Re: [PATCH 2/3] selftests/landlock: Print a warning about directory permissions
From: Tingmao Wang <hidden>
Date: 2025-05-25 14:23:53
On 5/24/25 18:56, Tingmao Wang wrote:
quoted hunk ↗ jump to hunk
Because we drop capabilities (most importantly, CAP_DAC_OVERRIDE), if a user runs the selftests under a Linux source checked out by a non-root user, the test will fail even when ran under sudo, and will print a "Permission denied" error. This creates a confusing situation if they does not realize that the test drops capabilities, and can mislead users to think there's something wrong with the test or landlock. This patch produces output that looks like: # # RUN layout0.ruleset_with_unknown_access ... # # fs_test.c:240:ruleset_with_unknown_access:Expected 0 (0) == mkdir(path, 0700) (-1) # # fs_test.c:244:ruleset_with_unknown_access:Failed to create directory "tmp": Permission denied # # fs_test.c:230:ruleset_with_unknown_access:Hint: fs_tests requires permissions for uid 0 on test directory /home/mao/landlock-selftests/tools/testing/selftests/landlock and files under it (even when running as root). # # fs_test.c:232:ruleset_with_unknown_access: Try chmod a+rwX -R /home/mao/landlock-selftests/tools/testing/selftests/landlock # # ruleset_with_unknown_access: Test terminated by assertion # # FAIL layout0.ruleset_with_unknown_access Signed-off-by: Tingmao Wang <redacted> --- tools/testing/selftests/landlock/fs_test.c | 35 +++++++++++++++++++--- 1 file changed, 31 insertions(+), 4 deletions(-)diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c index e65e6cc80e22..21ed8afcc060 100644 --- a/tools/testing/selftests/landlock/fs_test.c +++ b/tools/testing/selftests/landlock/fs_test.c@@ -216,14 +216,37 @@ static void mkdir_parents(struct __test_metadata *const _metadata, free(walker); } +static void +maybe_warn_about_permission_on_cwd(struct __test_metadata *const _metadata, + int err) +{ + char abspath_buf[255]; + + if (err == EACCES) { + const char *realp = realpath(".", abspath_buf); + if (realp == NULL) { + realp = "."; + } + TH_LOG("Hint: fs_tests requires permissions for uid %u on test directory %s and files under it (even when running as root).", + getuid(), realp); + TH_LOG(" Try chmod a+rwX -R %s", realp);
Actually, just having rwx on the test directory itself is not enough. For audit tests, in order to set the executable itself as AUDIT_EXE, we pass in an absolute path (which is required), which then means that we need path walk permission from root to the executable (otherwise audit_alloc_mark -> kern_path_locked fails), so in fact if the user has a setup where the home directory, containing the Linux source code, is not world-readable (or owned by root), fs_test::audit_layout1 etc will fail too... I wonder if we should in fact drop capabilities only after fixture setup? Alternatively we should have an appropriate message explaining that the test dir needs to be walkable and writable by root without CAP_DAC_OVERRIDE.