Re: [PATCH net-next v3 5/5] selftest: Add tests for useful handling of LSM denials on SCM_RIGHTS
From: Christian Brauner <brauner@kernel.org>
Date: 2026-07-01 07:39:03
Also in:
linux-fsdevel, lkml
From: Christian Brauner <brauner@kernel.org>
Date: 2026-07-01 07:39:03
Also in:
linux-fsdevel, lkml
On 2026-06-30 16:35 +0200, Jori Koolstra wrote:
quoted
Op 30-06-2026 16:17 CEST schreef Jakub Kicinski [off-list ref]: On Mon, 29 Jun 2026 21:43:27 +0200 Jori Koolstra wrote:quoted
The test uses the following Smack labels: "Sender" - label for the sending process "Receiver" - label for the receiving process "SecretX" - labels for the files being passedNot sure this test belongs in net/ 99.9% of people running this test do not use Smack. At the very least you need to use XFAIL instead of SKIP we use skip for problems with the env which are fixable, like a command missing.Ah, right, because you can only use one of these LSMs at a time? I mean one of AppArmour, SELinux, Smack, TOMOYO. I just need some LSM to trigger the reject of security_file_receive() and Smack was the easiest to get going. The series is totally agnostic to the used LSM. I am fine with moving the tests elsewhere or porting them to SELinux if that is really necessary. We could also drop them altogether. What do you propose?
I'm pretty sure the easiest will be to use a tiny bpf program to reject security_file_receive().