From db8201a3fae2ca7a2865dbb9e8955289776783c7 Mon Sep 17 00:00:00 2001 From: Günther Noack Date: Fri, 27 Mar 2026 17:48:32 +0100 Subject: selftests/landlock: Replace access_fs_16 with ACCESS_ALL in fs_test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The access_fs_16 variable was originally intended to stay frozen at 16 access rights so that audit tests would not need updating when new access rights are added. Now that we have 17 access rights, the name is confusing. Replace all uses of access_fs_16 with ACCESS_ALL and delete the variable. Suggested-by: Mickaël Salaün Signed-off-by: Günther Noack Link: https://lore.kernel.org/r/20260327164838.38231-8-gnoack3000@gmail.com Signed-off-by: Mickaël Salaün --- tools/testing/selftests/landlock/fs_test.c | 54 ++++++++++-------------------- 1 file changed, 17 insertions(+), 37 deletions(-) (limited to 'tools') diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c index b318627e7561..9fdd3b8f7b11 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c @@ -7161,26 +7161,6 @@ TEST_F(audit_layout1, execute_make) * only the blocked ones are logged. */ -/* clang-format off */ -static const __u64 access_fs_16 = - LANDLOCK_ACCESS_FS_EXECUTE | - LANDLOCK_ACCESS_FS_WRITE_FILE | - LANDLOCK_ACCESS_FS_READ_FILE | - LANDLOCK_ACCESS_FS_READ_DIR | - LANDLOCK_ACCESS_FS_REMOVE_DIR | - LANDLOCK_ACCESS_FS_REMOVE_FILE | - LANDLOCK_ACCESS_FS_MAKE_CHAR | - LANDLOCK_ACCESS_FS_MAKE_DIR | - LANDLOCK_ACCESS_FS_MAKE_REG | - LANDLOCK_ACCESS_FS_MAKE_SOCK | - LANDLOCK_ACCESS_FS_MAKE_FIFO | - LANDLOCK_ACCESS_FS_MAKE_BLOCK | - LANDLOCK_ACCESS_FS_MAKE_SYM | - LANDLOCK_ACCESS_FS_REFER | - LANDLOCK_ACCESS_FS_TRUNCATE | - LANDLOCK_ACCESS_FS_IOCTL_DEV; -/* clang-format on */ - TEST_F(audit_layout1, execute_read) { struct audit_records records; @@ -7190,7 +7170,7 @@ TEST_F(audit_layout1, execute_read) test_check_exec(_metadata, 0, file1_s1d1); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); /* @@ -7214,7 +7194,7 @@ TEST_F(audit_layout1, write_file) struct audit_records records; drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(EACCES, test_open(file1_s1d1, O_WRONLY)); @@ -7231,7 +7211,7 @@ TEST_F(audit_layout1, read_file) struct audit_records records; drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(EACCES, test_open(file1_s1d1, O_RDONLY)); @@ -7248,7 +7228,7 @@ TEST_F(audit_layout1, read_dir) struct audit_records records; drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(EACCES, test_open(dir_s1d1, O_DIRECTORY)); @@ -7268,7 +7248,7 @@ TEST_F(audit_layout1, remove_dir) EXPECT_EQ(0, unlink(file2_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, rmdir(dir_s1d3)); @@ -7291,7 +7271,7 @@ TEST_F(audit_layout1, remove_file) struct audit_records records; drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, unlink(file1_s1d3)); @@ -7311,7 +7291,7 @@ TEST_F(audit_layout1, make_char) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mknod(file1_s1d3, S_IFCHR | 0644, 0)); @@ -7331,7 +7311,7 @@ TEST_F(audit_layout1, make_dir) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mkdir(file1_s1d3, 0755)); @@ -7351,7 +7331,7 @@ TEST_F(audit_layout1, make_reg) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mknod(file1_s1d3, S_IFREG | 0644, 0)); @@ -7371,7 +7351,7 @@ TEST_F(audit_layout1, make_sock) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mknod(file1_s1d3, S_IFSOCK | 0644, 0)); @@ -7391,7 +7371,7 @@ TEST_F(audit_layout1, make_fifo) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mknod(file1_s1d3, S_IFIFO | 0644, 0)); @@ -7411,7 +7391,7 @@ TEST_F(audit_layout1, make_block) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, mknod(file1_s1d3, S_IFBLK | 0644, 0)); @@ -7431,7 +7411,7 @@ TEST_F(audit_layout1, make_sym) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, symlink("target", file1_s1d3)); @@ -7501,7 +7481,7 @@ TEST_F(audit_layout1, refer_rename) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(EACCES, test_rename(file1_s1d2, file1_s2d3)); @@ -7523,7 +7503,7 @@ TEST_F(audit_layout1, refer_exchange) EXPECT_EQ(0, unlink(file1_s1d3)); drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); /* @@ -7586,7 +7566,7 @@ TEST_F(audit_layout1, truncate) struct audit_records records; drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ - .handled_access_fs = access_fs_16, + .handled_access_fs = ACCESS_ALL, }); EXPECT_EQ(-1, truncate(file1_s1d3, 0)); @@ -7607,7 +7587,7 @@ TEST_F(audit_layout1, ioctl_dev) drop_access_rights(_metadata, &(struct landlock_ruleset_attr){ .handled_access_fs = - access_fs_16 & + ACCESS_ALL & ~LANDLOCK_ACCESS_FS_READ_FILE, }); -- cgit v1.2.3