Re: [RFC PATCH v1 7/9] selftests/landlock: Test listen on ULP socket without clone method
From: Mickaël Salaün <mic@digikod.net>
Date: 2024-08-01 15:09:00
Also in:
linux-security-module, netfilter-devel
On Sun, Jul 28, 2024 at 08:26:00AM +0800, Mikhail Ivanov wrote:
quoted hunk ↗ jump to hunk
Test checks that listen(2) doesn't wrongfully return -EACCES instead of -EINVAL when trying to listen on a socket which is set to ULP that doesn't have clone method in inet_csk(sk)->icsk_ulp_ops (espintcp). Signed-off-by: Mikhail Ivanov <redacted> --- tools/testing/selftests/landlock/config | 1 + tools/testing/selftests/landlock/net_test.c | 38 +++++++++++++++++++++ 2 files changed, 39 insertions(+)diff --git a/tools/testing/selftests/landlock/config b/tools/testing/selftests/landlock/config index 0086efaa7b68..014401fe6114 100644 --- a/tools/testing/selftests/landlock/config +++ b/tools/testing/selftests/landlock/config@@ -12,3 +12,4 @@ CONFIG_SHMEM=y CONFIG_SYSFS=y CONFIG_TMPFS=y CONFIG_TMPFS_XATTR=y +CONFIG_INET_ESPINTCP=y\ No newline at end of file
There are missing dependencies, and also please sort entries. I think it should be: CONFIG_CGROUPS=y CONFIG_CGROUP_SCHED=y CONFIG_INET=y +CONFIG_INET_ESPINTCP=y +CONFIG_INET_ESP=y CONFIG_IPV6=y +CONFIG_IPV6_ESP=y +CONFIG_INET6_ESPINTCP=y CONFIG_NET=y CONFIG_NET_NS=y CONFIG_OVERLAY_FS=y This works with check-linux.sh from https://github.com/landlock-lsm/landlock-test-tools IPv6 is currently not tested, which should be the case (with the "protocol" variants).