Thread (16 messages) 16 messages, 4 authors, 2d ago

Re: [PATCH net-next v3 5/5] selftest: Add tests for useful handling of LSM denials on SCM_RIGHTS

From: Christian Brauner <brauner@kernel.org>
Date: 2026-07-01 07:39:03
Also in: linux-fsdevel, lkml

On 2026-06-30 16:35 +0200, Jori Koolstra wrote:
quoted
Op 30-06-2026 16:17 CEST schreef Jakub Kicinski [off-list ref]:

 
On Mon, 29 Jun 2026 21:43:27 +0200 Jori Koolstra wrote:
quoted
The test uses the following Smack labels:

   "Sender"   - label for the sending process
   "Receiver" - label for the receiving process
   "SecretX"   - labels for the files being passed
Not sure this test belongs in net/
99.9% of people running this test do not use Smack.
At the very least you need to use XFAIL instead of SKIP
we use skip for problems with the env which are fixable,
like a command missing.
Ah, right, because you can only use one of these LSMs at a time?
I mean one of AppArmour, SELinux, Smack, TOMOYO.

I just need some LSM to trigger the reject of security_file_receive()
and Smack was the easiest to get going. The series is totally agnostic
to the used LSM. I am fine with moving the tests elsewhere or porting
them to SELinux if that is really necessary. We could also drop them
altogether.

What do you propose?
I'm pretty sure the easiest will be to use a tiny bpf program to reject
security_file_receive().
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help