dd6c5535b01bd (patch) | |
| tree | 866dba8c2a83082104f205e8eb8dbb2b31875d3e /lib/debugobjects.c | |
| parent | e178b404ea0c909c51d22bddb2cfbb2124028c84 (diff) | |
| download | linux-6a500b22971c42da4037ff95481dd6c5535b01bd.tar.xz | |
selftests/landlock: Add tests for audit flags and domain IDs
Add audit_test.c to check with and without LANDLOCK_RESTRICT_SELF_*
flags against the two Landlock audit record types:
AUDIT_LANDLOCK_ACCESS and AUDIT_LANDLOCK_DOMAIN.
Check consistency of domain IDs per layer in AUDIT_LANDLOCK_ACCESS and
AUDIT_LANDLOCK_DOMAIN messages: denied access, domain allocation, and
domain deallocation.
These tests use signal scoping to make it simple. They are not in the
scoped_signal_test.c file but in the new dedicated audit_test.c file.
Tests are run with audit filters to ensure the audit records come from
the test program. Moreover, because there can only be one audit
process, tests would failed if run in parallel. Because of audit
limitations, tests can only be run in the initial namespace.
The audit test helpers were inspired by libaudit and
tools/testing/selftests/net/netfilter/audit_logread.c
Cc: Günther Noack <gnoack@google.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Phil Sutter <phil@nwl.cc>
Link: https://lore.kernel.org/r/20250320190717.2287696-23-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Diffstat (limited to 'lib/debugobjects.c')
0 files changed, 0 insertions, 0 deletions